Scribd
Upload
2K views

How To Hack Gmail, Paypal Account of Your Friends Using Phishing Link

Nowadays phishing attack is going high. Using these phishing attacks, hackers are stealing the user credentials by provoking the victim to open the link. The same technique can be used to hack GMail, Facebook, Paypal accounts of your friends using phishing links generated by you. These steps will help you to understand, on how phishing really happens.

Uploaded by

securitynewspaper
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views

How To Hack Gmail, Paypal Account of Your Friends Using Phishing Link

Nowadays phishing attack is going high. Using these phishing attacks, hackers are stealing the user credentials by provoking the victim to open the link. The same technique can be used to hack GMail, Facebook, Paypal accounts of your friends using phishing links generated by you. These steps will help you to understand, on how phishing really happens.

Uploaded by

securitynewspaper
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

HOW TO HACK GMAIL, PAYPAL ACCOUNT OF

YOUR FRIENDS USING PHISHING LINK

INTRODUCTION
Nowadays phishing attack is going high. Using these phishing attacks, hackers are stealing the user
credentials by provoking the victim to open the link. The same technique can be used to hack GMail,
Facebook, Paypal accounts of your friends using phishing links generated by you. These steps will help you
to understand, on how phishing really happens.

Today we will talk about an Advanced Phishing tool. Using this tool we can create Fake webpage in a minute
and send the link to the victim to steal credentials. This tool creates a replica of a website and generates a
public link for you to share with the victim. Earlier ethical hacking researcher of International Institute of Cyber
Security demonstrated on how easy is to create fake website in minutes for Local Network environment.

ENVIRONMENT
 OS: Kali Linux 2019.3 64 bit
 Kernel version: 5.2.0

INSTALLATION STEPS
 Use this command to clone the project
 git clone https://github.com/htr-tech/nexphisher.

root@kali:/home/iicybersecurity# git clone https://github.com/htr-tech/nexphisher

Cloning into 'nexphisher'…

remote: Enumerating objects: 25, done.

remote: Counting objects: 100% (25/25), done.

remote: Compressing objects: 100% (22/22), done.

remote: Total 25 (delta 7), reused 11 (delta 2), pack-reused 0

Receiving objects: 100% (25/25), 10.43 MiB | 1.67 MiB/s, done.

Resolving deltas: 100% (7/7), done.

 Use the cd command to enter into the nexphisher directory.

root@kali:/home/iicybersecurity# cd nexphisher/

root@kali:/home/iicybersecurity/nexphisher#
 Use this command to bash setup to install the packages for the tool and set up the environment.

[~] Installing Packages ….

Ign:1 https://deb.globaleaks.org buster/ InRelease

Hit:3 https://deb.globaleaks.org buster/ Release

Err:4 http://deb.globaleaks.org buster/ Release.gpg

At least one invalid signature was encountered.

Get:2 http://ftp.harukasan.org/kali kali-rolling InRelease [30.5 kB]

Err:2 http://ftp.harukasan.org/kali kali-rolling InRelease

Splitting up /var/lib/apt/lists/partial/http.kali.org_kali_dists_kali-rolling_InRelease
into data and signature failed

Reading package lists… Done

=========================================================================================
=====================SNIP================================================================
===============================================

php is already the newest version (2:7.3+69).

ssh is already the newest version (1:8.2p1-4).

unzip is already the newest version (6.0-25).

The following packages were automatically installed and are no longer required:

docutils-common docutils-doc libfluidsynth1 libilmbase23 libopenexr23 libproj13


libpython3.7-dev libx265-165 python-bson python-bson-ext python-docutils

python-egenix-mxdatetime python-egenix-mxtools python-gridfs python-pygments python-


pymongo python-pymongo-ext python-roman python3.7-dev sgml-base xml-core

Use 'apt autoremove' to remove them.

0 upgraded, 0 newly installed, 0 to remove and 1499 not upgraded.

[~] Setting Up Environment ….

mv: cannot stat 'loclx-linux-386': No such file or directory

chmod: cannot access '.htr/loclx': No such file or directory

[~] Installation Completed !!

[~] Type bash nexphisher to run NEXPHISHER !!


 Now, use this command bash nexphisher to launch the tool.

 Now, let’s choose the options and see the how these fake webpages work.
 Fist we will try to create a phishing page for GMail.

HACK GMAIL ACCOUNT


 Now, let’s create google phishing page.
NexPhisher-Google

 Now, choose option 3 and then select option 2 Gmail New Login Page.
 Now this will create a fake webpage for GMail.
 We will now have to create a public URL to send it to the victim.
 Now this tool will ask you to select Port Forwarding Option.
 In the above picture, we see five different traffic collector tools, these tools collects the traffic from the
victim’s machine and sends back to the hacker console.
 Here, choose option 2 Ngrok.
 If Ngrok is not installed it will ask you to install Ngrox with API keys.
 It will generate a phishing link. Now send this link to the victim.

 If victim open the link and enter the credentials in the phishing page.
 The server captures the credentials and sends to the hacker. We can see in the below picture.
 On the victim’s machine, it will redirect to the original GMail pages to ask the security questions,
which will let the victim believe that everything is working fine.
 As you we can see in the below images.

After entering the email or phone.


Password

 Victim will enter the password and enter into original account.
 But victim is unaware of the fact that his/her password has gone to hacker console.

HACK PAYPAL ACCOUNT


 Now, let’s create a phishing page of PayPal.

 Choose option 6 PayPal.


 Now, choose option 5 LocalHostRun server. It will create two URLs, we can see at the bottom of
the picture.
 Next, send anyone a link to the victim.
 If the victim enter his credentials and click on the login
 To view the credentials in hackers console machine, press ctrl + c then you can view the details.

 Here, we got the victims credentials.


HACK WORDPRESS ACCOUNT
WordPress is a content management system, using WordPress we can create any type of website.

Here, choose an option 26 for wordpress.


 Now, choose an option 4. To start LocalXpose server

 Now, send the phishing link to the victim.


 If the victim opens the link, we can see the page in below picture
 If the victim enters his credentials in the phishing WordPress page.
 The traffic collector sends the credentials to the hacker console.
 We successfully got the login credentials.

CONCLUSION
We saw how to create a phishing page and steal the victim’s login credentials. Most of the hackers do it the
same. We must be more conscious while entering our login credentials or personal details. Always check the
Green padlock or the Lock sign next to the URL you open. This will ensure that you are opening a safe website.
Contact https://www.securitynewspaper.com/

MEXICO
538, Homero #303, Chapultepec Morales,
Mexico D.F (Distrito Federal) 11570

INDIA
Fifth Floor, HB Twin Tower
Netaji Subhash Place, Delhi NCR, 110034

You might also like