Friday, October 11, 2013

H@ck Facebook using Desktop Phishing Method

Desktop Phishing is another type of phishing. in this trick, we changes the Hosts file located in victim's computer and thus h@ck his facebook account. Actually this is an advanced way of phishing. You need to do almost all of the steps in Phishing h@ck. It would be better to read my previous post onhow to h@ck facebook passwords by phishing before reading this.  The advantage of using this trick is that it can increase your probability of sucess. In ordinary Phishing, You will have about 60% success rate but this can have about 95% success rate

Difference between Desktop Phishing and Phishing
1. H@cker forces the victim to go to fake site instead of original site
2. Victim enters his username and password into the phishing page and that can be accessed by the h@cker
3. Victim will be redirected to an error page or original page (depends on creator or h@cker)

 but the limitation for phishing is its success rate is less than 60%. It is difficult to make the victim fall into trap. And an ordinary person with common sense can determine phishing sites by just looking into the address bar.

Desktop phishing
1. H@ckers will send an .exe file (not virus) to the victim. If he accidently clicks it, our job is done.
 2. When the victim enters the original address into address bar, he will be redirected to the phishing page you have created. But the browser will display normal address itself.
3. Done! the victim will enter his details and h@cker will get his details.
4. There is no way for the victim to determine the phishing page. So it will have success rate over 95%

Little About Hosts file

The hosts file is a text file containing domain names and IP address associated with them.
Location : C:\Windows\System32\drivers\etc\, Whenever we visit any website, say , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit , we would be taken to this No query for resolving IP address associated with would be sent to DNS

How to h@ck?

By reading the above passage itself, you may got idea about what to do next
We should add the address of our phishing page and , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.


1.Modify Hosts file.
Copy your hosts file in your pc and paste anywhere. Edit it with any text editor and add your desited original address and the phishing site address to it. For example, for Gmail,
 You should know the Ip adress of the phishing site
add like 
ip address phishing site

 2.Now, add this to archive and make this auto extractable (you can use iexpress for this, go to run-Alt+R and type iexpress. Add the destination folder as  %Windows\System32\drivers\etc\ . Or use your own desired app for this)
3.Now send this to your victim claiming this as antivirus key, game etc


Post a Comment