Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 19
Members Online: 2

Registered Members: 82893
Newest Member: mor-amit
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

I totally forgot

Zeke tAh FreKe
Member



Posts: 41
Location: N.U.R.V.
Joined: 16.02.07
Rank:
Newbie
Warn Level: 80
Posted on 06-07-09 22:53
I'm looking for a feature (or file rather) on Windows that allows you to automatically redirect a local user when they visit a certain domain.

For example:

You open the text file (I believe its located in the windows directory).
Then you add a domain name/IP as well as the domain/IP to direct it to, in the following syntax:

www.google.com www.hellboundhackers.org

Upon visiting Google, you would be redirected to HBH.

I read an article on this about a year ago and never got a full understanding of this (hence why I can't remember the terms used, how its done, etc)

Any help / comments / links regarding this would be exorbitantly appreciated.


i61.photobucket.com/albums/h70/zeke9001/ZeKESig.gif
E K http://www.cheapndiscreet.com
Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-09 23:00
It is called your hosts file, it is located in WINDOWS\system32\drivers\etc\ in windows and most of the times in linux in /etc/hosts.
Adding things go like

www.google.com www.hellboundhackers.org

With ettercap you can do dns spoofs to let it work for the entire subnet Wink
see this:
http://openmaniak.com/ettercap_filter.php
for more information on that



Author

RE: I totally forgot

Zeke tAh FreKe
Member



Posts: 41
Location: N.U.R.V.
Joined: 16.02.07
Rank:
Newbie
Warn Level: 80
Posted on 06-07-09 23:02
T'is exactly what I was looking for, Thanks.


i61.photobucket.com/albums/h70/zeke9001/ZeKESig.gif
E K http://www.cheapndiscreet.com
Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-09 02:02
But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. Pfft


Author

RE: I totally forgot

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 07-07-09 02:03
S1L3NTKn1GhT wrote:
But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. Pfft


Do tell us, how many years of network administration experience do you have?



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce

Edited by spyware on 07-07-09 02:03
Author

RE: I totally forgot

p4plus2
Member

Your avatar

Posts: 167
Location:
Joined: 31.03.08
Rank:
Newbie
Posted on 07-07-09 02:16
S1L3NTKn1GhT wrote:
But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. :p


You could make a package that replaces the hosts file like this:
Code

paypal.com  phishingsite.com




Then if the user runs your package (thinking it is something else or if you bundle it with something else), and they go to paypal they will really be at your phishing site even though paypal.com is where your browser says they are. Then when they try logging in, well you should get the idea by now :P.

If I remember correctly this is called desktop phinishing.


"You can't be something your not,
Be yourself by yourself
Stay away from me" ~Walk, Pantera

"Playing an acoustic guitar is like having sex with your clothes on" ~Dave Mustaine
p4plus2@hotmail.com
Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-09 02:31
S1L3NTKn1GhT wrote:
But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. Pfft

It can be quite usefull for pointing to things like fileserver at 10.0.0.106 and intranet site at 10.0.0.104 router at 10.0.0.101 etc etc, one day you will be happy it is there.

You can also take a look at this video:
http://milw0rm.co. . .php?id=101
where they came up with 1 scenario how to abuse this file. Of course there are tons of scenario's how to abuse this file but its just to give you an idea, in linux this file is only writable for root. In windows vista it will tell you access denied, unless you edit it as administrator. (Or the program has admin rights, untested with binding something to a program that has to be run with admin rights, should work i think). If a windows xp user is changing it it also has to be administrator, if the current logged in user is has administrator rights it will be able to change the file but still, a good firewall will notify this. In the video there also is another big problem, the phisher is engaged through http, who did ever saw a paypal process going over http? If the attacker would have used https then firefox would have moaned.


Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-09 02:32
oh lol we kinda double posted, i had phone in the meanwhile =D


Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-09 23:50
i use this to redirect the common ad sites to 127.0.0.1 so they don't load at all.


Author

RE: I totally forgot

p4plus2
Member

Your avatar

Posts: 167
Location:
Joined: 31.03.08
Rank:
Newbie
Posted on 08-07-09 04:43
Folk Theory wrote:
i use this to redirect the common ad sites to 127.0.0.1 so they don't load at all.


Oh yeah, and you can make sites like lemonparty redirect there....and various rickroll sites... You can never be to certain of what people will try to send you.


"You can't be something your not,
Be yourself by yourself
Stay away from me" ~Walk, Pantera

"Playing an acoustic guitar is like having sex with your clothes on" ~Dave Mustaine
p4plus2@hotmail.com
Author

RE: I totally forgot

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 08-07-09 15:15
Folk Theory wrote:
i use this to redirect the common ad sites to 127.0.0.1 so they don't load at all.


Ooh, smart. Why don't popup blockers incorporate this?


Wisdom spared is wisdom squared.
Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-07-09 18:12
Yeah but you would still have to have access to the box. I guess if you have remote access to the box it would work. That or its your boss at works computer or some bs like that.


Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-07-09 22:37
S1L3NTKn1GhT wrote:
Yeah but you would still have to have access to the box. I guess if you have remote access to the box it would work. That or its your boss at works computer or some bs like that.



Or like they have stated, you can package it into a legit program so you play off the stupidity of the target/s. Sounds to me like you think in a straight line and don't even get close to getting outside the box. Try thinking of new ways to do things and I promise you it'll help in the future.

Note ~ Not trying to flame you, more of constructive criticism.
Author

RE: I totally forgot


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-09 00:43
Zenrith wrote:
S1L3NTKn1GhT wrote:
Yeah but you would still have to have access to the box. I guess if you have remote access to the box it would work. That or its your boss at works computer or some bs like that.



Or like they have stated, you can package it into a legit program so you play off the stupidity of the target/s. Sounds to me like you think in a straight line and don't even get close to getting outside the box. Try thinking of new ways to do things and I promise you it'll help in the future.

Note ~ Not trying to flame you, more of constructive criticism.



I think outside when i have to. The way he worded it though sounded like he was just wanting to change it locally on his own system or something for fun.