Hacking Your Hosts File
Ever been trying to test a site and you just aren't sure if you screwed up configuring your dns, or if there is another issue? Enter the hosts file...
Whether you are in need of a way to test a site before its available in public dns, you are wanting to play a trick on a friend, or you have more nefarious intentions, understanding the inner workings of a computers hosts file can give you a unique perspective. And with perspective comes opportunity.
What Is Your Hosts File?
Your hosts file is a little known or thought of .txt file that lives on your computer. To be honest If you are familiar with your hosts file you are probably either an IT professional, or a hacker. This file serves as a mini DNS server on your computer.
As we discussed in the understanding dns article all web requests that are made to domains (example.com), need to be run through a DNS server (think cloudflare) to get the resolving IP. Now the hosts file allows you to create your own internal DNS records that your computer will look to first. Remember in network routing, rules are processed from top down, so the first rule to match a certain set of criteria will be used.
I've created a quick diagram to help you understand how your hosts file works.
So in the example above, the user typed in google.com into their browser. Their browser in turn checks their hosts.txt file to see if it has a corresponding record so that in can skip going out to a dns server and just route the request directly to the IP. If there is not then it will go out to a DNS server, get the IP, and then route the traffic to one of googles servers.
Now lets say there was a record in the file that matched the requested domain.
the record would look something like this
127.0.0.1 is the local loopback IP address of your computer. So by placing this record in your hosts file you will now no longer be able to browse to google.com. Every time a request is made to that domain your computer will route back to itself.
Why Hackers Use It
Hackers have been known to use your hosts file for a few different reasons. The most likely of those reasons are:
- Keep you from getting to sites that would help you remove the malware
- Redirect you to ads
- Redirect you to landing pages that collect your personal information
The first two scenarios are pretty straight forward, but the last may need a little explaining.
Say the hacker wants to learn your google credentials. They would edit your hosts file via a piece of malware, that would redirect google.com to their server. They would then create a page that looks just like google, with the normal sign in button.
When you click the sign in button it asks you for your credentials. Once you enter them in they log the information, and return an error page saying sorry we weren't able to log you in. Now they have your google creds, and hopefully you haven't used that username and password combination on all of the sites you access, because they are going to try it ...
Why IT Professionals Use It
IT professionals will sometimes use the hosts file to prevent people on their network from going to specific sites. Typically the sites are known malware sites, and by putting in the domain with a local loopback IP this will prevent users from browsing to sites where it is likely that they will get a virus and then spread it to the rest of the network. This can also be used as a poor mans content filtering service. If you don't have a router in place that can prevent people from going to social media sites, or other "time waster" sites while people are on the clock you can add these sites to your hosts file, and use the local loopback ip and they won't be able to browse to those sites.
How Internet Marketers Use It
One of the great things about a hosts file is that it gives you the ability to control the routing of your http requests.
Say you are building out a new site, that you want to keep top secret. You don't want there to be any record of it in DNS servers, so your competition could potentially discover it. Well this is a great case for using your hosts file.
All you would need to do is update your hosts file with the domain you would like to use. Remember it can be any valid domain, and then put the IP of there server that is hosting it.
As you can see in the example above, and request made to that domain won't have a record in the global DNS servers so the request won't know where to go. Or if you were overriding an existing record, people would still be sent to the old site when you could be viewing the new site.
Editing Your Hosts File
As all things in the Mac vs. PC world its a bit different to edit your hosts file on a mac then it is a PC, but both have a hosts file and both can be updated. Below you will find instructions on both.
Editing Using A Mac
If you are using a Mac then you will want to open up a terminal window.
By pressing command space it will bring up a search box
From here type in terminal, and it will allow you to open up a new terminal window
You are going to want to type the following command
sudo nano /etc/hosts
Once you do this you will be prompted for your password
*when entering a password in a terminal session no keystrokes are shown. So you will be typing but nothing will change on the screen. Don't worry, type in your password and then hit enter. If you have entered it correctly it will bring up your hosts file
Now you are presented with your hosts file in the nano editor
Use the down arrow to navigate to the line right after the last record.
Now you can enter a new record. In this example I will set google.com to my local loopback ip.
hosts records should go IP "space" domain.
Once you have entered the new record you will hit ctrl + o, and that will write the changes to your hard drive.
Now we can test it by browsing to google.com... and as expected the site no longer renders.
Now we can just go back into our hosts file
delete the record that we added
hit ctrl+o to write out the changes, and viola we can get to google again.
Mac Video Walk Through
Editing Using A Pc
Its a similar process to edit your hosts file on a PC, but the commands are a bit different.
First thing we are going to need to do is open an elevated command prompt.
*If you don't open an elevated / administrator command prompt you will be able to open and edit your hosts file, but you won't be able to save it.
You can do this by hitting the windows button and then typing in cmd. This should bring up windows search, and select the command prompt application.
From here you can either right click, and select run as administrator, or you can hit ctrl+shift+enter, both of which will open the cmd prompt with the required rights.
Often times this will show you a warning that you are about to open an application that will make changes to your computer. Since that is our goal here, go ahead and click yes.
Once we click yes we will be presented with our shell.
The commands you will need to type are
and then hit enter (this just moves you to the correct directory. Now type:
This will open you your hosts file in notepad so you can edit and save it.
Since this is open in a normal text editor unlike on the mac there are no special commands or keyboard shortcuts that need to be performed. You can merely edit the file, as you wish and hit save.
*Disclaimer: If you screw up your hosts file, it can cause you to loose the ability to browse the web. So this post is given with no gaurantees, and I assume no liability 🙂