Hello friends today I'd like to tell you one story Once in our college we're having Ethical Hacking workshop, he asked me to login from his system (social engg), I thought
they will definitely do something so I did'nt type my actual password and Imagine the same thing happened they we're trying to attack using phishing method and shown my fake password to all my friends. Then they taught us how to attack using phishing method and how to get rid of these methods. To get rid of attacks using phishing methods we need to check the URL of the web page where we're typing our A/c details and it is better to type the URL manually.Then again he asked me to login to my facebook A/c and as an Intelligent student I typed the URL manually and tried to login from his system but again something happened and he got my password
So friends I learnt how can we do this and here I'm sharing my knowledge but before doing this you should have some knowledge about phishing.
Drawbacks of using phishing page ( not advance phishing).
The drawback of using phishing method is the URL is different
e.g:- www.facebook.com is actual page and our phishing page is something like www.faced00k.com (the smart student will notice like me). and they will not fall in your FISHNET.
WHAT TO DO?
Let's START!
Requirements:
- WAMP SERVER
- WINRAR.
You may ask "is it possible?".
My answer is yes, you can.
It sounds good? go ahead.
How Can we Do it ?
We have to send an email with an executable file to victim.
If the victim double click the executable file, then you are done.
Now whenever the victim enter the real domain name (like www.facebook.com) ,he will be in our phishing web page.
Don't worry the domain name is original URL(like www.facebook.com)
Got surprised....!!!! You may ask how this is done.
How it is done?
Executable file will change the Host file of Victim system.
What is host file?
The host file contains Domain Name and IP address associated with them. Your host file will be in this path:
C:\Windows\System32\drivers\etc\
Whenever we enter the Domain name or URL (for eg: www.webaddress.com), a query will be sent to the DNS (Domain Name server). This DNS is connected to the IP address which is associated with the Domain Name. But before this to be done, the host file in our system will check for the IP address associated with the Domain Name. Suppose we make an entry with Domain Name and IP address of our phishing web page(for eg: www.webaddress.com wiht our ip 123.23.X.X),then there's no query will be send to the DNS.
It will automatically connect to the IP address associated with the Domain Name. This will fruitful for us to mask the PHISHING web page's URL with Original Domain Name.
Let's Implement It!
If you are hosting on some other hosting site, probably you won't get the unique IP address for your Phishing Web Page. You can have the IP Address of the hosting only. So if you try to use that IP address, the victim will not bring to your Phishing web page , they will bring to the hosting address.
So what you can do overcome this problem? You need to set up your own Webserver in home. Using Webserver softwares you can set up your own Hosting service.
How To set up Your own web server?
Download any Web server software's like WAMP, XAMP. My suggestion is WAMP. Because it is easy to use.
Downlad and Install the WAMP server.
After installation completed, Go to this folder path:
C:\Wamp\WWW
And paste your phishing web page here.
Start the Wamp Server.
(Start->windows->All Programs->Wamp Server->start wamp server)
you can see the half circle icon(wamp server icon) in system tray(i mean near to the time in taskbar).
Click the icon and select Start All Services and Put Online.
Now type your ip address in address bar of the web browser and hit enter. If you don't know your ip address ,goto Run->cmd->ipconfig. or just visit www.whatismyip.com
Now you can see your Phishing web page in your Browser.
Modify the Host file:
Copy the Host file from this path "C:\WINDOWS\system32\drivers\etc" to desktop.
Right click on the host file and open with Notepad.
You can see the localhost entry there.
Below as :
your_ip domain_name
For e.g :-
123.xx.xx.xx www.gmail.com
Save the File.
Compress the Host File:
Compress hosts file such that when victim opens it, it automatically gets copied to default location i.e, C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.
Right click on the Hosts file and select the Add to archive option.
Now follow the steps which is shown in picture:
Now send the zipped file to victim.
If he extract the zip file, then the hosts file will be replaced.
You are done.
Now whenever he tries to visit the genuine or original website, the phishing webpage only will be shown.
Note: Your computer should always be turned on because it's not just a PC but a host server.
How to Get Rid of this Attack?
- Use dynamic IP addresses which is hard to implement.
- Check the certificates of site which is shown by browser.
Spread the Knowledge!
If you find the tutorial helpful then you can like the blog and share it with your friends............
Leave your comments below!
