August 2009
Beginner
298 pages
9h 5m
English
Content preview from Hacking: The Next GenerationBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
The Loot
So far, you have learned from studying specific instances of phishing sites. It is time to move the discussion further along to the topic of phishing kits. In the following paragraphs, we will look at tools criminals use to quickly set up phishing sites. We will also provide an intriguing example illustrating the trust between phishers, or lack thereof.
Uncovering the Phishing Kits
It is straightforward to set up a website that looks like a legitimate website. All a phisher has to do is go to the legitimate website and download the HTML and JavaScript code and the image files. Once you have these resources, you can simply upload them onto a web server. However, you may need to tweak the website a bit to suit your style, and you will also need to set up a server-side script (such as update.php) to capture the victim’s submissions.
Wouldn’t it be great if you, the phisher, had ready-made phishing sites to deploy? Life would be so much easier. There would be no need to go around downloading HTML, JavaScript code, and image files, and then having to package them up each time. The most important tool in a phisher’s arsenal, the phishing kit, helps with exactly this.
Phishing kits are usually sold or bartered in the phishing underground. We were able to social-engineer a phisher via email to obtain the kits for free. Figure 7-14 shows some of the phishing kits we were able to capture.
Figure 7-14. Phishing kits
The loot consists of phishing kits for every imaginable institution. From ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.