Desktop Phishing – Step by step tutorial

Hii Friends, I think now you know about phishing & how to create fake login page. If you new in TRICKS4INDYA then before proceeding read my previous two article about “what is phishing?” & “How to create & use fake login page”. Today I am going to write an article about Desktop Phishing which is an advance form of phishing.

Difference between phishing and desktop phishing is as follows: -

In phishing: -

·      Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.

·      Victim enters his credentials in fake login page that goes to attacker.

·      Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing:-

·      Attacker sends an executable/batch file to victim and victim is supposed to double click on it. Attacker's job is done.

·      Victim types the domain name of original/genuine website and is taken to our fake login page. But the domain name remains the same as typed by victim and victim doesn't come to know.

·      Rest of the things is same as in normal phishing.

What is Hosts File?

The hosts file is a text file containing domain names and IP address associated with them. Location of hosts files in windows: C:\Windows\System32\drivers\etc\

Whenever we visit any website, say www.anything.com , an query is sent to  Domain Name Server(DNS) to  look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

What is attack?

I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. We need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page. Whenever victim would visit the genuine website, he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.

Two Steps to perform attack: -

1.   Create and host phishing page on your computer.

2.   Modify victim's host file

Step 1:-

Since the webhosting sites like 110mb.com, ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a web server and not a website. So we need to host the phishing page on our computer using a  web server software like wamp or xampp.

Kindly read my simple tutorial on setting up XAMPP webserver here and this step would be clear to you.

Step 2: -

This step can performed in two different ways. 

Method 1 - Send victim a zip file containing modified host file. When Zip file would be clicked, it would automatically replace victim's original hosts file with modified hosts file.

Copy your hosts file and paste it anywhere. Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show.

Like in this case, when victim would visit gmail.com , he would be taken to website hosted on IP 'xxx.xxx.xxx.xxx'. Replace it with your public IP.Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.

To setup modified host zip file follow the below image: -

Then you can bind this file with any exe/image (using a binder) or directly give it to victim. He is supposed to click it and you are done.

Method 2 - Create a batch file which would modify hosts file as per your need.

Open your notepad and type the following text: -

echo xxx.xxx.xxx.xxx www.watever.com >> C:\windows\system32\drivers\etc\hosts

echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts 

Obviously replace it with your IP and website acc. to yourself.

Save file as 'all files' instead of txt files and name it anything.bat . Extension must be .bat 

When victim would run this file, a new entry will be made in hosts file.

You can test both the above methods to modify your own hosts file

Limitations of attack: -

1.   Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. To overcome this we need to purchase static IP from our ISP.

2.   The browser may warn the victim that Digital Certificate of the website is not genuine.

Countermeasures:-

Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "http" or "https". https is secure.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

Read More

How To Hack An Account with password Stealer | Hack Accounts

Hi friends, I hope you all are fine, After my previous article for "Hack Facebook Accounts" I'm again here with new Hacking Trick, This is new article or tutor on "How To Hack An Account" . This article is very briefly discussed so that even a very newbie can able to Hack Accounts Using Password Stealer. So Keep on reading to know more ....

What is FUD Password Stealer ?

I am not going to explain this topic in brief just a short intro, As the name indicates It will steal the stored username and password form the victims computer without his/her knowledge.

How To Hack An Account Password Using FUD (Fully Undetectable) Stealer

This is very deep guide and I explained each and every step including Social Engineering which most of us lack to get success, Thus with the combination Stealer and Social Engineering we can able to hack an account. So follow this steps and have a perfect idea: -

·        First of all Disable you antivirus ( Stealer is not FUD, but Crypter Is FUD )

·        Now Download FUD Password Stealer and extract it (folder) to desktop.

Passowrd – TRICKS4INDYA

·        Create one fake gmail account for your safety and then open the stealer.

·        Enter Gmail username and password as asked and then click on "Build"

·        Now you can see the server.exe file created in the Folder which has stealer

·        Open FUD crypter and crypt the server.exe file and now our spy virus is FUD.

·        You are done, Our spying password stealer is ready

Social Engineering And Human Manipulation

Just creating server (virus) is not satisfied, The main part of Hacking Accounts is to make victim download your virus so that we can able to Hack Account without letting him/her know. For more information on Social Engineering and Human Maniputaion, visit my privious article “Social Engineering – Art of Manipulation”


Steps : -

·        Upload your spy virus on free webhosting sites like (www.my3gb.com)

·        Now just shorten your real download link with goo.gl or bit.ly

·        Give that link to victim and ask him/her to download your file

·        He will open the file, within 5 min. you will get all password info in your Gmail account.

How to fool victim ?

This is most important of part of hacking & you also know if you read my privious article “Social Engineering – Art of Manipulation”.

First start normal conversation with victim and know about her/him (if you already know her/him then its good) , All want things for free without any charge so,,,

1.   Hey I have software to make free calls, do you want it ??

2.   Hey I playing flash game, wanna try

3.   Give them what he want and instead give your infected download link.

So friends I hope you have enjoyed this article much, By applying this method I hacked tons of accounts and most of them were girls. So its very easy to try and will surely get success.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

Incoming search terms:-

How To Hack Facebook Account
Hack An Facebook Easily
Hacking Facebook Password
How To Hack Girlfriend Facebook Account
Hack Facebook Accounts Easily
HAck Gmail Account Easily
Hack Yahoo Account Easily
Hack Hotmail Account Easily
Download Password stealer

Read More