Hack a Remote Windows System Using Trojan [Over the Internet]

Disclaimer: This tutorial is only for educational purpose. We are not responsible for any misuse of this tutorial.

Scenario: Victim is using Windows 7 [Firewall enabled, User Access Control (UAC) enabled] and within a network. Attacker is within a different network. Attacker needs the full control of the victim machine to crack the Gmaill and Facebook.

Requirement:

  1. njRAT -v0.7d
  2. Windows OS
  3. NO-IP and its client
  4. A router that has port forwarding option enabled
  5. Social Engineering

Concept:

  1. Trojan has basically two parts. one is server and another one is client. Trojan server must be installed in victim machine. so that attacker can monitor each and every thing of victim by using trojan client.
  2. To build trojan server we need only attacker’s IP address. Whenever the trojan server get clicked on the victim machine it will try to connect back to the attacker’s IP and open a session.
  3. The main problem is attacker has a IP address but that will change because of DHCP. So after restarting the attacker’s router, attacker will lose the connection from the victim. So, we need something which is static. That’s why noip.com comes into the picture. After signing up attacker will be given an URL [example.ddns.net] by noip.com which is static. Now whenever attacker starts/restarts the router he/she has to bind his/her dynamic IP address with that static URL. This can be done by the noip client. noip client is a small software that is user for binding attackers IP address to the noip URL.

       noip_web_interface  web interface of noip   

noip_client_login

noip client login

4. As we said earlier, attacker is within a network that means attackers public IP address is basically his/her routers IP address. By using noip and its client we can forward the connection from victim IP address to attack’s IP address. But how it will be redirected to the attackers machine within the network? Answer is by port forwarding. Port forwarding can be done within routers settings. After port forwarding the connection will find the attacker machine within attackers network and corresponding port to be connected. That’s how a successful trojan connection will be made from victim machine to attacker machine.

Steps:

Port Forwarding: For demonstrating we use MTS WiFi router. Default gateway is 192.168.1.1. We forward the port by logging in http://192.168.1.1

router_interfce

WiFi Router Web Interface

port_forwarding

Port Forwarding

NO-IP Configuration: For demonstrating purpose we are using testmail4demo@gmail.com to register in noip.com and we are given a static URL called testmail.ddns.net . Now we configure noip client with username, password and that static URL.

noip_client_interface

noip configuration

noip_client_interface 2

noip configuration 2

Create trojan Server: We are using njRAT. njRAT is using port 5552. Follow the picture instructions:

vir_start

Click on “Start”

vir_builder

Click on “Builder”

vir_ddns

Put your noip url over there and click on “Build”

server_complete on desktop

By social engineering pass the server to victim and convince the victim to run

got the victim

Session found after the server clicked by the victim

vir_tools

Different functional options

victim remote desktop

Remote Desktop of Victim

hacked_filesystem

File Manager of Victim

hacked_reg

Registry settings of victim

hacked_keylogger

Key Strokes that made by victim [key logger]

Conclusion: If all thinks work fine, attacker will find the victim’s system every time even victim changes his/her network or IP address. This procedure will applicable for any windows version [win 7, 8, 8.1, 10].

Advertisements