Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SESSION 6
- =========
- NAT - Network Address Translation : THis is the virtual network which mappes the public ip address to private and vice versa.
- TROJANS
- =======
- Trojans are the malicious applications or programs which looks like a normal application but is harmful in nature as it can give the whole remote access of the Target's Machine to the Attacker's Machine.
- TYPES OF TROJANS ON THE BASIS OF CONNECTION
- ===========================================
- Reverse Connection Trojan : A reverse connection trojan is that in which we don't have to get or know the IP Address of the Victim's Machine. You just have to create a trojan having the Attacker's IP Address only.
- ----------------------------------------------------------
- DEPLOYING OF TROJAN IN THE TARGET'S MACHINE
- ===========================================
- 1. DEPLOYING IN THE SAME NETWORK : The attacker just have to create a Trojan of the IP in the same network where a Target is residing.
- 2. DEPLOYING TROJAN GLOBALLY : In this Scenario, a Attacker is using a Globally hosted DNS with a global IP to get a reverse connection from a Target to itself. For eg. Using NOIP and Port Forwarding.
- ----------------------------------------------------------
- RAT
- ===
- RAT stands for Remote Administration Tool. It helps in creating Malwares like Trojans and Viruses which provides Remote Connection of a Victim Machine while not letting know the Victim about it.
- ----------------------------------------------------------
- CREATION OF TROJANS
- ===================
- = IP + PORT = Socket
- = Stub = The Malicious Trojan we make through Dark Comet.
- 1. Left top corner = DarkComet-RAT
- 2. Go to "Server Module" = Full Editor(expert)
- 3. Main Settings = Process Mutex
- Mutex = Thread which helps me in sharing the computer's resources
- Random Process Mutex
- Server ID = Same|Change
- Profile Name = Same|Change
- 4. Goto Network Setting
- Insert Private IP Address and a port number(greater than 1200)
- Socket = IP Address + Port Number
- IP Address = Private IP Address --> 192.168.0.28
- Port Number = 1604
- CLick On "ADD"
- 5. Goto "Module Startup" = When my computer start, then what are the things which my trojan will do.
- Check box the "Start the stub with windows"
- Drop the stub in:
- 6. Goto Install Message
- Tick the check box
- Choose the icon
- Enter the you want the user to display
- 7. Goto Module Shield
- 8. File Icon
- Choose any file icon from the list.
- 9. Goto Stub Finalisation
- Build This Stub
- Destination for saving the stubb
- 10. To listen on a specific port
- port = 1604
- In the dark comet screen, top left corner = DarkComet-RAT = Click on that
- Click on "Listen to new port"
- enter the port number = 1604 and click on listen
- EVADING ANTIVIRUSES AND ANTIMALWARES
- ====================================
- HOW ANTIVIRUSES WORKS
- =====================
- Antiviruses and Antimalwares works on the definations or ccalled signatures of an application. If they found that a Signature of a Application is malicious, they will declare the application as a malware and if not they will declare it as a normal running application.
- https://www.youtube.com/watch?v=bTU1jbVXlmM
- FUD - Fully Undetectable
- CRYPTERS AND BINDERS
- ====================
- Crypters are cthose applications which helps as a extra coating layer to an application providing there own self generated "Signatures". Eg. CHrome Crypter, Urge Crypter
- Binders are those applications which binds a file or a malware in any extension while not changing the functionality of the filetype.
- Chrome & Urge Crypters = Limbo > Bingo
- ----------------------------------------------------------
- BOTNETS AND ROOTKITS
- ====================
- Botnets means roBOT+NETwork. THese are the malicious applications such as TRojans etc.. which runs on the Network and are intelligent enough to use there own mechanism.
- Rootkits
- ========
- Rootkits are those Malicious Applications or Codes which are installed in the Boot option such as BIOS and start executing on every startup.
- ---------------------------------------------------------
- SECURE SYSTEM CONFIGURATION
- ===========================
- 1. CMD > $ netstat -ona
- (This will show all the Sockets : IP+Port Connections with their Stats of that particular machine)
- = o stands for ports
- = n stands for network IPs
- = a stands for all connections
- 2. CMD > tasklist
- CMD > $ taskkill /PID ___ /F
- 3. Startups Check and Maintaining the list of the Machine.
- 4. Task Manager > Processes > kill PID (Process ID) of the Malicious Executable(exe)
- 5. Checking Firewall status and making and creating new Rules Sets. > Outbound Rules & Inbound Rules
- 6. Services running on the Machine.
- TASKS
- =====
- 1. Create a POC by making a Stub and getting the Remote Connection of a Machine.
- 2. Report on the World's First Antivirus.
- 3. Find an application which can see the "Established" and "Listening" connection of a machine just like "netstat".
- https://ufile.io/218hp
Add Comment
Please, Sign In to add comment