basic hacking

Use Original Domain Address for Phishing Web page

Share

Hi friends ,  you may have known about how to create phishing web Page.  If you don't know about Phishing Web Page, you need to read this tutorials first:

        Different Types of Email account
        How To Create fake or phishing web page

Once you know the basics of Phishing web Page ,come to this post.

Ok friends, there's one drawback in our traditional Phishing web page method. You know what is it? You are right, the url of our phishing web page. It may look like the real one,but it is not.


For eg: we may create the Phishing web page with www.gmails.com but it's not at all same as www.gmail.com

Probably, the experienced internet users will notice the URL of web Page. So they won't fall in our Fishnet.

What we are going to do now?
Why should not we make the phishing web page's URL looks exactly same as the real Domain Name? You may ask "is it possible?". My answer is yes, you can. It sounds good na? go ahead.

How we are going to implement?
 We are going to send an email with an executable to victim.
If the victim double click the executable file, then you are done.
Now whenever the victim enter the real domain name (like www.facebook.com) ,he will be in our phishing web page.
Don't worry the domain name is original URL(like www.facebook.com)

Got surprised....!!!! You may ask how this is done,go ahead.

How it is done? 
   Executable file will change the Host file of Victim system.
What is host file?
     The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:

C:\Windows\System32\drivers\etc\

Whenever we enter the Domain name or URL (for eg: www.webaddress.com), a query will be send to the DNS (Domain Name server).  This DNS connect to the IP address which is associated with the Domain Name.   But before this to be done, the host file in our system will check for the IP address associated with the Domain Name.  Suppose we make an entry with Domain Name and IP address of our phishing web page(for  eg: www.webaddress.com wiht our ip 123.23.X.X),then there's no query will be send to the DNS.
It will automatically connect to the IP address associated with the Domain Name.  This will fruitful for us to mask the PHISHING web page's URL with Original Domain Name.


Now Let's divide into the Implementation:

• If you are hosting some other hosting site, probably you won't get the unique IP address for your Phishing Web Page. You can have the IP Address of the hosting only. So if you try to use that IP address, the victim will not bring to your Phishing web page , they will bring to the hosting address. 

So what you can do overcome this problem? You need to set up your own Webserver in home. Using Webserver softwares you can set up your own Hosting service.