I totally forgot

I'm looking for a feature (or file rather) on Windows that allows you to automatically redirect a local user when they visit a certain domain.

For example:

You open the text file (I believe its located in the windows directory). Then you add a domain name/IP as well as the domain/IP to direct it to, in the following syntax:

www.google.com www.hellboundhackers.org

Upon visiting Google, you would be redirected to HBH.

I read an article on this about a year ago and never got a full understanding of this (hence why I can't remember the terms used, how its done, etc)

Any help / comments / links regarding this would be exorbitantly appreciated.

It is called your hosts file, it is located in WINDOWS\system32\drivers\etc\ in windows and most of the times in linux in /etc/hosts. Adding things go like

www.google.com www.hellboundhackers.org

With ettercap you can do dns spoofs to let it work for the entire subnet ;) see this: http://openmaniak.com/ettercap_filter.php for more information on that

T'is exactly what I was looking for, Thanks.

But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. :p

S1L3NTKn1GhT wrote: But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. :p

Do tell us, how many years of network administration experience do you have?

S1L3NTKn1GhT wrote: But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. :p

You could make a package that replaces the hosts file like this:

paypal.com  phishingsite.com

Then if the user runs your package (thinking it is something else or if you bundle it with something else), and they go to paypal they will really be at your phishing site even though paypal.com is where your browser says they are. Then when they try logging in, well you should get the idea by now :P.

If I remember correctly this is called desktop phinishing.

S1L3NTKn1GhT wrote: But why would you want to change it only locally? Sounds like a pain in the ass too me. Though ettercap is fun. :p It can be quite usefull for pointing to things like fileserver at 10.0.0.106 and intranet site at 10.0.0.104 router at 10.0.0.101 etc etc, one day you will be happy it is there.

You can also take a look at this video: http://milw0rm.com/video/watch.php?id=101 where they came up with 1 scenario how to abuse this file. Of course there are tons of scenario's how to abuse this file but its just to give you an idea, in linux this file is only writable for root. In windows vista it will tell you access denied, unless you edit it as administrator. (Or the program has admin rights, untested with binding something to a program that has to be run with admin rights, should work i think). If a windows xp user is changing it it also has to be administrator, if the current logged in user is has administrator rights it will be able to change the file but still, a good firewall will notify this. In the video there also is another big problem, the phisher is engaged through http, who did ever saw a paypal process going over http? If the attacker would have used https then firefox would have moaned.

oh lol we kinda double posted, i had phone in the meanwhile =D

i use this to redirect the common ad sites to 127.0.0.1 so they don't load at all.

Folk Theory wrote: i use this to redirect the common ad sites to 127.0.0.1 so they don't load at all.

Oh yeah, and you can make sites like lemonparty redirect there….and various rickroll sites… You can never be to certain of what people will try to send you.

Folk Theory wrote: i use this to redirect the common ad sites to 127.0.0.1 so they don't load at all.

Ooh, smart. Why don't popup blockers incorporate this?

Yeah but you would still have to have access to the box. I guess if you have remote access to the box it would work. That or its your boss at works computer or some bs like that.

S1L3NTKn1GhT wrote: Yeah but you would still have to have access to the box. I guess if you have remote access to the box it would work. That or its your boss at works computer or some bs like that.

Or like they have stated, you can package it into a legit program so you play off the stupidity of the target/s. Sounds to me like you think in a straight line and don't even get close to getting outside the box. Try thinking of new ways to do things and I promise you it'll help in the future.

Note ~ Not trying to flame you, more of constructive criticism.

Zenrith wrote: [quote]S1L3NTKn1GhT wrote: Yeah but you would still have to have access to the box. I guess if you have remote access to the box it would work. That or its your boss at works computer or some bs like that.

Or like they have stated, you can package it into a legit program so you play off the stupidity of the target/s. Sounds to me like you think in a straight line and don't even get close to getting outside the box. Try thinking of new ways to do things and I promise you it'll help in the future.

Note ~ Not trying to flame you, more of constructive criticism.[/quote]

I think outside when i have to. The way he worded it though sounded like he was just wanting to change it locally on his own system or something for fun.