Local DNS Hacking

Fun: Force your End Users to use “your site” (local DNS “hacking”)

OK OK, this is not real hacking but it’s fun 🙂 As well as there are some attack types, where the browser is been hijacked so the User can’t go to some specific web pages or the user will be forced to open that page as soon as they use they Internet browser, where the user will be directed to the FAKE/ phishing web page or malware loaded local site)

By default, when a Windows PC User tries to open a website from a browser, Windows will try to resolve the website name to its IP address from the local DNS cache.

The local cache is stored :

C:\Windows\System32\drivers\etc\hosts

If this fails, it will query the host file and if there is no entry to the website there , then it will contact the DNS server which is set up in your NIC (Network Card) .

If there is any entry in the local cache , the PC will load or block that site depending on your settings. To make sure there is nothing in the DNS cache, you have to clear it so the little fun trick can work on your “victim” user or if you can :

open CMD and type “ipconfig /flushdns” or restart the DNS service from the services tab.

Open the file via typing “C:\Windows\System32\drivers\etc\hosts” in to the search area in your start menu

This will open the HOST File for you ( it will ask you, how you want to open the file type, select via NOTEPAD) , which is inside the “etc” section of your drivers

add an entry as below:

127.0.0.1 domainname.com

(domainname.com being the website you want to block. Save the hosts file outside the etc folder and then move it there, replacing the older version, as Windows won’t let you save the file there directly. Also make sure there’s no extension like .txt at the end of the file name)

This way whenever a user tries to go to anything.domainname.com, their browser redirects them to 127.0.0.1 which is the local host. Or maybe you can redirect them to an HTML page stating the reason why that page is blocked from within your organization.

PS: It’s always a good practice to “copy the original” HOST file, so when the FUN is over, everything can be loaded to its original state.

Enjoy 🙂

More How to blogs 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Attack Surface Reduction

Applying Attack Surface Reduction – 1

Applying Attack Surface Reduction First some definitions/terminologies so that we all know what we are talking about Threat Actor: A threat actor... read more

6 Strategies that security leaders must take to safeguard data

Six Strategies that security leaders must take to safeguard data in storage and backup systems The what, why, and how of... read more
Net Stat for Security professionals

Netstat for Security Professionals -2021

Netstat for Security Professionals This article was originally posted in 2012, right after my Microsoft TechEd New Zealand session, Updates on... read more
Does Apple spy on iPhone ?

Apple and Privacy

Apple and Privacy Does really Apple cares about your privacy, as they advertise heavily or is this what they want us... read more
Zombies in Social Networks Erdal Ozkaya

Zombies in Social Networks – watch 4 Free

Zombies in Social Networks We have arrived in a time where social networks have become an essential part of our lives.... read more
mark simos

Mark Simos Resource List – Absolutely 4 Free

Mark Simos , a Chief Security Advisor at Microsoft and a great friend of mine recently shared a very useful... read more
Network Security

DIFFERENCES BETWEEN EDR AND SIEM?

DIFFERENCES BETWEEN EDR AND SIEM? Nowadays, cybercriminals use sophisticated and complex strategies to infiltrate a network. That is the reason why... read more

Don’t let Hackers steal your password 2

It’s not a secret anymore, Hackers know our passwords.  551,509,767 real-world passwords previously exposed in data breaches. Are you one... read more
VMware error

VMware error ” Unable to open kernel device “\\.\VMCIDev\VMX ” – S1mple & Effective

VMware error " Unable to open kernel device "\\.\VMCIDev\VMX "   Are you getting the bellow error and don't know how to... read more

Local DNS Hacking : Force your End Users to use “your site” Laugh at mates 1

Local DNS Hacking Force your End Users to use “your site” OK OK, this is not real hacking but it’s fun :) As well... read more