Local DNS Hacking

Force your End Users to use “your site”

OK OK, this is not real hacking but it’s fun 🙂 As well as there are some attack types, where the browser is been hijacked so the User can’t go to some specific web pages or the user will be forced to open that page as soon as they use they Internet browser, where the user will be directed to the FAKE/ phishing web page or malware loaded local site)

By default, when a Windows PC User tries to open a website from a browser, Windows will try to resolve the website name to its IP address from the local DNS cache.

The local cache is stored :

C:\Windows\System32\drivers\etc\hosts

If this fails, it will query the host file and if there is no entry to the website there , then it will contact the DNS server which is set up in your NIC (Network Card) .

If there is any entry in the local cache , the PC will load or block that site depending on your settings. To make sure there is nothing in the DNS cache, you have to clear it so the little fun trick can work on your “victim” user or if you can :

open CMD and type “ipconfig /flushdns” or restart the DNS service from the services tab.

Open the file via typing “C:\Windows\System32\drivers\etc\hosts” in to the search area in your start menu

This will open the HOST File for you ( it will ask you, how you want to open the file type, select via NOTEPAD) , which is inside the “etc” section of your drivers

add an entry as below:

127.0.0.1 domainname.com

(domainname.com being the website you want to block. Save the hosts file outside the etc folder and then move it there, replacing the older version, as Windows won’t let you save the file there directly. Also make sure there’s no extension like .txt at the end of the file name) 

This way whenever a user tries to go to anything.domainname.com, their browser redirects them to 127.0.0.1 which is the local host. Or maybe you can redirect them to an HTML page stating the reason why that page is blocked from within your organization.

PS: It’s always a good practice to “copy the original” HOST file, so when the FUN is over, everything can be loaded to its original state.

Enjoy 🙂

Erdal

Hacking is easy by Erdal Ozkaya
Hacking is easy by Erdal Ozkaya

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Rocheston Reinvent Cybersecurity Conference Dr ozkaya

Rocheston Reinvent Cybersecurity Conference 2020 Free to join

Rocheston Reinvent Cybersecurity Conference Every crises has an opportunity. If we look at COVID 19 all those conferences which I was... read more
trusted operating system

E-Mail Crimes and Violations – 1

E-Mail Crimes and Violations This post is written to give you a brief intro about E-Mail Crimes and Violations and how the leakage could... read more
Marshall University Cybersecurity Erdal

Text Book at Marshall University (2019) Important step in our journey

Text Book at Marshall University I can not describe how proud I feel when I receive good news like this ones. After... read more
Jay Bavisi Erdal Ozkaya AWARD

EC Council Circle of Excellence (2012) Great moment for Erdal :)

EC-Council Circle of Excellence Award 2012 awarded to Erdal Ozkaya Miami, Florida, USA (29 October 2012) Erdal Ozkaya has been awarded with two... read more
The Art of Cyber Defense by Erdal Ozkaya

The Art of Cyber Defense – Free Video Training 7

The Art of Cyber Defense If you want to learn how to defend your infrastructure against hackers , this session may... read more
AMEX Statement Security

AMEX Statement Security – Worse 2 see

AMEX Statement Security AMEX  ( American Express) States that “Security is their Priority), and I do respect that, and to be... read more
Erdal Ozkaya in the News

TOP 10 BOOKS ON CYBERSECURITY YOU MUST READ IN 2020

TOP 10 BOOKS ON CYBERSECURITY YOU MUST READ IN 2020 Our Book " Cybersecurity Attack and Defense Strategies " has been... read more
Red Team Security Dr Erdal Ozkaya

Red Team Security Summit – 21 Join us for FREE

Red Team Security Summit Join us in the "surprisingly informal and slightly unexpected" security conference for FREE. 2 Days, 5 Workshops ,... read more

Get Certified for FREE at GITEX 2015 Dubai

  If you are joining GITEX in Dubai then don't miss out this opportunity to get certified for FREE... read more
EC Council Master Class Erdal Ozkaya

EC Council Master Class Event 2020

EC Council Master Class Event Cloud Security – Migration & Security Concerns EC Council is hosting a Cloud Security summit ,... read more