Sunday, September 15, 2013

Trojans and RATs- Know The Facts






In my previous article, i have explained how we can hack remote computers using extreme RAT. I thought of writing an article on the basics of RATs before it. But many people are interested in practical knowledge rather than reading theory. So i wrote the practical working of RATs first.Before moving onto some other RATs, i am going to explain the facts that everyone must know before using RATs and Trojans.


What are TROJANS?


A Trojan is a program that pretends to be legitimate program, while It is malicious in nature and is infecting the system in background. It provides complete access of that system to the Attacker.


How Trojans work?



Trojans work on client server basis. The client will reside on hacker’s system and the server will be on victim’s computer. When the victim clicks the server, client listens to the connections through the specified ports and gives the access to the victim’s system.


Ports


Ports are the end points that provide communication between computers or networking devices.


Physical ports- example usb ports,serial port etc


Virtual ports- Virtual ports provide a virtual connection between the computer systems. These ports are the ones we need for communication on internet. Different Trojans use different ports. These are referenced using some numbers. There are 65535 ports.


Direct connection Trojans

If the Trojan is direct connecting Trojan then attacker can connect to the victim directly and can get access to the victim machine, but the scenario is not always that easy. Victim can be behind a router, in that case direct connection Trojans will not any provide any access to the victim computer. One more disadvantage is we need to know the IP address of the victim.


HACKER-->server-->VICTIM
Example: PRORAT


Reverse connection Trojans


When the Victim is behind a router, direct connection Trojans will not provide any access to the victim computer. Here comes the need of reverse connection Trojans. In this case, the victim will be connected to the hacker using the server file. This is Very useful if the person sits behind a router . After infecting the victims PC, the trojan will automaticly connects to the hacker.


HACKER<--Server<--VICTIM
Example: Darkcomet


Port forwarding


If the hacker does not connect to the Internet directly (with a modem) and he sits behind a router, he needs to forward the trojan ports in his routers configuration if he is doing a reverse connection. This is called portforwarding. The basic idea of port forwarding is to instruct our router to allow external connections to our PC. It varies from router to router based on its company and version.


Dynamic IP address


Most of the computers today do not have a static IP address, So using a service like no-ip which gives you a name like hacker.no-ip.org which can be pinged from anywhere on the internet and it will give your current IP address. Set your reverse connection trojans to connect to this name.


Hope you liked the post, for further doubts please leave your comments

No comments:

Post a Comment

Follow Me