Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 21
Members Online: 7

Registered Members: 82878
Newest Member: defcon812
Latest Articles

Obscuring Your URL

Arrow Image Ever wonder how hackers/spammers/phishers can make their URLs look so...different?



---------Intro----------------
Have you ever clicked on a link that looked something
like: http://www.FREEXXXHERECLICKHERE@1089058664/ and were surprised
by the utter and complete lack of...movies? Well this article
will tell you everything you need to know about how spammers/hackers/phishers/anyone
can obscure their URL beyond recognition.

---------Purpose--------------
But Futility, why would anyone want to make their URL look different?
Well I\'m glad you asked. Obscuring your URL could come in handy in loads
of different cases. Whether you want to play a harmless prank on your friend,
or lead him unexpectedly to any site you wish. Think of it this way...
would anyone want to go to www.letmestealyourpassword.com? No, but doesn\'t
www.google.com@letmestealyourpassword.com seem a little more inviting? (Note: you can
change the letmestealyourpassword part once you have an IP address. More on that later.)
You can also use some of these methods to get past blocks that your school may have put up
to stop you from accessing \'bad\' sites.

-------------The @ sign--------------------
For this article we are going to consider that you are trying
to trick a long-time Yahoo enthusiast to go to the best search engine int the world (google).
You may have noticed a prime example of obscuring in the preceding examples. The \'@\' can be used to confuse people. Anything
that is placed in front of it, gets ignored.
So, if what I said was true, www.yahoo.com@google.com would bring you to google.com. Try it, I dare you. But, that\'s not very sneaky, considering
if you saw www.yahoo.com@stealmypassword.com you probably wouldn\'t click on it, no matter how much you like yahoo. This brings me to my next point.

-------------IP Address---------------
Most people already know this, but you can use the IP address to access a site. So typing in 64.233.167.147
would bring you to google.com. A quick and easy way to get the IP of a site would be going into your command
prompt (type in cmd.exe into run for Windows users) and type in ping www.google.com (or any other website).
Your computer will ping the site, and you will see the IP. So as of right now, we could type in this:

www.yahoo.com@64.233.167.147

and lure unsuspecting users to our site. (In this case, google.com)

-------------Dword----------------------
But what if this is not enough? What if we are talking about a smart guy, who is willing to check out the IP to see where he\'s
going? What if he\'s determined to get to yahoo by clicking your link, no matter what? Well, we can obscure the IP address further still.
This is called its Dword form. This can get a little bit complicated, so try to stay with me. As an example,
we\'re once again going to use google\'s IP (64.233.167.147). Open your calculator (I\'m using the normal calc.exe) and type this:

64*256+233=*256+167=*256+147

In case you didn\'t notice, the numbers (other than 256) are the first, second, third, and fourth numbers of the IP.
Now all you have to do is type the answer into the URL, and you\'ll get the site you\'re looking for.
So now we could get our obscured URL looking like this:

www.yahoo.com@1089054611

If you don\'t want the yahoo at the beginning you could even just put:

1089054611

and set it as a hyperlink that will take the person that clicks it to your site.

------------------------------------------

This brings my article to a close. Thanks for reading and please, if you\'re going to criticize, the least you can do is make it constructive.

Comments

koolkeith12345on February 01 2008 - 11:55:05
iv seen this before and was considering doing an article but you beat me too it Pfft
Frost_Ton February 01 2008 - 13:55:32
Does work, but in firefox it asked confirmation before actually going to the "Obscured" site...Don't know if it does it on other browsers, but thought I'd share. Good idea though, liked it.
Uber0non February 01 2008 - 15:54:59
It's a good trick Smile but when I'm lazy I just make a TinyURL instead xD http://www.tinyur. . .
mikispagon February 01 2008 - 16:10:22
Very good.
bigggnickon February 01 2008 - 18:58:31
Won't work if the vic is using FF, like Frost_T said.
sleazoidon February 01 2008 - 19:51:45
i made a php script to do this automatically awhileeee ago lol, http://www.zomgz.. . .bscure.php, it does it a few more ways then the way you do it, but a decent (although short) article
midoon February 02 2008 - 13:28:57
Nice article; http://www.pc-hel. . .bscure.htm Or you can use a MERELY one function. Good article.
Walkeron February 03 2008 - 15:35:53
Great article thanks man
Glitch_on February 09 2008 - 14:25:52
well explained & nice examples :] nice article (y)
reaper4334on February 09 2008 - 14:51:06
Firefox: http://i129.photo. . .34/ffx.jpg IE: http://i129.photo. . .334/ie.jpg but the DWORD works good ^^
richohealeyon February 24 2008 - 11:42:03
well.. IP's / numeric address only work if the site isn't vhosted.. which most are.. also the @ doesn't get it ignored, it's the username (try ftp://richo@ftp.psychotik.info )
uberfishon February 26 2008 - 05:19:16
thats pretty cool. I'd like to learn more tricks like this. =p
a240on March 23 2008 - 00:35:39
Nice, you should write another article on the subject.
Durty1425on May 03 2008 - 14:14:29
Great article. =)
winkleeron May 13 2008 - 18:27:48
Awesome article. @richohealey, you are too smart for my liking
winkleeron May 13 2008 - 18:39:21
Awesome article. @richohealey, you are too smart for my liking
winkleeron May 13 2008 - 18:41:17
dam the double posting. also you can use the password too like: http://usernamePfftassword@www.whatever.com
SaMTHGon July 14 2008 - 20:57:34
Awesome article. But I've got a quick short cut istead of doing the math part to turn into decimal http://www.allred. . .ptodec.htm Rated Awesome.Smile
RedDragonon September 02 2008 - 03:46:44
great article Smile
NightSpyderon October 11 2008 - 20:32:12
Thanks man. This helped me out with basic 25 recently. And i definetly learned quite a bit. Thanks again.
goluhaqueon March 24 2010 - 05:03:05
YO thanks . helped mme out with Basic 25 quite nicely and didn't know this earlier.
dami3non July 26 2012 - 17:08:06
Thanks helped with Basic 25. This cannot bypass school "nanny" software if they have blocked the IP address. Anonymouse.org does that for you.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.