g2 s6

1. SESSION 6
2. =========
3.  
4. NAT - Network Address Translation : THis is the virtual network which mappes the public ip address to private and vice versa.
5.  
6. TROJANS
7. =======
8. Trojans are the malicious applications or programs which looks like a normal application but is harmful in nature as it can give the whole remote access of the Target's Machine to the Attacker's Machine.
9.  
10. TYPES OF TROJANS ON THE BASIS OF CONNECTION
11. ===========================================
12.  
13. Reverse Connection Trojan : A reverse connection trojan is that in which we don't have to get or know the IP Address of the Victim's Machine. You just have to create a trojan having the Attacker's IP Address only.
14.  
15. ----------------------------------------------------------
16.  
17. DEPLOYING OF TROJAN IN THE TARGET'S MACHINE
18. ===========================================
19.  
20. 1. DEPLOYING IN THE SAME NETWORK : The attacker just have to create a Trojan of the IP in the same network where a Target is residing.
21.  
22. 2. DEPLOYING TROJAN GLOBALLY : In this Scenario, a Attacker is using a Globally hosted DNS with a global IP to get a reverse connection from a Target to itself. For eg. Using NOIP and Port Forwarding.
23.  
24. ----------------------------------------------------------
25.  
26. RAT
27. ===
28. RAT stands for Remote Administration Tool. It helps in creating Malwares like Trojans and Viruses which provides Remote Connection of a Victim Machine while not letting know the Victim about it.
29.  
30. ----------------------------------------------------------
31.  
32. CREATION OF TROJANS
33. ===================
34.  
35. = IP + PORT = Socket
36. = Stub = The Malicious Trojan we make through Dark Comet.
37.  
38. 1. Left top corner = DarkComet-RAT
39. 2. Go to "Server Module" = Full Editor(expert)
40. 3. Main Settings = Process Mutex
41. Mutex = Thread which helps me in sharing the computer's resources
42. Random Process Mutex
43. Server ID = Same|Change
44. Profile Name = Same|Change
45. 4. Goto Network Setting
46. Insert Private IP Address and a port number(greater than 1200)
47. Socket = IP Address + Port Number
48. IP Address = Private IP Address --> 192.168.0.28
49. Port Number = 1604
50. CLick On "ADD"
51. 5. Goto "Module Startup" = When my computer start, then what are the things which my trojan will do.
52. Check box the "Start the stub with windows"
53. Drop the stub in:
54. 6. Goto Install Message
55. Tick the check box
56. Choose the icon
57. Enter the you want the user to display
58. 7. Goto Module Shield
59. 8. File Icon
60. Choose any file icon from the list.
61. 9. Goto Stub Finalisation
62. Build This Stub
63. Destination for saving the stubb
64. 10. To listen on a specific port
65. port = 1604
66. In the dark comet screen, top left corner = DarkComet-RAT = Click on that
67. Click on "Listen to new port"
68. enter the port number = 1604 and click on listen
69.  
70.  
71. EVADING ANTIVIRUSES AND ANTIMALWARES
72. ====================================
73.  
74. HOW ANTIVIRUSES WORKS
75. =====================
76. Antiviruses and Antimalwares works on the definations or ccalled signatures of an application. If they found that a Signature of a Application is malicious, they will declare the application as a malware and if not they will declare it as a normal running application.
77.  
78. https://www.youtube.com/watch?v=bTU1jbVXlmM
79.  
80. FUD - Fully Undetectable
81.  
82.  
83. CRYPTERS AND BINDERS
84. ====================
85. Crypters are cthose applications which helps as a extra coating layer to an application providing there own self generated "Signatures". Eg. CHrome Crypter, Urge Crypter
86.  
87. Binders are those applications which binds a file or a malware in any extension while not changing the functionality of the filetype.
88.  
89. Chrome & Urge Crypters = Limbo > Bingo
90.  
91. ----------------------------------------------------------
92.  
93. BOTNETS AND ROOTKITS
94. ====================
95.  
96. Botnets means roBOT+NETwork. THese are the malicious applications such as TRojans etc.. which runs on the Network and are intelligent enough to use there own mechanism.
97.  
98. Rootkits
99. ========
100. Rootkits are those Malicious Applications or Codes which are installed in the Boot option such as BIOS and start executing on every startup.
101.  
102. ---------------------------------------------------------
103.  
104. SECURE SYSTEM CONFIGURATION
105. ===========================
106.  
107. 1. CMD > $ netstat -ona
108. (This will show all the Sockets : IP+Port Connections with their Stats of that particular machine)
109. = o stands for ports
110. = n stands for network IPs
111. = a stands for all connections
112.  
113. 2. CMD > tasklist
114. CMD > $ taskkill /PID ___ /F
115.  
116. 3. Startups Check and Maintaining the list of the Machine.
117.  
118. 4. Task Manager > Processes > kill PID (Process ID) of the Malicious Executable(exe)
119.  
120. 5. Checking Firewall status and making and creating new Rules Sets. > Outbound Rules & Inbound Rules
121.  
122. 6. Services running on the Machine.
123.  
124.  
125. TASKS
126. =====
127.  
128. 1. Create a POC by making a Stub and getting the Remote Connection of a Machine.
129. 2. Report on the World's First Antivirus.
130. 3. Find an application which can see the "Established" and "Listening" connection of a machine just like "netstat".
131.  
132.  
133. https://ufile.io/218hp