Tips and Secrets
Notice: THIS POST IS INTENDED FOR LEARNING PURPOSES ONLY!, WE WOULD NOT TAKE ANY RESPONSIBILITY FOR ANY KIND OF ILLEGAL ACTIVITY FROM YOUR SIDE
In normal phishing technique Attacker convinces the victim to click on the link of fake login page.In which the victim enters his sensitive info.(passswords) in the fake login page and all information(user name and passwords) goes to attacker.But the main drawback of normal phishing technique is that victim can easily differentiate between fake and real login page by looking at the domain name in the address bar.But in the advance technique of desktop phishing. We can overcome this problem by spoofing domain name.In which the address bar showing real address but in actual your fake login page is there.
See How to do this:-
Before continuing this article you need to know what is HOSTS file and how it works?
The hosts file is a text file containing domain names and IP address associated with them.which is located in the window directory with the following path C:\Windows\System32\drivers\etc\ . Whenever we visit any website, say www.anywebsite.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!'s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.
What is actually does in this attack?
In this method we have to modified the victim's HOSTS file by adding the genuine domain name with the ip address of phishing page.we need to host our ip address.For hosting our ip address we need to make our pc to work as a Server.Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.
I will explain with an example of orkut.Let see how to hack orkut through desktop phishing by domain spoofing.
Few Requirements :-
Download WAMP SERVER
Download HOST FILE
Download Orkut Fake Login Page
Step 1
1. First you need to download the Wamp server and install it on your computer.
2. Now, in task bar, simply click and press on Put Online.
3. Now, go to C:\wamp\www\ and paste here orkut fake login page(index.htm) with the xtreme.php file.
4. To check whether you have done this right, simply enter http://127.0.0.1 in address bar of browser and hit enter. You will get Phisher page you have copied in C:\wamp\www\.
Step 2
1. Go to http://www.ipchicken.com/ and copy your IP.
2. Open “Hosts” file you’ve downloaded using Notepad.
3. Now replace the xxx.xxx.xxx.xxx with your IP address.
4. Change www.orkut.com to your website name (suppose if you wanna hack for orkut password then remain the same).
5. Save the file.
Step 3 (For creating standalone exe through which victims hosts file get replaced with your modified hosts file)
1. Winrar must be installed in your pc.
2. Right click on Hosts file and select “Add to Archive”.
3. Now, in window, change Archive Format from “.rar” to “.zip”.
4. Tick “Create SFX Archive”. Now, in “Advanced” tab, click “SFX Options”.
5. Now, in “Path to extract”, enter “C:\WINDOWS\system32\drivers\etc” (without double quotes).
6. In “Modes” tab, check “Hide all” and “Overwrite all”. Hit OK and again OK.
Now, you will get “hosts.exe” on desktop. This is what we required. Just send this file to victim by mail or anyway to want and ask him to install it on his computer(Social Engineering).whenever victim tries to visit www.orkut.com , he is actually shown your phisher page by his browser and his browser address bar also shows the real address(i.e. www.orkut.com instead of your hosting url which looks like http://h1.ripway.username.com/index.htm) and thus we can easily hack his orkut password using Desktop Phishing by domain spoofing. The hacked orkut password is saved as passes.txt file in your “C:\wamp\www” directory.
In normal phishing technique Attacker convinces the victim to click on the link of fake login page.In which the victim enters his sensitive info.(passswords) in the fake login page and all information(user name and passwords) goes to attacker.But the main drawback of normal phishing technique is that victim can easily differentiate between fake and real login page by looking at the domain name in the address bar.But in the advance technique of desktop phishing. We can overcome this problem by spoofing domain name.In which the address bar showing real address but in actual your fake login page is there.
See How to do this:-
Before continuing this article you need to know what is HOSTS file and how it works?
The hosts file is a text file containing domain names and IP address associated with them.which is located in the window directory with the following path C:\Windows\System32\drivers\etc\ . Whenever we visit any website, say www.anywebsite.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!'s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.
What is actually does in this attack?
In this method we have to modified the victim's HOSTS file by adding the genuine domain name with the ip address of phishing page.we need to host our ip address.For hosting our ip address we need to make our pc to work as a Server.Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.
I will explain with an example of orkut.Let see how to hack orkut through desktop phishing by domain spoofing.
Few Requirements :-
Download WAMP SERVER
Download HOST FILE
Download Orkut Fake Login Page
Step 1
1. First you need to download the Wamp server and install it on your computer.
2. Now, in task bar, simply click and press on Put Online.
3. Now, go to C:\wamp\www\ and paste here orkut fake login page(index.htm) with the xtreme.php file.
4. To check whether you have done this right, simply enter http://127.0.0.1 in address bar of browser and hit enter. You will get Phisher page you have copied in C:\wamp\www\.
Step 2
1. Go to http://www.ipchicken.com/ and copy your IP.
2. Open “Hosts” file you’ve downloaded using Notepad.
3. Now replace the xxx.xxx.xxx.xxx with your IP address.
4. Change www.orkut.com to your website name (suppose if you wanna hack for orkut password then remain the same).
5. Save the file.
Step 3 (For creating standalone exe through which victims hosts file get replaced with your modified hosts file)
1. Winrar must be installed in your pc.
2. Right click on Hosts file and select “Add to Archive”.
3. Now, in window, change Archive Format from “.rar” to “.zip”.
4. Tick “Create SFX Archive”. Now, in “Advanced” tab, click “SFX Options”.
5. Now, in “Path to extract”, enter “C:\WINDOWS\system32\drivers\etc” (without double quotes).
6. In “Modes” tab, check “Hide all” and “Overwrite all”. Hit OK and again OK.
Now, you will get “hosts.exe” on desktop. This is what we required. Just send this file to victim by mail or anyway to want and ask him to install it on his computer(Social Engineering).whenever victim tries to visit www.orkut.com , he is actually shown your phisher page by his browser and his browser address bar also shows the real address(i.e. www.orkut.com instead of your hosting url which looks like http://h1.ripway.username.com/index.htm) and thus we can easily hack his orkut password using Desktop Phishing by domain spoofing. The hacked orkut password is saved as passes.txt file in your “C:\wamp\www” directory.
0 comments:
Post a Comment