The Hosts File

  • WHAT IS THE HOSTS FILE?
    
    The hosts file is your computer's first resort when it needs to translate a hostname into an IP address. An example of a hostname would be www.EnigmaGroup.org. The IP address that this hostname typically resolves to would be 72.232.251.174. We have hostnames so that we don't have to remember difficult strings of numbers (IP addresses). However, computers need to use this IP addresses to connect to each other. (IP addresses for hostnames can be obtained by 'ping'ing the hostname in your command prompt.)
    
    When you type www.EnigmaGroup.org into your browser, your computer first consults your hosts file to see if you have designated an IP address to go with that name. Most likely, none of us have designated a custom IP address to match with the hostname www.EnigmaGroup.org. In this case, your computer doesn't know what "www.EnigmaGroup.org" means, so it goes to your Internet Service Provider, or ISP, and asks your ISP for the IP address of the hostname.
    
    If you haven't guessed it yet, the hosts file is what matches the hostname "localhost" to the loopback IP address of "127.0.0.1."
    
    
    
    WHERE IS THE HOSTS FILE?
    
    On Windows your hosts file is located in C:\WINDOWS\system32\drivers\etc. (I believe the hosts file is in /etc for *nix machines, but I don't know for sure). When you view this folder, you'll see several files with no extensions (minus the .sam file). Look for the file named "hosts" and open it with Notepad to view it. You should see a brief explanation of the hosts file. After that, you'll see the first (and perhaps only) hosts file entry of "127.0.0.1localhost".
    
    
    
    HOW DO I ADD AN ENTRY?
    
    Adding a new entry to the hosts file is simple. You just need to make sure you're on a new line, and type the IP address [tab] hostname. Now whenever somebody enters that hostname in the browser on your computer, instead of going to the actual website, they will be redirected to the site with the IP address you entered.
    
    
    
    WHAT GOOD IS THIS?
    
    Get creative! Imagine you catch your computer continuously connecting to, for example, ads.server.com and it is causing annoying popups. A quick treatment would be to use your hosts file to redirect ads.server.com to your own machine (127.0.0.1). Now, anytime your computer attempts to connect to the ads server, it will attempt to connect to itself. The connection will time out and fail... no more popups!
    Maybe you're more of the malicious type... set up a webserver on your home computer. On this, create a mock MySpace or Yahoo! webpage that logs a user's information (phishing). Now go to your local library, school, work, wherever! Edit their hosts file to connect to your home IP address when www.myspace.com is entered.
    
    LIKE THIS:
    your.ip.add.resswww.myspace.com
    
    
    
    ONE FALLBACK
    
    One fallback of using the hosts file is that, it can be bypassed if your victim types in http:// before the hostname. www.enigmagroup.org will consult the hosts file first, whereas http://www.enigmagroup.org will go straight to your ISP. But seriously, how many people always type http://?
    
    
    The possibilities are endless with this. You just have to try new things!