Skip to content
October 7, 2008 / technocrawl

DNS Spoofing in Windows Boxes

DNS Refers to Domain Name Systems or Domain name Service, which basically resolves domain name into its equivalent IP address.
When ever you type a valid URL in the browser, it will first look for primary DNS which is in the same box, if it fail then it will try to communicate with the seconaday DNS servers on the internet, once it finds the right match then it resolves the human readable Domain name or FQDM ( Fully Qualified Domain Name ) into its equivalent IP adress that can be easily understood by machines and also updates the same in the primary DNS so that the next time, there is no need to contact the secondary DNS.

Here is a trick that you can use for DNS Poisoning in Widnows Boxes.

just move on the following location

C:\WINDOWS\system32\drivers\etc\hosts

a dialog box prompts to choose open with, select notepad and open it up, then it will display a window like below….

Hosts

On the last line you can see something like

127.0.0.1       localhost

Here 127.0.0.1 is the loopback dotted deciaml IP address, and localhost is its equivalent human readable domain name. So what happens once you type \\localhost in the URL box of the internet explorer or any browser? It will contact the DNS which is actually the host file, then it will open up the locahost window, instead you can type \\127.0.0.1 in the URL box, which does the same opertaion.

Here comes the trick where you can use this to poison DNS and redirect the victims to some other website. So, lemme make it clear that if a user types http://www.google.com in the browser, then they will be redirected to http://www.yahoo.com

Once you opened up the hosts file, just obtain the IP address of the yahoo just by pinging or nslookup, then copy and paste the IP address of http://www.google.com in the hosts file that you recently have opened with a notepad, make sure that you are pasting it in a new line, then leave a space (CRLF – Carriage Return Line Feed) and type http://www.yahoo.com, then close the hosts file, it will prompt you to save the changes, you have to save it. Now restart your browser and type http://www.yahoo.com in the URL, now you will be re-directed to http://www.google.com and you are done now!

By using DNS poisoning, anyone can launch a phishing attack, and re-direct to any malicious websites to create havoc.

// This is Meant for Educational Means alone. technocrawl and its members are not responsible for what ever you do using this.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: