desktop phishing

All posts tagged desktop phishing

Note: This is for educative purposes only.

Have you ever read “Life on Earth” by David Attenborough. It’s a very nice book about the evolution of animals. What is evolution? Wikipedia defines it as the “change in the inherited characteristics of biological populations over successive generations”. Why are we talking about evolution now. Because personally I feel Desktop phishing is an evolution over Phishing. It evolved to overcome the disadvantages in phishing. Let’s see how.

The process in desktop phishing is same as in phishing. The only difference is in the method of uploading our phishing files. Whereas in phishing we upload our files to an external server, in desktop phishing we upload our files to the server on our desktop. Why? Because there are three disadvantages in the former  method.

One, however hard we may try the url always looks suspicious.

dphish1

 

Two, modern day browsers are capable of  detecting phishing sites.

dpish2

 

Three, as soon as the webhosting provider detects that you hosted a phishing site, he will suspend your account. This will most likely happen within 24 hours. Desktop phishing overcomes all these defects. So now, let’s see how to hack a Facebook account with desktop phishing.As already told, this process is same as phishing, until the creation of phishing files which you can find  here. Now Install Wamp Server on your windows machine. To see what wampserver is and how to install it, click here. Next, install a VPN on your system to keep your IP static. See here. We are going to host our phishing files on our desktop and redirect the victim to our site.

Now copy our phishing files to the folder C:/wamp/www. This is the root directory of the wamp server.

dpish3

Here is the script of the “phish.php” we used.

dphish3a

 

Go to folder “C:/wamp/bin/apache/Apache 2.4.4/conf” and make changes to the ‘httpd.conf’ file as below. These changes give permission to external users to access your fake website.

dpish4

 

Start your wamp server, open your browser and type localhost” in the url to see if your phishing site is working. Then open Notepad and create a batch file as shown below.We need to send this file to the victim machine and make him execute it. See how? Make sure you replace the IP address below with one assigned by VPN.

dpish5

 

What the above script does is it changes the hosts file in the victim’s system to redirect to your fake website when user tries to access Facebook. Now, what is hosts file?

Hosts file is a text file located in the folder “C:/windows/system32/drivers/etc” which resolves IP addresses associated with domain names.

dpish6

 

Usually when we try to vist any website say www.google.com our system sends a query for it’s IP address to the DNS server. When we make an entry in the hosts file of our computer, the query is not sent to the DNS server. When the victim clicks on the executable sent by us,it changes the hosts file like below.

dpish7

 

Now when victim types “www.facebook.com” in his browser, he is redirected to our wamp server. Notice that the url looks completely genuine and the browser didn’t detect it as a phishing site.

dpish8

When the unsuspecting victim enters his credentials,

dpish9

 

a text file called pass .txt is created in the www directory.

dpish10

Open the file and we can see the credentials.

dpish11