Friday, January 23, 2015

Trojan creating using RAT


Now, here is the post for making of simple Trojan using DARKCOMET RAT:

Before making a Trojan get some information about it on this link: Detail About Trojan.
 
RAT: A Remote Administration Tool (RAT) is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software.

Many Trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file (often called a client or stub) must be opened on the victim's computer before the hacker can have access to it.



Many clients/stubs will display a fake error message when opened, to make it seem like it didn't open. Some will also disable antivirus and firewall software. A well-designed RAT will allow the operator the ability to do anything that they could do with physical access to the machine.




Requirements:
  1. DarkComet RAT
  2. Host (you can go for no-ip.com) and a DUC (Dynamic DNS Update Client).
  3. Virtual Machine
  4. VMware/Virtual Box

Step 1: Downloading DarkComet & DUC:

  • Download Darkcomet here Darkcomet 5.31 
  • Extact the downloaded RAR file of Darkcomet
  • Sign up if you do not have no-ip account or sign in if you have already created the account.
  • Go to Add Host
  • You can choose any name for free host (like xyz.no-ip.biz)
  • Finally click on Add Host after selecting the host name
  • Now download DUC (Dynamic DNS Update Client)
  • Install DUC
  • Sign-in with your account

Step 2: Using DarkComet:
  • Open DarkComet
  • Choose any port number (like 100,80,81,etc). The default port is 1604.
  • Now go to Full Editor Mode (Expert Mode). 


  • The "Main Settings" will open the click twice or thrice on the Random.


  • Then click on "Network settings" (This is the main part of Trojan making), write the IP/DNS
  • Open the DUC and go to "Edit Host" and write down the host name in IP/DNS box.


  • Click on add host
  • Go to "Module Startup"


  • Go to next one that is "Install message" (this is optional)


  • Go to "Module Shield"


  • Choose icon (if you want this, it is also optional)


  • Now finally click on "Built The Stub"


  • Save this Trojan and test this on any Virtual Machine like VMware/Virtual Box.
  • It will surely work now and send this Trojan to victim.

NOTE: The Firewall and Antivirus programs should not be activated on victims system. If any of these things are activated, then it will detect and delete the Trojan automatically from the victim's system.


Terms & Warning:
Use this script for educational purposes only and for your self knowledge.
Pro Hack Tricks Blog Team, its Author, Admin cannot be held responsible for any legal action or other action taken against you if you use this script illegally.
Use at your own risk. But remember no one is untraceable.

Sunday, January 18, 2015

SPOOFING: Email Spoofing


SPOOFING

In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it.

The main topic area in which spoofing is done are:
  • Email Spoofing
  • IP Spoofing
  • Caller ID Spoofing
  • Poisoning of File-Sharing Networks
  • GPS Spoofing
  • Protocol Spoofing
  • Website Spoofing

EMAIL SPOOFING

Email Spoofing is a creation of Email messages with a forgery of an email header so that the message appear to be originated from somewhere or someone with other than the original or actual source. Phishing and Spam Emails use Email spoofing to mislead the recipient about the origin of the message. However spoofing is illegal.

Forging an e-mail header to make it appear as if it came from somewhere or someone other than the actual source. The main protocol that is used when sending e-mail - SMTP - does not include a way to authenticate. There is an SMTP service extension that allows an SMTP client to negotiate a security level with a mail server. But if this precaution is not taken anyone with the know-how can connect to the server and use it to send spoofed messages by altering the header information.


The main Protocol that is used is used when sending Email is Simple Mail Transfer Protocol (SMTP). The main protocol used in sending e-mail, does not include an authentication mechanism. A number of measures to address spoofing are available including SPF, SenderID,  DKIM and DMARC.  Although their use is increasing. 

THE PROBLEM

If you receive a snail mail letter, you look to the return address in the top left corner as an indicator of where it originated. However, the sender could write any name and address there; you have no assurance that the letter really is from that person and address. E-mail messages contain return addresses, too – but they can likewise be deliberately misleading, or “spoofed.”  Senders do this for various reasons, including:
 
  • The e-mail is spam and the sender doesn’t want to be subjected to anti-spam laws
  • The e-mail constitutes a violation of some other law (for example, it is threatening or harassing) 
  • The e-mail contains a virus or Trojan and the sender believes you are more likely to open it if it appears to be from someone you know
  • The e-mail requests information that you might be willing to give to the person the sender is pretending to be (for example, a sender might pose as your company’s system administrator and ask for your network password), as part of a “social engineering” attack
  • The sender is attempting to cause trouble for someone by pretending to be that person (for example, to make it look as though a political rival or personal enemy said something he/she didn’t in an e-mail message)

Now we will start the Email Spoofing:

STEP 1:

Download the script file: Emailspoofing



STEP 2:

Upload this Script this script to any of this free web hosting.

Some of the free web hosting servers given below:
  • http://www.serversfree.com/
  • http://www.yourfreehosting.net/
  • http://www.esmartstart.com/
  • http://www.110mb.com/
  • http://www.drivehq.com/
  • http://www.t35.com/
  • http://www.my3gb.com/



How can I tell if I'm being spoofed?

  1. You see mailer-daemon error messages (returned emails) in your inbox that do NOT match any messages you sent out (as if someone sent a letter to another person and wrote your return address on the envelope instead of their own).
  2. You get messages from people who received email from you that you did NOT send.



What's the difference between HACKED and SPOOFED?

Your Sent folder may offer the best clue to whether you have been hacked or spoofed.


  • If you DO find email in your Sent folder that you did NOT send: Your account has been compromised (hacked).
  • If you DO NOT find any strange email in your Sent Folder: Your account has most likely been spoofed.



IDENTIFYING THE SOURCE OF THE EMAIL

Although email spoofing is often effective in forging the sender's real email address, the IP address source computer sending the mail can generally be identified from the "Received:" lines in the email header. In many cases this is likely to be an innocent third party infected by malware that is sending the email without the owner's knowledge.



Terms & Warning:
Use this script for educational purposes only and for your self knowledge.
Pro Hack Tricks Blog Team, its Author, Admin cannot be held responsible for any legal action or other action taken against you if you use this script illegally.
Use at your own risk. But remember no one is untraceable.