noizZze

Overriding DNS or How to Hack Microsoft

Today I would like to share one extremely useful tip on overriding DNS information. But first, how it may be useful. Let’s imagine that:

  • You are running a site and planning the migration to a different provider. You wish to move your data first; then switch the name to point to the new location and then leave the old one. The problem is that before you switch the domain name to your new location, you can only guess if the site is working fine or not.
  • You are building a site for someone else and need / wish to access it using its target domain name. It may be necessary if there are some places where you hard-coded it etc.
  • You wish to show your friends what a great hacker you are. You open your browser, type in the name of some gigantic site you’ve “just hacked” ( i.e. microsoft.com ). Voila… “Vasya was here.”

There is a file (see below) almost on every modern platform that contains a simple mapping of IP addresses to domain names. Usually, it contains mapping between IP address ‘127.0.0.1’ and the name ‘localhost’. Sometimes it also has the mapping between the same IP address and your custom host name, like ‘alpha’ or whatever else. When you enter some address in your browser, the system looks through this file first to find the IP address of the host by its name. If it’s not there, the system asks some remote DNS server, according to your network configuration. By adding records to this file, you can override the address of some existing site (to point to other place) or assign the name to the host (to access it by name).

In the real world, the same server with the only IP address can host any number of virtual sites. Even though all requests go to the same physical location, the server “understands” to what site the request is addressed by the logical name enclosed. In other words, two different domains hosted on the same physical server can show absolutely different pages.

For the first case, when you wish to test your new site ( i.e. mysite.org ) physically located on the server with IP address ‘11.22.33.44’, you need to add this mapping:

11.22.33.44 mysite.org

When you build a site to someone else with a specific domain name ( i.e. clientsite.com ) physically located on your computer, you add this mapping:

127.0.0.1 clientsite.com

If you are a cool hacker, you use this very method, but replace the domain name with the name of your victim, and create file ‘index.html’ in the documents root of your web server. Now, when you enter the site address in your browser, your ‘index.html’ is displayed instead.

Here’s the list of locations of hosts mapping file:

Mac OS X & *nix:/etc/hosts
Windows:C:\Windows\sytem32\drivers\etc\hosts

I’m sure you understand that this trick works only where you modified the hosts mapping file. You can’t fool the world by changing your local hosts lists.