Ethical Hacking

Steal Credentials Using Phishing Techniques

Steal Credentials Using Phishing Techniques

Hello hackers,

Lets read some cybersecurity blogs……

Today we are again back with a famous topic which is stealing credentials using phishing techniques, this technique is known as Social Engineering.

what is social engineering?

It is the art of manipulating people so they give up their confidential data and it is the most famous technique used by blackhat hackers to steal credentials and this social engineering technique will be never patch in the future because it depends on human mentality power…

For phishing attacks, there are many automated tools available on GitHub but I think always the manual techniques works the most…

Lets start preparing the phishing website, but I warn everyone this is only for educational purpose.

For preparing the website we require a webpage template, we can use the tools to gather the webpage template. The best ever tool with maximum webpage template is “HIDDEN EYE“.

Go to GitHub and search for Hidden Eye, copy that git URL for hidden eye and now run the following commands:

  • git clone
  • cd HiddenEye-Legacy
  • cd Webpages

Now we need to host one of the webpage to our localhost(, for now, I am selecting Instagram_web. Once you selected the webpage copy all the files from here to /var/www/html. A command followed is:

sudo cp * /var/www/html

Once you copied all file there move to that directory, now we need to configure something to get back the credentials of victim.

There is a login.php file present in there, now open that file using command:

sudo nano login.php

The nano editor interface will open up and there is the “LOCATION” part, there we need to add a custom URL where the user will redirect when he/she hit on LOGIN once he entered his credentials there…

When you are done with this we need to make a txt file “usernames.txt” because in nano editor we have seen there it has been written credentials will save in usernames.txt, so we need to make a txt file to save credentials…

Once we have done with all this we need to give the permission(Read,Write,Execute) to all files present there, the command followed is:

chmod 777 *(*->to select all)

Now we are going to start a apache service to make your website host on localhost(,command followed is:

service apache2 start

Now our website is visible on your localhost means other people in the whole world cannot see my Phishing website for that we need to use “PORT FORWARDING” technique to make our website live and even all people can see this…

For that the famous tool used is “ngrok” it is available for free as well as the premium version(the premium version will let you set the domain). Go to ngrok official site and signup there, after signup there the dashboard will open up which will suggest you all commands and how to use them. (download a zip file of ngrok).

When you are done with that run the command;

./ngrok http 80 (only work where ngrok file is present)

The ngrok interface will open up and there they will provide you a ngrok URL which will make your localhost go live over www(world wide web), every people in the world can see that webpage…

Now send this URL directly to victim or make that URL shorten using online services of URL shortner so victim has no doubt about the webpage and the technique depends on that how you send the URL to victim by depending on their interest like if you are sending to a girl mention-“The nearby mall is offering a 70% discount on girls dress for that you need to subscribe here using any social media logins(place that URL)“:)

I have entered a random credentials there and when I hit enter I have been taken(redirected) to a URL which I has submitted there in nano editor.

Now when a victim entered his credentials, this credentials will save on your system (usernames.txt).

Boom!!! credentials are here…

This is only for Educational Purpose

Its done for today and time to say “GOOD BYE” for now

Happy Hacking!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *