Disclaimer: This tutorial is only for educational purpose. We are not responsible for any misuse of this tutorial.
Scenario: Victim is using Windows 7 [Firewall enabled, User Access Control (UAC) enabled] and within a network. Attacker is within a different network. Attacker needs the full control of the victim machine to crack the Gmaill and Facebook.
- njRAT -v0.7d
- Windows OS
- NO-IP and its client
- A router that has port forwarding option enabled
- Social Engineering
- Trojan has basically two parts. one is server and another one is client. Trojan server must be installed in victim machine. so that attacker can monitor each and every thing of victim by using trojan client.
- To build trojan server we need only attacker’s IP address. Whenever the trojan server get clicked on the victim machine it will try to connect back to the attacker’s IP and open a session.
- The main problem is attacker has a IP address but that will change because of DHCP. So after restarting the attacker’s router, attacker will lose the connection from the victim. So, we need something which is static. That’s why noip.com comes into the picture. After signing up attacker will be given an URL [example.ddns.net] by noip.com which is static. Now whenever attacker starts/restarts the router he/she has to bind his/her dynamic IP address with that static URL. This can be done by the noip client. noip client is a small software that is user for binding attackers IP address to the noip URL.
noip client login
4. As we said earlier, attacker is within a network that means attackers public IP address is basically his/her routers IP address. By using noip and its client we can forward the connection from victim IP address to attack’s IP address. But how it will be redirected to the attackers machine within the network? Answer is by port forwarding. Port forwarding can be done within routers settings. After port forwarding the connection will find the attacker machine within attackers network and corresponding port to be connected. That’s how a successful trojan connection will be made from victim machine to attacker machine.
Port Forwarding: For demonstrating we use MTS WiFi router. Default gateway is 192.168.1.1. We forward the port by logging in http://192.168.1.1
WiFi Router Web Interface
NO-IP Configuration: For demonstrating purpose we are using firstname.lastname@example.org to register in noip.com and we are given a static URL called testmail.ddns.net . Now we configure noip client with username, password and that static URL.
noip configuration 2
Create trojan Server: We are using njRAT. njRAT is using port 5552. Follow the picture instructions:
Click on “Start”
Click on “Builder”
Put your noip url over there and click on “Build”
By social engineering pass the server to victim and convince the victim to run
Session found after the server clicked by the victim
Different functional options
Remote Desktop of Victim
File Manager of Victim
Registry settings of victim
Key Strokes that made by victim [key logger]
Conclusion: If all thinks work fine, attacker will find the victim’s system every time even victim changes his/her network or IP address. This procedure will applicable for any windows version [win 7, 8, 8.1, 10].