DNS is nothing but the “Domain Name Systems “or “Domain name Service”
This domain name service is mainly used in the windows machines resolve the ip address of the url. When ever you type an existing or valid URL into ur browser, it will first look for the primary DNS if the system to that particular host which is also present in the same locality.
In turn if the primary DNS fails then the host will try to communicate with the secondary DNS server on the internet.once it is being cought then it resolves the DNS into a FULLY QUALIFIED DOMAIN NAME(FQDN) which is in the form of human readable domain.
into its equivalent IP adress which can be easily understood by machines. Not only that those DNS are also being updated by the machines for the future user so that there is no need to contact the secondary DNS next time
into its equivalent IP adress which can be easily understood by machines. Not only that those DNS are also being updated by the machines for the future user so that there is no need to contact the secondary DNS next time
This phenomenon can be used in a right way for an awesome hack
The name of this trick is DNS poisoning in windows machines
just move on to the following location
C:\WINDOWS\system32\drivers\etc\hosts
An open with dialog box prompts to choose u the right application to run the above given directory like this….
From the above above figure select notepad
You will be getting a wondow like this
On the last line you can see somw details of DNS
127.0.0.1 localhost
127.0.0.1 localhost
Here 127.0.0.1 is the loopback dotted deciaml IP address of each individual machine, where thee local host is the equivalent human readable domain name. So what happens once you type \\localhost in the URL box of the internet explorer or any browser? It will contact the DNS which is actually the host file, then it will open up the locahost window, instead you can type \\127.0.0.1 in the URL box, which does the same opertaion.
Here comes the trick where you can use this to poison DNS and redirect the victims to some other website. So here I clearly describe you that assume when u type ‘www.facebook.com’ and it just re-directs to the ‘www.orkut.com’. it is the main underlying concept odf this DNS poisoning.
So when you open your localhost file then just obtain the ip of orkut.com by pinging or nslookup. then copy and paste the IP address of orkut.com in the hosts file that you recently have opened with a notepad, but make sure that you are supposed to paste it in a new line, then leave a space (CRLF – Carriage Return Line Feed) and type www.facebook.com (the site to be re-directed by poisoning), then close the hosts file,and save the changes as it prompts you.
Restart your browser and the type www.orkut.com in the URL which is poisoned to www.facebook.com and yes here it works….
here is the small video tutorial about how a DNS works...
CAUTION: with the help of this DNS poisoning technique we could simply re-directe a webdit to its equivalent phish-wbsite to undergo attacks…
NOTE: all the contents posted in this blog are one and only for informative and educational purposes. No one is responsible for any sort of nasty happenings.
No comments:
Post a Comment