Creating a Password Phishing Website

How to create a password phishing website using redpill Hacker and how to retrieve usernames and passwords from the website.

A Password Phishing Website is a tool in redpill Hacker that allows you to get usernames and passwords from social media accounts and some email accounts (gmail, yahoo, facebook, twitter). This tool works on any device and there are nothing being installed on the target device so there are now warnings or Anti-Virus detection.

Basically it allows you to hack gmail, facebook, yahoo and twitter accounts.

This tool uses a well known legitimate practice on the internet where some sites don't expect you to create an account with them but allows you to log in using your existing social media account. The tool allows you to choose any content on the internet (Video, PDF file or website) and create a 'in-between' page. You can choose the wording for that page and where the page will take the target.

This method is very effective as there are no warnings and works on any device. The fact that the target will actually be able to visit the site or watch the video, makes it very believable and if done correctly the target will not suspect anything.

Below is a demo video. Note that the video uses an older version of redpill Hacker.

How a Password Phishing Site Works

stealing passwords from website
  1. From redpill Hacker you quickly and easily create the 'in-between' site that will ask the user to log in before he can watch the video (or view any other content on the interntet).
  2. Using redpill Hacker, you can send emails to a specific target or a list of targets. They will get a socially engineered email telling them about the video they can watch (or PDF document they can view) with a link to the video or document.
  3. When they click on the link, they will first be asked to sign in using their existing social media account (facebook, gmail, twitter or yahoo).
  4. After they signed in, they will be able to watch the video or open the PDF document.
  5. You will receive their username and password as well as the account used. The target will not suspect anything.

How to create your password phishing site

  1. Decide what content you want to display. It can be any video or PDF document. The video does not need to be from youtube, but you should be able to get to the video with a link. In youtube you can click on the 'Share' button below the video to get a direct link to the video
  2. Choose a domain name that will fit in with your con. For example if you will use a video it can be something like 1000CrazyVideo.com or if you will use a PDF document it can be SecrurePDFFiles.com.
  3. You will need to purchase the domain with a Windows Hosting option (you can get this cheap from sites like godaddy).
  4. Your hosting company will provide you with FTP details for your site (or you will be able to create a FTP account from your control panel). Enter these details in redpill Hacker (from the redpill Hacker menu, select 'Resources and Tools' > 'FTP Servers')
  5. In redpill Hacker, go to Websites > Password Phishing Website
  6. The form below will be displayed.
steal passwords from website
  1. Enter your full domain name in the website field.
  2. Select the FTP Server that you set up in a previous step.
  3. The link is not the link to the video but a link to your domain (See 'Note about Link' below)
  4. Message is any message that will fit in with your con, that will ask the person to sign in.
  5. The redirect website is the link to the video or the PDF document.

Note about link:

The link is a link that the target will see. If your domain is www.xxx885Videos.com, then the link does not really look like a video. To fix this you can add the following to the back of your URL:
>> ?video=343243
>> ?pdf=99323
>> ?document=009265
Example: http://www.xxx885Vidoes.com?video=898925

The link now looks more like a specific video or document. You can use any number but the question mark, a word like 'video', the equal sign and a number after that is important. Test your link – simply copy and paste it into your browser.

When you click on 'Create Website', redpill Hacker will create the 'in-between' website for you in seconds.

Create Password Stealing Website

You can email the link directly to a target using a normal email, or you can use a Password Phishing Website template in redpill Hacker to email targets the link. Make sure your email or social engineering template is properly worded to convince the targets to click on the link.

On the Target Computer

When a target clicks on the link, a login page will open in his browser:

password capture

After the target signed in, he will immediately be redirected to the video or PDF document. The video will start playing and the target will not suspect anything.

Retrieving Usernames and Passwords

You will not be notified when a target has signed in, so you can check periodically. Open redpill Hacker and in the menu click on 'Websites' > 'Retrieve Phishing Data from Websites'.

hacking websites

redpill Hacker will retrieve the data with account used, username and password.
Note that once retrieved, the data is removed from the website – so it is important to save the data that was retrieved. To save it, go to 'Resources and Tools' > 'Export Screen Output'.