Hacking the phishers (twisted Robinhood)

Here is a phishing page for paypal http://paypal-update-account-information-login.starvalleyhomesearch.com/Update/10ee7df4ac1c05b59338c9deb448aa8a/af60dd2bb9b4e03d69844affa3e7d771/2e3424366d38973b2d48209fb334b378/a8129fa47469d5c9e6d3b4ccbd5dfb44/29a8a832cc58b69ae29a29a0319907d6/cb25f7fe36a186eb7138336f7510ca14/

Can someone tell how to hack phishing information stored on these sites. I have got a lot of link to phishing websites.

Recently I spent $100 on different carding stores but got scammed, nearly had a heart attack. I don't have a job and need to feed my family. And I'm out of budget to spend on carding, so thought it would be a good option if I could hack phishing sites.

Sorry if I posted it in wrong section, admins feel free to move or delete it.


Comments


[13 Points] CHomfLok:

I think you need a new game plan. If someone knows how to do this, they're not going to tell you so you can make the money. Your desperation is causing you to make stupid decisions. Log off and get a job.


[2 Points] MLP_is_my_OPSEC:

  1. First you'd need to decrypt the encrypted HTML, which is laughably easy, and I've done so here
  2. You'd need to figure out what method they're using. They seem to be using a PHP script located at ./Snd/Snd1.php. This script either sends the logs to an email address, or a database of some sort. Most likely database.
  3. Since it's on a database, you need to exploit it. SQLi may work, but I doubt it. This is where you need to gather some more information. Luckily you can find what server software they're running on the "500 Error" page. Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 Server. They also seem to be hosted over at BlueHost(198.57.164.57)
  4. What do you do from here? You're on your own.


[1 Points] DaMenehune:

Collect your own. Get a couple USB wifi dongles. Turn your laptop in to a wifi honey pot. Run a captive portal, you can force login pages to unsuspecting users who join your fake AP. Wireshark can be helpful. Tourist areas can garner hundreds of users information in hours while you have a coffee or sit in your car.