Thursday, May 26, 2016

How To computers Using ProRAT | Remotely computers Throug Trojan

To show you an example of a malicious program, I will use a well known Trojan, ProRat using a Rat tool you can any email account in world facebook, yahoo,gmail,..etc.

1. Download ProRat. Once it is downloaded right click on the folder and choose to extract it. antivirus wil detect it as trojan but it is a false positive detection.
2. Open up the program. You should see the following:
3. Next we will crte the actual Trojan file. Click on Crte and choose Crte ProRat Server.

4. Next put in your IP address so the server could connect to you. If you don’t know your IP address click on the little arrow to have it filled in for you automatically. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.
5. Click on the eral Settings button to continue. Here we will choose the server port the program will connect through, the you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the firewall and hide itself from being displayed in the task manager.

6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. In the example I will use an ordinary text document.

7. Click on the Server Extensions button to continue. Here you choose what kind of server file to erate. I will stick with the default because it has icon support, but exe’s looks suspicious so it would be smart to change it.
8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document.

9. Finally click on Crte Server to, you guessed it, crte the server file. Below is what my server file looks like.

10. A would probably rename it to something like “Funny Joke” and send it as an attachment to some people. A could also put it up as a pretending it is something else, like the latest game that just came out so he could get people to download it.
11. Now, I will show you what happens when a victim installs the server onto his computer and what the could do next.
12. I’m going to run the server on my own computer to show you what would happen. Once I run it the trojan will be installed onto my computer in the background. The would then get a message telling him that I was infected. He would then connect to my computer by typing in my IP address, port and clicking Connect. He will be asked for the that he made when he crted the server. Once he types it in, he will be connected to my computer and have full control over it.

13. Now the has a lot of options to choose from as you can see on the right. He has access to all my computer files, he can shut down my pc, get all the saved s off my computer, send a message to my computer, format my whole hard drive, take a screen shot of my computer, and so much more. Below I’ll show you a few examples

14. The below shows the message I would get on my screen if the chose to message me.

15. Below is an of my task bar after the clicks on Hide Start Button.
16. Below is an of what the would see if he chose to take a screen shot of the victims screen.

As you saw in the above example, a can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won’t get infected. Many skilled s can program their own viruses and Trojans that can sily bypass anti-virus programs.

No comments:

Post a Comment