If an attacker wants to redirect users from 'www.MyPersonalBank.com' to a phishing site, which file should they modify?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

If an attacker wants to redirect users from 'www.MyPersonalBank.com' to a phishing site, which file should they modify?

Explanation:
Local name resolution and host file overrides explain this technique. The hosts file is a simple text mapping the OS uses to resolve hostnames before querying any DNS server. If an attacker adds an entry that maps www.MyPersonalBank.com to the IP address of a phishing site, the system will route that domain to the attacker's host every time, bypassing public DNS responses. This makes the phishing site appear legitimate to the user on that machine, even if the real site points elsewhere. This is why the hosts file is the best answer. Firewalls control traffic flow but don’t change how a domain name resolves to an IP. Browser cache could influence past resolutions but isn’t a reliable or persistent mechanism and isn’t a file modification. Modifying a DNS server could achieve a similar redirect, but that targets DNS infrastructure, not a local file on the target machine. The hosts file directly enables this kind of local override.

Local name resolution and host file overrides explain this technique. The hosts file is a simple text mapping the OS uses to resolve hostnames before querying any DNS server. If an attacker adds an entry that maps www.MyPersonalBank.com to the IP address of a phishing site, the system will route that domain to the attacker's host every time, bypassing public DNS responses. This makes the phishing site appear legitimate to the user on that machine, even if the real site points elsewhere.

This is why the hosts file is the best answer. Firewalls control traffic flow but don’t change how a domain name resolves to an IP. Browser cache could influence past resolutions but isn’t a reliable or persistent mechanism and isn’t a file modification. Modifying a DNS server could achieve a similar redirect, but that targets DNS infrastructure, not a local file on the target machine. The hosts file directly enables this kind of local override.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy