So, small time hackers and spammers have always struggled for a free bulletproof hosting. We use it for hosting our phishing pages loaded with trojans and obsficuted JavaScript codes. But where is the right type that won't remove the pages?
1) Sub Domain hosting WILL remove them!
Almost all the hosting providers don't want thier IP Address to be banned because as per the Cyber Law all over the world, if anything illegal is caught on your computer, even if it's a hosting, you will be blamed. So the easy way for them is to mark your IP and remove the content immediately. They install scripts and tools to automatically remove the pages with specified code. So let's say if I want to remove something with : "alert" in the hosted webpage, I'll write some PHP or ASP script to scan the pages and remove the webpage and then delete the account from my database forever.
2) You can get caught easily
Even if you use a VPN and do all kinds of stuff to protect yourself, you can get caught. It depends what kind of thing you are doing. If you are just infecting people with some trojan, noone will catch you, but if you're uploading some jihadist hate page, you will immediately be red listed in every wanted files. Moreover, nowadays every website collects your cache, so there's no chill until you use Tor with highest security with a stolen laptop for 15 minutes in different city at a random time using a stolen WiFi of some public library....and then throw away the laptop & move to a different country in another continent. Maybe then you'll be really anonymous..
1) You can always use Localhost!
I'm not talking about the localhost of your average work pc, but on a virtual host of some Linux distro like Tails(or use a live Tails image) over some different pc you may have.. You can choose the targets and just upload the file on your localhost and port forward it. Also do shorten the url or give yourself a temporary domain name with some free provider online. Keep running your server and you'll get better results because now, victims will be directly connected to you.
2) Use a public library
The trend of public library is cool. But in many countries, there are few or no Public libraries, so you can use any continues Internet running computer away from you. Let's say your school runs internet for like 19 hours a day, so you can quietly install vm & run a server using it & host your page there...
3) What about neighbors?
I've seen that my neighbors have thier WiFi switched "on" for 24 hours and 365 days(whole year). They NEVER close it. So it's a great opportunity to simply infect them(if you can) and then do a hidden hosting via their network and resources. Just like your botnet infects people and also their contacts.. It's not so easy if you don't know how to, but worth it if it's a small phishing page. Not worth it if you want to host a bigger Zeus infected server or something of that sort...
So these were a few ways to do it, but there are many other ways to connect directly to specific targets via social engineering attacks and also harvesters.. But then they are more advanced methods & I want to keep this for new learners..
Thankyou.
Bye!
Here are some things you need to know:
1) Sub Domain hosting WILL remove them!
Almost all the hosting providers don't want thier IP Address to be banned because as per the Cyber Law all over the world, if anything illegal is caught on your computer, even if it's a hosting, you will be blamed. So the easy way for them is to mark your IP and remove the content immediately. They install scripts and tools to automatically remove the pages with specified code. So let's say if I want to remove something with : "alert" in the hosted webpage, I'll write some PHP or ASP script to scan the pages and remove the webpage and then delete the account from my database forever.
2) You can get caught easily
Even if you use a VPN and do all kinds of stuff to protect yourself, you can get caught. It depends what kind of thing you are doing. If you are just infecting people with some trojan, noone will catch you, but if you're uploading some jihadist hate page, you will immediately be red listed in every wanted files. Moreover, nowadays every website collects your cache, so there's no chill until you use Tor with highest security with a stolen laptop for 15 minutes in different city at a random time using a stolen WiFi of some public library....and then throw away the laptop & move to a different country in another continent. Maybe then you'll be really anonymous..
Good News:
1) You can always use Localhost!
I'm not talking about the localhost of your average work pc, but on a virtual host of some Linux distro like Tails(or use a live Tails image) over some different pc you may have.. You can choose the targets and just upload the file on your localhost and port forward it. Also do shorten the url or give yourself a temporary domain name with some free provider online. Keep running your server and you'll get better results because now, victims will be directly connected to you.
2) Use a public library
The trend of public library is cool. But in many countries, there are few or no Public libraries, so you can use any continues Internet running computer away from you. Let's say your school runs internet for like 19 hours a day, so you can quietly install vm & run a server using it & host your page there...
3) What about neighbors?
I've seen that my neighbors have thier WiFi switched "on" for 24 hours and 365 days(whole year). They NEVER close it. So it's a great opportunity to simply infect them(if you can) and then do a hidden hosting via their network and resources. Just like your botnet infects people and also their contacts.. It's not so easy if you don't know how to, but worth it if it's a small phishing page. Not worth it if you want to host a bigger Zeus infected server or something of that sort...
So these were a few ways to do it, but there are many other ways to connect directly to specific targets via social engineering attacks and also harvesters.. But then they are more advanced methods & I want to keep this for new learners..
Thankyou.
Bye!
No comments :
Post a Comment