DNS poisoning method commonly used by hackers

DNS poisoning is a method by which hackers took control impression that certain sites known or not.
DNS is the protocol that makes lagatura between the domain name and IP address for any website in the world that has one or more IP addresses.
When we type "google.com" in our browser, our computer has three options for finding the address or IP addresses for "google.com".
1.Prima option-hosts file in C :/ windows / system32 / drivers / etc / hosts
2. The second option - private DNS (server, router)
3. The third option - Public DNS servers (OpenDNS, Google DNS)
No matter where you find the IP address for "google.com", our computer stops and no longer consults the other options. For example, if it finds the IP address for "google.com" in the hosts file, it no longer goes to the private or public DNS to confirm the validity of this address.
Thus we can to fool PC, we can tell him anything, he will believe anything found in the hosts file.
Careful.
These are safety tips designed to help in prevention, do not use the information in this tutorial malicious purposes.


 


Related Tutorials


About Cristian Cismaru

I like everything related to IT&C, I like to share the experience and information I accumulate every day.
Learn as you learn!

Comments

  1. Hello, Cristi!
    GREAT TOOLS: I also want a continuation with the tutorial about Tronsmart MK908, namely about how it behaves in the case of 1080p (even 720p) mkv files. And I'm not referring to 1 -2 gb movies, as they are "offered" on the net, but the normal ones of 4,37 - 8 gb, etc. I am also VERY interested in running the XBMC on Android Boxes on the market, given that hardware acceleration is needed. Many android box sticks and minipcs are announced on their official pages that they would have "pre-installed" the XBMC, that it breaks, that it plays with large mkvs and in reality you only watch avi or divx because they lead the hardware acceleration with brio ”. I know that XBMC Frodo android versions have appeared or I know what, dedicated to android platforms and without much need for hardware resources. I think such a tutorial would be useful, especially for those who use this platform.
    Thank you.

  2. Okay, what I heard today I no longer have any confidence in the Google DNS or OpenDNS and.

  3. Cristi, we can protect the file read-only function activated hotst.

  4. This is what happened with Google some time ago if I'm not wrong this year. When you enter Google Mira appear that pahina TV and a message. It was like some hacheri vb Moroccan Arabs.

  5. Costelina said

    yes sir well see in the windows host file you say, but how you say Linux or other OS freee
    In my opinion that comes free has disadvantages for that to mean if you realize (and with your help we'll give) as the PC changed something and usually something important (as in this case) and do complaint
    software with because we changed in our pc.atunci malicious people there tell us what you want fries free Domain is not what you want.
    all respect for Linux and other free systems no offense but who made them more concrete meaning
    in case something goes awry whom we weep?
    I had a hunch about something eg download a pirated windows and May and install
    and of course it comes ,, no ,, prearranged antivirus mother does not find anything.
    that's why it's good that fired a warning
    thank Cristi

  6. MisuCristi, we can protect the file read-only function activated hotst.

    He is protected if you noticed I edited with admin rights. Unfortunately all Windows users are admins and grant rights to all applications, regardless of their origin.

  7. CostelinaYes sir well see in the windows saying the file host, but in linux like saying or other OS freee my opinion that comes free has disadvantages for that to mean if you realize (and with your help we'll give ) that the PC has changed something and usually something important (as in this case) and make a complaint to the software because we changed in our pc.atunci malicious people there tell us what you want fries Domain what you want is not free. all respect for Linux and other free systems no offense but who made them more concrete meaning in case something goes awry whom we weep? I had a hunch about something eg download a pirated windows and May and of course install and it comes ,, no ,, prearranged antivirus mother does not find anything. that's why it's good that sounded the alarm to thank Cristi

    Any system has a file hosts, including Linux distributions, including Android.

  8. How does computer and binary code would be interesting to know pretty fair
    THANK YOU <3

  9. Duallpannel said

    If you had tested the application, don't "sting" me anymore. It doesn't change Dns automatically, but it lets you choose, it doesn't use unknown but very well-known Dns remove and add others [I for example added RO - RCS-RDS 193.231.236.25
    193.231.236.30] can including test these DNS [benchmark] supports including IPv6, you can choose whose adapter to alter the DNS [sal can change at any adapters or just one]. etc. The folks at Softpedia give it 5 5 star. Test has 520 Kb and is portable, can use a sati.

  10. LA ME look like should I worry? everything is okay? # BitDefender has clean hosts file

    127.0.0.1 localhost

    #Original Code from this file
    # # Copyright (c) Microsoft Corp. 1993-2009.
    #: #
    # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
    #: #
    # # This file contains the mappings of IP addresses to host names. Each
    # # Entry Should Be Kept on an individual line. The IP address SHOULD
    # # Placed in the first column be FOLLOWED by the Corresponding host name.
    # # The IP address and the host name SHOULD be separated by at Least One
    # # Space.
    #: #
    # # Additionally, comments (Such as These) May be Inserted on individual
    #: # lines or following the machine name denoted by a '#' symbol.
    #: #
    # # For example:
    #: #
    # # # Source server rhino.acme.com 102.54.94.97
    # # # X client host x.acme.com 38.25.63.10
    # # Localhost name resolution is DNS Handled Within Itself.
    #:# 127.0.0.1 localhost
    #:# ::1 localhost
    #: 127.0.0.1 mpa.one.microsoft.com

  11. # BitDefender has clean hosts file

    127.0.0.1 localhost

    #Original Code from this file
    # # Copyright (c) Microsoft Corp. 1993-2009.
    #: #
    # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
    #: #
    # # This file contains the mappings of IP addresses to host names. Each
    # # Entry Should Be Kept on an individual line. The IP address SHOULD
    # # Placed in the first column be FOLLOWED by the Corresponding host name.
    # # The IP address and the host name SHOULD be separated by at Least One
    # # Space.
    #: #
    # # Additionally, comments (Such as These) May be Inserted on individual
    #: # lines or following the machine name denoted by a '#' symbol.
    #: #
    # # For example:
    #: #
    # # # Source server rhino.acme.com 102.54.94.97
    # # # X client host x.acme.com 38.25.63.10
    # # Localhost name resolution is DNS Handled Within Itself.
    #:# 127.0.0.1 localhost
    #:# ::1 localhost
    #: 127.0.0.1 mpa.one.microsoft.com

  12. mircea85 said

    Hi Cristi, if you can make that tutorial on how it works and how thinking a binary code computer.
    Many thanks .Ar be a very interesting tutorial .Multumesc again.

  13. hello Christ. tutorial https://videotutorial.ro/cel-mai-rapid-dispozitiv-de-stocare-extern-ssd-pe-un-rack-usb-3-0-tutorial-video/ you said something about improving the performance of your hard drive for the operating system. the question is will you do another such tutorial? I think it's a very useful tutorial.
    Thank you.

  14. marcghi said

    127.0.0.1 validation.sls.microsoft.com

    this line is only active hosts, what does that mean?

    • Windows XP is the baseline for the next
      127.0.0.1 localhost

      for Windows 7
      # Localhost 127.0.0.1
      Localhost # :: 1

      any other values ​​are not normal

  15. Cristi Zarafin said

    I would like to know where I can download the file original host

  16. marcghi: 127.0.0.1 validation.sls.microsoft.com

    this line is only active hosts, what does that mean?

    You probably pirated windows.

  17. Cristi Zarafin: I would like to know where I can download the file original host :D . I played through it and now I do not know what it was. If I could have I would be grateful ajua :) . Thank you!

    Make it as was mine before changes in tutorial.

  18. Rusu: Hello Christ. tutorial https://videotutorial.ro/cel-mai-rapid-dispozitiv-de-stocare-extern-ssd-pe-un-rack-usb-3-0-tutorial-video/ You said something about improving the performance of your hard disk for the operating system. The question is ... will never do such a tutorial? I think it's a very useful tutorial. Thank you.

    I did a tutorial with Intel Smart Response technology that allows you to install Windows on the hard disk and use the SSD for cache.
    Search for “intel smart response”

  19. mircea85: SalutCristi, if you can do that tutorial about how it works and how thinking about a binary code computer. Many thanks .Ar be a very interesting tutorial .Multumesc again.

    It may be interesting to 10%, the rest will be bored to death.
    I'll try to make it more "commercial", maybe it will catch.

    • I believe that stains 50% of users would be interested in binary code !!!

    • George said

      I would also be interested in something like that. And a tutorial on components would be interesting. A "boring" technical tutorial on processor architecture, differences and similarities for example between amd, intel and cortex arm processors. I know it will be a tutorial long but interesting. And let's not forget the RAM, manufacturing technology, etc. etc. Dear!

  20. Cristi Zarafin said

    Cristian Cismaru: Make it as was mine before changes in tutorial.

    Okay. That's what I did now, but there's a problem. When I press ¨save¨ (not ¨save as… ¨) it appears to me as if I had pressed ¨save as… ¨ and it is saved in ¨.txt¨ format. What to do in this case?

  21. Duallpannel: If you had tested the application, don't "sting" me anymore. It doesn't change Dns automatically but lets you choose, it doesn't use unknown but very well known Dns remove and add others [I for example added RO - RCS-RDS 193.231.236.25 193.231.236.30] you can even test these DNS [benchmark] also supports IPv6, you can choose which adapter to change its DNS [you can save change to all adapters or only to one]. etc. The ones from Softpedia give it 5 stars out of 5. Test it, it has 520 Kb and it is portable, you can use it.

    I have not stung anyone, I say just be careful.
    The choices are yours.

  22. Cristi ZarafinOk. That's what I do now, but a problem arises. I give Save (not Save As ... ¨) appears to me as though I clicked on Save As ... ¨ and I saved in .txt format. What to do in this case?

    But is the hosts file saved?
    That and rescuing. txt is probably related to how the notepad, he saves. txt base, that in addition to ASCII file.

  23. Cristi Zarafin said

    Cristian Cismaru: But the file "hosts" is saved? That and rescuing. txt is probably related to how the notepad, he saves. txt base, that in addition to ASCII file.

    The host file was modified by me earlier. Then we do not encounter this problem. But now, watching the tutorial, I made my way to it again and I would like to bring it back to its original state… So yes, it is saved… If you can't help me, I will search the internet for the original file 😉

  24. Cristi Zarafin said

    Cristi Zarafin: Host file is modified by me earlier. Then do not welcome this problem. But now, watching the tutorial I made my way over to him again and I want to bring it in original condition ... So yes, it is saved ... If you can not help me, I'm looking for original file internet

    No need, I solved the problem

  25. Iulian said

    Hello, I have a question, there are several ways you can leave a message ???

    because this method did not understand it too well

  26. By modifying the hosts file can be blocked ads and damaging some pages winhelp2002.mvps.org/hosts.htm

  27. Very good tutorial, I check occasionally to make sure the host file I hacker in pc

  28. At one laptop does not allow him to go on youtube and google. If you stop firewall directs it to another page. I installed Malwarebytes but only block access to that page and still can not Accessa google. what to do?

  29. I stick "Maxell" The 16GB, but my computer only sees 14.9GB:http://s11.postimg.org/xryrajygz/untitled.jpg
    How come I do not see 16GB ???

    • .I think it's normal, on my 4 stick it shows me 3.78 and on the 8 card it shows me 7.44.16 GB at the end it can't show you, but if you've ever shown yourself 15. and something you can try you partition your stick. Search the site for a tutorial on such a thing. You can format it and do it NTFS or format it and do it again FAT32 and see if it sees you. type in the search box on "Partitioning" site and you will find a lot of tutorials.

  30. Costelina said

    ionut: When someone laptop does not allow him to go on youtube and google. If you stop firewall directs it to another page. I installed Malwarebytes but only block access to that page and still can not Accessa google. what to do?

    install the operating system again
    then who uses your PC not to stay logged in as admin
    from what you wrote user was not aware of what he did

  31. Anderson said

    Hi Cristi, I have a problem that still persists see, I wrote a comm I said earlier that I have a problem with a black 640gb wdc hdd, which made Current Pending Sector Warning 365 and went hard dAbeau I managed to copy I had him only 1 kb / s went after format was OK 4 36 weeks after Iara Warning and gave low Iara format, and after I turned it on just so cold only wireless sata power connector and when it starts making Replace clrr crrr after he begins to shut crrr crrr crrr CRR as data access and cable when it is made and are making crrr crrrrr bios in one what to do to go to guarantee it? That'll give me some shit Refreshbied. Too bad for him that was good and platters 640 2 320gb well they are 160 gb gb x4 was too good. CRR CRR take one but looks OK and has 6 SMART sub sectors 500ms. It plied this is the second one that I happen to fot this green and black. What do you recommend Seagate Cristi ST31000DM003 to take?

  32. Hi Cristi, I have a problem with internetul.Nu can view some videos on youtube (usually formal ones) or I download some files (. Exe). If you open the youtube link videoclipulul with VLC (CTRL + N) you can see (with some interruptions), most files that I can not go with BitComet download browser. What do you recommend?

  33. it would be useful to increase the stream a little, to see something without 'full mode'! i.imgur.com/yWiZIlT.png

  34. hello cristi, I have this value in windows 7 127.0.0.1 validation.sls.microsoft.com …… I tried to delete it… but it doesn't work… what can be done? thanks a lot.

  35. Cristian Cismaru can you explain this problem to me, kaspersky sometimes informs me about: kernel mode memory pach - it is possible to be used as a PDM.Keylogger ,,, what is kernel mode memory pach ????

    • Serban said

      A google search you find this: http://support.kaspersky.com/6446
      “What should I do if I suspect that the kernel mode memory patch process is malicious”
      If you suspect the process is malicious, Perform the Following Actions:
      Run the anti-virus databases update.
      Run full scan your computer.
      Once the scan is complete, export scan report to a file.
      Create a request to Kaspersky Lab Technical Support via the My Kaspersky Account service. Describe your issue in all details and attach the created report file to the request.
      The conclusion is: "The biggest virus is the antivirus"!

  36. that you have presented is ok for those with static ip but what do those with dynamic ip?

  37. I mean the site that will redirect you always will have another router ip if we allocate each time another ip

  38. very interesting tutorial, expect more!

  39. Costelina said

    Serban: On a search on google you find this: http://support.kaspersky.com/6446 "What should I do if I suspect That the kernel mode memory patch process is malicious" If you suspect the process is malicious, Perform the Following Actions: Run the anti-virus databases update. Run full scan your computer. Once the scan is complete, export scan report to a file. Create a request to Kaspersky Lab Technical Support via the My Kaspersky Account service. Describe your issue in all details and attach the created report file to the request. The conclusion is: "The biggest virus is antivirus'!

    not so
    sit without antivirus is dangerous
    if you have antivirus and PC started to virus when you've got to do is to format the whole harddisk
    and this without quck (format NTFS) after that install clean operating system
    Speaking of people that will not buy ssd instead of hdd if you still buy something new
    Christ made tutorials so (performance, differences)

  40. A tutorial on creating / setting up a public DNS?

  41. Costelina said

    alex: I mean that site that will redirect you always will have another router ip if we allocate each time another ip

    did not get the ip change is you ok?
    and if we think it's better to have dynamic ip (this is for security)

  42. Interesting tutorial, would be well to do like this, people should know how it goes.

  43. mmg1818 said

    Interesting tutorial

  44. Hello Cristi watching your tutorials for a long time and I like, are very bune.Te ask if you can do a tutorial on Support for files. Dll which occupies ditch as up and that is their role.

    THANK YOU

    PS If you can talk about your legal cracks a bit

  45. Hello Cristi! My name is Viorel and I have a question about videotutorialul: DNS poisoning, if you do like this can happen? 127.0.0.1 windows \ system32 it directs everything to my Systema? How can I protect my PC from cyber? Thank you!

  46. in my host file as Christ's exanc tutorial

  47. CostelinaYes sir well see in the windows saying the file host, but in linux like saying or other OS freee my opinion that comes free has disadvantages for that to mean if you realize (and with your help we'll give ) that the PC has changed something and usually something important (as in this case) and make a complaint to the software because we changed in our pc.atunci malicious people there tell us what you want fries Domain what you want is not free. all respect for Linux and other free systems no offense but who made them more concrete meaning in case something goes awry whom we weep? I had a hunch about something eg download a pirated windows and May and of course install and it comes ,, no ,, prearranged antivirus mother does not find anything. that's why it's good that sounded the alarm to thank Cristi

    This thing is a long time buddy, if you've only just now realized that it is better now than never. When I said to many people that can change an operating system and can put the torrents, DC + + and other junk laughing, well hostu thing is a lie, anyway you can do a lot more.

    Self Zendy.
    PS
    You better buy the win, and you will see that it updates both the drivers and any device you connect, and only 😉 they have no idea how much an original product means, they are satisfied with the copy that is modified by to an "x" who doesn't know what his intentions are… Hello.

  48. axelluny said

    nutzu: I think spots 50% of users would be interested in binary code!

    I don't think so, because nowadays you really learn about this in the 9th grade. If you search on google, the net is full of the binary system (base 2)… it is more complicated instead with the hexadecimal one (base 16).

  49. axelluny said

    sss: La me in file host e exanc as at Cristi in tutorial

    This means that not connect to computer do not know what has changed but the host who wants to visit you will have to "move" in the first instance he keeps both gates Dos.Sunt door allowing access the computer that needs to get used to ideea.Astăzi close all programs before you install / uninstall will connect to their server, so that only a firewall can reveal. Microsoft and intelligence enter as many times in the net.Să and I do not think Linux is evadarea.Cei who know things really valuable, are often technically complicated and the terms and does not waste time trying to make them înţeleşi.Pentru time is money and we who come and discuss on various IT-profile sites try to keep afloat at all.

  50. I did that tutorial, I experienced all sorts of redirections but do not know what happened that after I deleted that and added 127.0.0.1 http://www.google.ro (I managed to do and that with YOU ARE HACKED), still not recovered, now I write all my google.ro that occurs with YOU ARE HACKED, I visited again host and is pure, whatever I add is deleted but that does not disappear with YOU ARE HACKED I write google.ro. I guess it's because I ran too fast other redirections, save, test, delete and add others and so on.

    What to do to go google.ro?? I made and restart the computer but it still does not recover. Cristi what you think, if I delete apache recovers??

    thank you in advance

  51. Hi, please help me too. I have in the file windows / sys32 / drivers / etc I have this: Imhosts.sam and hosts.old… I don't understand why I have this
    Hosts.old contains:
    # Copyright (c) Microsoft Corp. 1993-1999.
    #
    # This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # Entry Should Be Kept on an individual line. The IP address SHOULD
    # Placed in the first column BE FOLLOWED by the Corresponding host name.
    # The IP address and the host name SHOULD be separated by at Least One
    # Space.
    #
    # Additionally, comments (Such as These) May be Inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    Rhino.acme.com # source server # 102.54.94.97
    # # X client host x.acme.com 38.25.63.10

    127.0.0.1 localhost
    why locallhost is no hash?

    Imhosts.sam contains:
    # Copyright (c) Microsoft Corp. 1993-1999.
    #
    # This is a sample LMHOSTS file used by the Microsoft TCP / IP for Windows.
    #
    # This file contains the mappings of IP addresses to computernames
    # (NetBIOS) names. Each entry Should Be Kept on an individual line.
    # The IP address Should Be Placed in the first column FOLLOWED by the
    # Corresponding computername. The address and the computername
    # should be separated by at least one space or tab. The “#” character
    Generally # is used to denote the start of a comment (see the exceptions
    # Below).
    #
    # This file is compatible with Microsoft LAN Manager 2.x TCP / IP LMHOSTS
    # Files and offers the Following extensions:
    #
    # # PRE
    # # DOM:
    # # INCLUDE
    # # BEGIN_ALTERNATE
    # # END_ALTERNATE
    # Xnn (non-printing character support)
    #
    # Following any entry in the file with the characters "#PRE" will cause
    # The entry to be preloaded into the name cache. By default, entries are
    # Not preloaded, But is parsed only after dynamic name resolution fails.
    #
    # Following an entry with the "#DOM:" tag will associate the
    # Entry with the domain specified by. This Affects how the
    # Browser and logon services behave in TCP / IP environments. To preload
    Associated with the host name # # DOM entry, it is Necessary to Also add a
    # # PRE to the line. The is always preloaded although it Will not
    # Be Shown When the name cache is viewed.
    #
    # Specifying “#INCLUDE” will force the RFC NetBIOS (NBT)
    # Software to seek the specified and parse it as if it were
    # Local. Generally is a UNC-based name, allowing a
    # Centralized LMHOSTS file to be maintained on a server.
    # It is ALWAYS Necessary to provide a mapping for the IP address of the
    # Server prior to the # INCLUDE. This mapping must use the # PRE directive.
    # In addition the “public” share in the example below must be in the
    # LanManServer list of "NullSessionShares" in order for client machines to
    # Be Able to Successfully read the LMHOSTS file. This key is under
    # \ Machine \ system \ CurrentControlSet \ Services \ lanmanserver \ parameters \ nullsessionshares
    # in the registry. Simply add "public" to the list found there.
    #
    # The # BEGIN_ and # END_ALTERNATE keywords allow multiple # INCLUDE
    # Statements to be Grouped together. Any single Successful include
    # Will cause the group to succeed.
    #
    # Finally, non-printing characters CAN be embedded in mappings by
    # First surrounding the NetBIOS name in Quotations, THEN using the
    # Xnn notation to specify a hex value for a non-printing character.
    #
    # The Following example illustrates all of These extensions:
    #
    # 102.54.94.97 rhino #PRE #DOM: networking #net group's DC
    # 102.54.94.102 “appname x14” #special app server
    # 102.54.94.123 popular # PRE # source server
    # 102.54.94.117 localsrv # PRE # Needed for the include
    #
    # # BEGIN_ALTERNATE
    # # INCLUDE \ \ localsrv \ public \ LMHOSTS
    # # INCLUDE \ \ rhino \ public \ LMHOSTS
    # # END_ALTERNATE
    #
    # In the above example, the "appname" server contains a special
    # character in its name, the "popular" and "localsrv" server names are
    # preloaded, and the "rhino" server name is specified so it can be used
    # to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
    # System is unavailable.
    #
    # Note that the whole file is parsed Including comments on each lookup,
    # So keeping the number of comments to a minimum Will Improve performance.
    # Therefore it is not advisable to simply add LMHOSTS file entries onto the
    # End of this file.
    Please tell me what's wrong. I don't know so well but I also use online payment and others…. I wouldn't want anyone to know my card details or anything. Thank you very much

  52. Hello,
    DNS poisoning can achieve and if anyone has access to WiFi router through a method called Man-In-The-Middle attack method that allows the attacker to redirect the user to a ghost site, to intercept user input on various websites sites, even those that have SSL security (using sslstrip).
    There are utilities that automate this attack vector, making it accessible for everyone, one of them being SET (Social Engineering Toolkit).
    See section 8 of http://oi42.tinypic.com/2potq9e.jpg
    Increase in all you do!

    Respectfully,
    Victor

  53. to me it's all on video so you but I am Acronis ptr bk.ap and so appears 127.0.0.0 and Acronis tru.com after something bad has dezistalat Acronis and is ok please answer uregent on Mayl. ARE good two will follow And I love it. WILL RESPECT

  54. viorica said

    Thank you all very clear to help!
    I look open the hosts file and there was written
    38.25.63.10x. Acme.com client host
    102.54.9497 rhino.acme.com source server
    then under these 127.0.0.1 this I understand is good… but the other addresses I have to delete them right?
    have not been there right?
    please tell me if I should delete them or not

Speak Your Mind

*