DNS poisoning is a method by which hackers took control impression that certain sites known or not.
DNS is the protocol that makes lagatura between the domain name and IP address for any website in the world that has one or more IP addresses.
When we type "google.com" in our browser, our computer has three options for finding the address or IP addresses for "google.com".
1.Prima option-hosts file in C :/ windows / system32 / drivers / etc / hosts
2. The second option - private DNS (server, router)
3. The third option - Public DNS servers (OpenDNS, Google DNS)
No matter where you find the IP address for "google.com", our computer stops and no longer consults the other options. For example, if it finds the IP address for "google.com" in the hosts file, it no longer goes to the private or public DNS to confirm the validity of this address.
Thus we can to fool PC, we can tell him anything, he will believe anything found in the hosts file.
Careful.
These are safety tips designed to help in prevention, do not use the information in this tutorial malicious purposes.
DNS poisoning method commonly used by hackers
Last update at February 15 2021 De 60 comments
Related Tutorials
- How to find out if your email and password are hackers
- Out of the desire to become hackers, many users become victims of hackers - video tutorial
- Fear of scaring with viruses and hackers on PC, for friends and relatives
- The fastest way to download drivers
- Rufus, the easiest way to create a bootable USB stick with Windows XP - video tutorial
Hello, Cristi!
GREAT TOOLS: I also want a continuation with the tutorial about Tronsmart MK908, namely about how it behaves in the case of 1080p (even 720p) mkv files. And I'm not referring to 1 -2 gb movies, as they are "offered" on the net, but the normal ones of 4,37 - 8 gb, etc. I am also VERY interested in running the XBMC on Android Boxes on the market, given that hardware acceleration is needed. Many android box sticks and minipcs are announced on their official pages that they would have "pre-installed" the XBMC, that it breaks, that it plays with large mkvs and in reality you only watch avi or divx because they lead the hardware acceleration with brio ”. I know that XBMC Frodo android versions have appeared or I know what, dedicated to android platforms and without much need for hardware resources. I think such a tutorial would be useful, especially for those who use this platform.
Thank you.
Okay, what I heard today I no longer have any confidence in the Google DNS or OpenDNS and.
Try extension Ghostery browser.
Cristi, we can protect the file read-only function activated hotst.
This is what happened with Google some time ago if I'm not wrong this year. When you enter Google Mira appear that pahina TV and a message. It was like some hacheri vb Moroccan Arabs.
yes sir well see in the windows host file you say, but how you say Linux or other OS freee
In my opinion that comes free has disadvantages for that to mean if you realize (and with your help we'll give) as the PC changed something and usually something important (as in this case) and do complaint
software with because we changed in our pc.atunci malicious people there tell us what you want fries free Domain is not what you want.
all respect for Linux and other free systems no offense but who made them more concrete meaning
in case something goes awry whom we weep?
I had a hunch about something eg download a pirated windows and May and install
and of course it comes ,, no ,, prearranged antivirus mother does not find anything.
that's why it's good that fired a warning
thank Cristi
He is protected if you noticed I edited with admin rights. Unfortunately all Windows users are admins and grant rights to all applications, regardless of their origin.
Any system has a file hosts, including Linux distributions, including Android.
How does computer and binary code would be interesting to know pretty fair
THANK YOU <3
If you had tested the application, don't "sting" me anymore. It doesn't change Dns automatically, but it lets you choose, it doesn't use unknown but very well-known Dns remove and add others [I for example added RO - RCS-RDS 193.231.236.25
193.231.236.30] can including test these DNS [benchmark] supports including IPv6, you can choose whose adapter to alter the DNS [sal can change at any adapters or just one]. etc. The folks at Softpedia give it 5 5 star. Test has 520 Kb and is portable, can use a sati.
LA ME look like should I worry? everything is okay? # BitDefender has clean hosts file
127.0.0.1 localhost
#Original Code from this file
# # Copyright (c) Microsoft Corp. 1993-2009.
#: #
# # This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#: #
# # This file contains the mappings of IP addresses to host names. Each
# # Entry Should Be Kept on an individual line. The IP address SHOULD
# # Placed in the first column be FOLLOWED by the Corresponding host name.
# # The IP address and the host name SHOULD be separated by at Least One
# # Space.
#: #
# # Additionally, comments (Such as These) May be Inserted on individual
#: # lines or following the machine name denoted by a '#' symbol.
#: #
# # For example:
#: #
# # # Source server rhino.acme.com 102.54.94.97
# # # X client host x.acme.com 38.25.63.10
# # Localhost name resolution is DNS Handled Within Itself.
#:# 127.0.0.1 localhost
#:# ::1 localhost
#: 127.0.0.1 mpa.one.microsoft.com
# BitDefender has clean hosts file
127.0.0.1 localhost
#Original Code from this file
# # Copyright (c) Microsoft Corp. 1993-2009.
#: #
# # This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#: #
# # This file contains the mappings of IP addresses to host names. Each
# # Entry Should Be Kept on an individual line. The IP address SHOULD
# # Placed in the first column be FOLLOWED by the Corresponding host name.
# # The IP address and the host name SHOULD be separated by at Least One
# # Space.
#: #
# # Additionally, comments (Such as These) May be Inserted on individual
#: # lines or following the machine name denoted by a '#' symbol.
#: #
# # For example:
#: #
# # # Source server rhino.acme.com 102.54.94.97
# # # X client host x.acme.com 38.25.63.10
# # Localhost name resolution is DNS Handled Within Itself.
#:# 127.0.0.1 localhost
#:# ::1 localhost
#: 127.0.0.1 mpa.one.microsoft.com
Hi Cristi, if you can make that tutorial on how it works and how thinking a binary code computer.
Many thanks .Ar be a very interesting tutorial .Multumesc again.
hello Christ. tutorial https://videotutorial.ro/cel-mai-rapid-dispozitiv-de-stocare-extern-ssd-pe-un-rack-usb-3-0-tutorial-video/ you said something about improving the performance of your hard drive for the operating system. the question is will you do another such tutorial? I think it's a very useful tutorial.
Thank you.
127.0.0.1 validation.sls.microsoft.com
this line is only active hosts, what does that mean?
Windows XP is the baseline for the next
127.0.0.1 localhost
for Windows 7
# Localhost 127.0.0.1
Localhost # :: 1
any other values are not normal
I would like to know where I can download the file original host
You probably pirated windows.
Make it as was mine before changes in tutorial.
I did a tutorial with Intel Smart Response technology that allows you to install Windows on the hard disk and use the SSD for cache.
Search for “intel smart response”
It may be interesting to 10%, the rest will be bored to death.
I'll try to make it more "commercial", maybe it will catch.
I believe that stains 50% of users would be interested in binary code !!!
I would also be interested in something like that. And a tutorial on components would be interesting. A "boring" technical tutorial on processor architecture, differences and similarities for example between amd, intel and cortex arm processors. I know it will be a tutorial long but interesting. And let's not forget the RAM, manufacturing technology, etc. etc. Dear!
Okay. That's what I did now, but there's a problem. When I press ¨save¨ (not ¨save as… ¨) it appears to me as if I had pressed ¨save as… ¨ and it is saved in ¨.txt¨ format. What to do in this case?
I have not stung anyone, I say just be careful.
The choices are yours.
But is the hosts file saved?
That and rescuing. txt is probably related to how the notepad, he saves. txt base, that in addition to ASCII file.
The host file was modified by me earlier. Then we do not encounter this problem. But now, watching the tutorial, I made my way to it again and I would like to bring it back to its original state… So yes, it is saved… If you can't help me, I will search the internet for the original file 😉
No need, I solved the problem
Hello, I have a question, there are several ways you can leave a message ???
because this method did not understand it too well
By modifying the hosts file can be blocked ads and damaging some pages winhelp2002.mvps.org/hosts.htm
Very good tutorial, I check occasionally to make sure the host file I hacker in pc
At one laptop does not allow him to go on youtube and google. If you stop firewall directs it to another page. I installed Malwarebytes but only block access to that page and still can not Accessa google. what to do?
I stick "Maxell" The 16GB, but my computer only sees 14.9GB:http://s11.postimg.org/xryrajygz/untitled.jpg
How come I do not see 16GB ???
.I think it's normal, on my 4 stick it shows me 3.78 and on the 8 card it shows me 7.44.16 GB at the end it can't show you, but if you've ever shown yourself 15. and something you can try you partition your stick. Search the site for a tutorial on such a thing. You can format it and do it NTFS or format it and do it again FAT32 and see if it sees you. type in the search box on "Partitioning" site and you will find a lot of tutorials.
install the operating system again
then who uses your PC not to stay logged in as admin
from what you wrote user was not aware of what he did
Hi Cristi, I have a problem that still persists see, I wrote a comm I said earlier that I have a problem with a black 640gb wdc hdd, which made Current Pending Sector Warning 365 and went hard dAbeau I managed to copy I had him only 1 kb / s went after format was OK 4 36 weeks after Iara Warning and gave low Iara format, and after I turned it on just so cold only wireless sata power connector and when it starts making Replace clrr crrr after he begins to shut crrr crrr crrr CRR as data access and cable when it is made and are making crrr crrrrr bios in one what to do to go to guarantee it? That'll give me some shit Refreshbied. Too bad for him that was good and platters 640 2 320gb well they are 160 gb gb x4 was too good. CRR CRR take one but looks OK and has 6 SMART sub sectors 500ms. It plied this is the second one that I happen to fot this green and black. What do you recommend Seagate Cristi ST31000DM003 to take?
Hi Cristi, I have a problem with internetul.Nu can view some videos on youtube (usually formal ones) or I download some files (. Exe). If you open the youtube link videoclipulul with VLC (CTRL + N) you can see (with some interruptions), most files that I can not go with BitComet download browser. What do you recommend?
it would be useful to increase the stream a little, to see something without 'full mode'! i.imgur.com/yWiZIlT.png
hello cristi, I have this value in windows 7 127.0.0.1 validation.sls.microsoft.com …… I tried to delete it… but it doesn't work… what can be done? thanks a lot.
Cristian Cismaru can you explain this problem to me, kaspersky sometimes informs me about: kernel mode memory pach - it is possible to be used as a PDM.Keylogger ,,, what is kernel mode memory pach ????
A google search you find this: http://support.kaspersky.com/6446
“What should I do if I suspect that the kernel mode memory patch process is malicious”
If you suspect the process is malicious, Perform the Following Actions:
Run the anti-virus databases update.
Run full scan your computer.
Once the scan is complete, export scan report to a file.
Create a request to Kaspersky Lab Technical Support via the My Kaspersky Account service. Describe your issue in all details and attach the created report file to the request.
The conclusion is: "The biggest virus is the antivirus"!
that you have presented is ok for those with static ip but what do those with dynamic ip?
I mean the site that will redirect you always will have another router ip if we allocate each time another ip
very interesting tutorial, expect more!
not so
sit without antivirus is dangerous
if you have antivirus and PC started to virus when you've got to do is to format the whole harddisk
and this without quck (format NTFS) after that install clean operating system
Speaking of people that will not buy ssd instead of hdd if you still buy something new
Christ made tutorials so (performance, differences)
A tutorial on creating / setting up a public DNS?
did not get the ip change is you ok?
and if we think it's better to have dynamic ip (this is for security)
Interesting tutorial, would be well to do like this, people should know how it goes.
Interesting tutorial
Hello Cristi watching your tutorials for a long time and I like, are very bune.Te ask if you can do a tutorial on Support for files. Dll which occupies ditch as up and that is their role.
THANK YOU
PS If you can talk about your legal cracks a bit
Hello Cristi! My name is Viorel and I have a question about videotutorialul: DNS poisoning, if you do like this can happen? 127.0.0.1 windows \ system32 it directs everything to my Systema? How can I protect my PC from cyber? Thank you!
in my host file as Christ's exanc tutorial
This thing is a long time buddy, if you've only just now realized that it is better now than never. When I said to many people that can change an operating system and can put the torrents, DC + + and other junk laughing, well hostu thing is a lie, anyway you can do a lot more.
Self Zendy.
PS
You better buy the win, and you will see that it updates both the drivers and any device you connect, and only 😉 they have no idea how much an original product means, they are satisfied with the copy that is modified by to an "x" who doesn't know what his intentions are… Hello.
I don't think so, because nowadays you really learn about this in the 9th grade. If you search on google, the net is full of the binary system (base 2)… it is more complicated instead with the hexadecimal one (base 16).
This means that not connect to computer do not know what has changed but the host who wants to visit you will have to "move" in the first instance he keeps both gates Dos.Sunt door allowing access the computer that needs to get used to ideea.Astăzi close all programs before you install / uninstall will connect to their server, so that only a firewall can reveal. Microsoft and intelligence enter as many times in the net.Să and I do not think Linux is evadarea.Cei who know things really valuable, are often technically complicated and the terms and does not waste time trying to make them înţeleşi.Pentru time is money and we who come and discuss on various IT-profile sites try to keep afloat at all.
I did that tutorial, I experienced all sorts of redirections but do not know what happened that after I deleted that and added 127.0.0.1 http://www.google.ro (I managed to do and that with YOU ARE HACKED), still not recovered, now I write all my google.ro that occurs with YOU ARE HACKED, I visited again host and is pure, whatever I add is deleted but that does not disappear with YOU ARE HACKED I write google.ro. I guess it's because I ran too fast other redirections, save, test, delete and add others and so on.
What to do to go google.ro?? I made and restart the computer but it still does not recover. Cristi what you think, if I delete apache recovers??
thank you in advance
Hi, please help me too. I have in the file windows / sys32 / drivers / etc I have this: Imhosts.sam and hosts.old… I don't understand why I have this
Hosts.old contains:
# Copyright (c) Microsoft Corp. 1993-1999.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# Entry Should Be Kept on an individual line. The IP address SHOULD
# Placed in the first column BE FOLLOWED by the Corresponding host name.
# The IP address and the host name SHOULD be separated by at Least One
# Space.
#
# Additionally, comments (Such as These) May be Inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
Rhino.acme.com # source server # 102.54.94.97
# # X client host x.acme.com 38.25.63.10
127.0.0.1 localhost
why locallhost is no hash?
Imhosts.sam contains:
# Copyright (c) Microsoft Corp. 1993-1999.
#
# This is a sample LMHOSTS file used by the Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names. Each entry Should Be Kept on an individual line.
# The IP address Should Be Placed in the first column FOLLOWED by the
# Corresponding computername. The address and the computername
# should be separated by at least one space or tab. The “#” character
Generally # is used to denote the start of a comment (see the exceptions
# Below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP / IP LMHOSTS
# Files and offers the Following extensions:
#
# # PRE
# # DOM:
# # INCLUDE
# # BEGIN_ALTERNATE
# # END_ALTERNATE
# Xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# The entry to be preloaded into the name cache. By default, entries are
# Not preloaded, But is parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:" tag will associate the
# Entry with the domain specified by. This Affects how the
# Browser and logon services behave in TCP / IP environments. To preload
Associated with the host name # # DOM entry, it is Necessary to Also add a
# # PRE to the line. The is always preloaded although it Will not
# Be Shown When the name cache is viewed.
#
# Specifying “#INCLUDE” will force the RFC NetBIOS (NBT)
# Software to seek the specified and parse it as if it were
# Local. Generally is a UNC-based name, allowing a
# Centralized LMHOSTS file to be maintained on a server.
# It is ALWAYS Necessary to provide a mapping for the IP address of the
# Server prior to the # INCLUDE. This mapping must use the # PRE directive.
# In addition the “public” share in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# Be Able to Successfully read the LMHOSTS file. This key is under
# \ Machine \ system \ CurrentControlSet \ Services \ lanmanserver \ parameters \ nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The # BEGIN_ and # END_ALTERNATE keywords allow multiple # INCLUDE
# Statements to be Grouped together. Any single Successful include
# Will cause the group to succeed.
#
# Finally, non-printing characters CAN be embedded in mappings by
# First surrounding the NetBIOS name in Quotations, THEN using the
# Xnn notation to specify a hex value for a non-printing character.
#
# The Following example illustrates all of These extensions:
#
# 102.54.94.97 rhino #PRE #DOM: networking #net group's DC
# 102.54.94.102 “appname x14” #special app server
# 102.54.94.123 popular # PRE # source server
# 102.54.94.117 localsrv # PRE # Needed for the include
#
# # BEGIN_ALTERNATE
# # INCLUDE \ \ localsrv \ public \ LMHOSTS
# # INCLUDE \ \ rhino \ public \ LMHOSTS
# # END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# System is unavailable.
#
# Note that the whole file is parsed Including comments on each lookup,
# So keeping the number of comments to a minimum Will Improve performance.
# Therefore it is not advisable to simply add LMHOSTS file entries onto the
# End of this file.
Please tell me what's wrong. I don't know so well but I also use online payment and others…. I wouldn't want anyone to know my card details or anything. Thank you very much
Hello,
DNS poisoning can achieve and if anyone has access to WiFi router through a method called Man-In-The-Middle attack method that allows the attacker to redirect the user to a ghost site, to intercept user input on various websites sites, even those that have SSL security (using sslstrip).
There are utilities that automate this attack vector, making it accessible for everyone, one of them being SET (Social Engineering Toolkit).
See section 8 of http://oi42.tinypic.com/2potq9e.jpg
Increase in all you do!
Respectfully,
Victor
to me it's all on video so you but I am Acronis ptr bk.ap and so appears 127.0.0.0 and Acronis tru.com after something bad has dezistalat Acronis and is ok please answer uregent on Mayl. ARE good two will follow And I love it. WILL RESPECT
Thank you all very clear to help!
I look open the hosts file and there was written
38.25.63.10x. Acme.com client host
102.54.9497 rhino.acme.com source server
then under these 127.0.0.1 this I understand is good… but the other addresses I have to delete them right?
have not been there right?
please tell me if I should delete them or not