Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 1831

I need help with html

by CimooTN - 30 October, 2019 - 07:37 PM
This post is by a banned member (CimooTN) - Unhide
This post is by a banned member (balontheman) - Unhide
22
Posts
2
Threads
5 Years of service
#2
What do you mean? They just copy pasted the source html of the steam login site then hooked it up with some simple php and then woobty doopty
This post is by a banned member (CimooTN) - Unhide
This post is by a banned member (balontheman) - Unhide
22
Posts
2
Threads
5 Years of service
#4
(This post was last modified: 30 October, 2019 - 07:48 PM by balontheman.)
(30 October, 2019 - 07:46 PM)CimooTN Wrote: Show More
(30 October, 2019 - 07:44 PM)balontheman Wrote: Show More
What do you mean? They just copy pasted the source html of the steam login site then hooked it up with some simple php and then woobty doopty

dude that sounded easy asf

It does but it's not that easy (it's still pretty easy though) search up "how to create your own phishing site" and then from there u can learn all the basics

(30 October, 2019 - 07:48 PM)balontheman Wrote: Show More
(30 October, 2019 - 07:46 PM)CimooTN Wrote: Show More
(30 October, 2019 - 07:44 PM)balontheman Wrote: Show More
What do you mean? They just copy pasted the source html of the steam login site then hooked it up with some simple php and then woobty doopty

dude that sounded easy asf

It does but it's not that easy (it's still pretty easy though) search up "how to create your own phishing site" and then from there u can learn all the basics

Idk about how they auto took over ur account though
This post is by a banned member (CimooTN) - Unhide
This post is by a banned member (h3k) - Unhide
h3k  
Registered
16
Posts
1
Threads
5 Years of service
#6
(This post was last modified: 31 October, 2019 - 02:55 PM by h3k.)
Essentially it is all about creating a phishing page which looks exactly the same as the one which Steam are using for logging their users. Once the victrim submit his/her creditentials you can create scripts to store them and use them later. You can use Steam API for a faster and easier solution. Once you have those username and password and Api correctly configured everything else is pretty straight forward. Victim subbmiting the details in your form -> storing the inputs in a DB - > your script reading from the DB ( you do not have to bother encrypting the inputs, just save them in plain text ) -> Use the API to change the access email of the user. Voila' that is it.
This post is by a banned member (grisc) - Unhide
grisc  
Registered
4
Posts
0
Threads
5 Years of service
#7
(This post was last modified: 17 November, 2019 - 05:23 PM by grisc.)
I did not check the site, but I will base my explanation on replies.

As I understand, it is a phishing site, I am going to use as example some social network but this can work with anything, email platforms, social platforms, ecommerce platforms, etc.


1) Copy the entire front end of the platform: You can either download all of the assets manually (html, css, js) or use a crawler like httrack
2) Develop a back end/script that will process the login (It is even better if you also handle extra features to make it more believable), but this can be as little as just handling the form submission and storing it the details provided in a database, then redirect the user to actual steam or do something to make the user not think their details were just stolen (to prevent the user changing their details), or don't do anything at all.
3) Connect back end and front end, and also these to a server and domain
4) Advertise it through email, or some other way. Things like "Attention required, please login now!"

And that's it. I don't do phishing, ever, but I work in IT, so I know how all of this works.

How to prevent your steam account getting stolen in the future?

When a site asks you to connect your steam account, the actual legit way to do it, is click a button that redirects you to the actual steam page, there, steam will ask you if you'd like to connect to "random app", click yes, and the site you connected to will receive your steam unique identifier, they can't do anything with this nor steal anything from you through this, they will just see your steam name, picture, what games you have and things like that, nothing else.

If the site asks you to provide your steam login information, it is a phishing site 100% of the time.

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)