Desktop Phishing - Hack Hippo tutorial-2

WHAT IS DESKTOP PHISHING ?

Its a very advance version of phishing.In this article i'll show how advance this desktop phishing (abbv. DP) is than the regular one.The advantage of DP is that you have a real domain rather than fake.


DIFFERENCE BETWEEN PHISHING AND DESKTOP PHISHING

WHAT IS PHISHER ARM ?

Phisher Arm is program that will change your IP Mapping Settings, You don't need to know a program any programming language for this. You can make a Phisher arm with some tools you have in your computer

THINGS YOU NEED TO KNOW BEFORE DP

1. Knowledge about host file
2. A webpage server

HOST file

• The hosts file is a computer file used in an operating system to map hostnames to IP addresses.
• The hosts file is a plain text file and is conventionally named hosts
• Directory : C:\windows\system32\drivers\etc\hosts

In this example i mapped google.com domain name with the ip address of yahoo.com. So, whenever you type google.com on your address bar will open yahoo.com

WHAT HAPPENS BEHIND THE SCREEN ?

Whenever we type url in address bar, our browser first refer the host file and if there present the mapping for the url that it will navigate to mentioned ip address in case there is no mapping for the url then the request for ip address is forward to DNS (Domain Name Server)


WEB SERVER

• Web server can refer to either the hardware (the computer) or the software (the computer application) that helps to deliver Web content that can be accessed through the Internet.
• S/W : xampp Server

This software will help you to host phishing on your local machine.To know more and about  xampp and  download click there XAMPP PAGE

NOW LETS MOVE TO FULL-WORKING

• First Download and install xampp on your PC, Start Apache and Msql services
• Download the Facebook Phisher page, Place all its contents in the ht docs folder which should be under Xammp (c:\xammp\htdocs)

For downloading the phisher page here the link Download
and you can create one by writing a php file and for the fake page

1. go to webpage which fake page you want to create
2. on page right click and go to "View Source Code"
3. copy all the code and paste it on notepad
4. then search for "action" in the code and replace that action's value with you php file name
5. save the notepad file index.html or index.htm

• To know your IP address
• Go to http://www.ipchicken.com/ and copy your IP.
• Open Hosts file and replace/add the xxx.xxx.xxx.xxx with your IP address and with tab the website name.
• Save the file.
• but before doing all the modification in the host file backup your original one

Now you only need to send this host file to the victim's PC and for doing that you have to create a standalone exe file through which victims hosts file get replaced with your modified one

• Winrar must be installed in your pc.
• Right click on Hosts file and select “Add to Archive”
• Now, in window, change Archive Format from “.rar” to “.zip”.
• Tick “Create SFX Archive”.
• Now, in “Advanced” tab, click “SFX Options”.
• Now, in “Path to extract”, enter “C:\WINDOWS\system32\drivers\etc” (without double quotes).
• In “Modes” tab, check “Hide all”
• and on "Update" tab select “Overwrite all files”
• Hit OK and again OK. 

Now, its upto you by which method you want to send this file to victim by mail or anyway to want and ask him to install it on his/her computer(Social Engineering).whenever victim tries to visit www.facebook.com , he/she is actually shown your phisher page on his/her browser and his/her browser address bar also shows the real address(i.e. www.facebook.com instead of your hosting url which looks like http://h1.ripway.username.com/index.htm) and thus we can easily hack his/her facebook password using Desktop Phishing by domain spoofing. The hacked facebook password is saved as passes.txt file in your “C:\xampp\htdocs” directory.

Thanks You For Visit.