how to hack facebook using desktop phishing
our may already be familiar with the phishing technique as I have posted some articles over it,
However still you don’t understood it then I should tell
you here again that phishing is such an act where hacker makes a duplicate page I must say login page of any website and
in the login fields he makes some changings like he embeds a logger script in those login forum fields, thus as a result what you type
in those fields is logged and are pasted in a text file on that server where that phishing i-e duplicate page is hosted to fool you.
Thus you email and password are sent to hacker as those login fields are for “email address” and “password” ultimately in the end you
are redirected to original login page. You should read following posts to understand this in detail:-
Explaining phishing to new-bies ( Demonstrating by Facebook phishing hack)
Drawback of such phishing techniques:-
Such techniques need such a hosting whose TOS can’t be broken when we upload such pages.
This needs a link to be spread which takes victim to the phisher page.
This are also now recognized more easily as the URL of the browser is not trustable
since now many people are aware of such attacks and modern browsers can
understand phishing well now.
You must be an expert to implement such attacks successfully
if you are a newbie you can’t fool victim by just following simple guides provided at various sites.
So, this old phishing technique is also useful we can’t deny its use but it gets bit tricky to implement it.
What is Desktop Phishing?
Well,
it is a kind of phishing where you have to just replace some text in the hosts file located in Windows directory
in the victim machine and whenever he goes to the real website like yahoo.com
then real website won’t open instead of it the phishing page will open which will be hosted in your computer
(Or any other hosting purchased one as you prefer as rest steps are same as in common phishing).
A diagram to differentiate between Desktop phishing and Common Phishing:- Desktop and normal phishing
I created this simple diagram to differentiate between common phishing and desktop one,
Hope you may get it now clearly.
Steps to Perform Desktop Phishing:-
things to be need:-
1..xamp server software
2..strong vpn(for making an ip static)
3..hosts file which is locate on your pc in directory c:/windows/system32/drivers/etc
Following are the steps to perform desktop phishing which are explained in quite good manner.
1. Make your computer a server to host files or say phishing page:-
How to: Convert Computer in WebServer -
install server on your pc ,there are two name of server software
1...xamp server
2...wamp server
i recomend xamp becouse it is simple for handel
and store your phishing page of any web site in httdocs directory of xampp server
2. What is hosts file and how to exploit them for desktop phishing-Basic Scheme:-
A hosts file is a file which contains domain names and IP addresses associated with them.
Like when we visit a website like www.website.com
then a query is sent to the DNS (Domain Name Server) in order to look for the IP address which may be associated with that domain to take you to the desired website.
But before this query the local computer is checked for the IP address associated with that domain, and the file which is checked for this purpose it the hosts file
located here:- C:\Windows\System32\drivers\etc\
Now lets make an entry in hosts file,
you can use simple notepad to edit it, well I am using notepad++ for this purpose.
I have opened hosts file
by right clicking it and then opening it my notepad++ and after that I have added the IP address and the URL along which I want to associate that IP address.
I think you have understood that what we are going to do. See sample below, when victim will open www.hackersthirst.com he will be taken
to the IP address(111.111.111.50) in Hosts file as below:-
hosts
3. Creating an SFX archive to replace real hosts file with our own created in victim computer:-
Now,
you have converted your computer in a webserver to host files and thus you have a public IP address of your server using which
you can associate
any domain name with your public id, yes we are going to exploit hosts file. Now, what we shall do is this, that we shall copy our hosts file and will modify
it ass below by assigning our IP address where required phishing page is uploaded lets say its yahoo phisher:-
modified hosts
So,
your modified hosts file is created now, lets plan out a way to replace victim’s hosts file with it,
there are many ways,
but I shall tell you one here of creating a solid archive by WinRAR you can download it here.
After installing WinRAR right click on the modified hosts file and then
“Add to archive” after this tick create “SFX archive” like I did:-
After this create the archive and send it to the victim and as a result his hosts file will be replaces you can bind this file to any other exe or picture just read this post:-
Hide archives and RAT’s by using Binders
Whenever he will open the website in his computer i-e yahoo.com your own phishing page
will come in front of him which will be hosted in your own computer.
So, he will be hacked without any notice.
What you got from this post? or Countermeasures to remain safe from such attacks:-
So,
now you know this type of attacks also exists to never blindly trust any exe file or any picture always explore vthe files given by any stranger
if you see that the icon is of a .jpg file and extension is .exe then it surely means that the file is binded. So, I must say that best security
is always from you hackers just make use of our own foolishness.
NOTE
please use notepad in administrator mode during change hosts file