Showing posts with label Back Doors. Show all posts
What is RAT (Remote Administration Tool)
Legend:
Q - Question
A - Answer
Download: - Download link
Resources: - Link to video explanation or some tutorial
In this tutorial you going to learn more about RAT(s) and how they work. Well RAT(s) are usually used for hacking, and they are detected as backdoors.
Popular RAT programs
[x]Cerberus Rat
[x]ProRat
[x]Poison Ivy
[x]Turkojan Gold Rat
[x]Sub Seven
[x]NetBus RAT
[x]Spy-Net
[x]LostDoor
[x]BitFrost
[x]Nuclear RAT
[x]Bandock
[x]Pain Rat
[x]Beast
[x]Optix Pro
[x]DARKMOON
[x]Net-Devil
[x]Apocalypse Rat
[x]CyberGate
[x]Bandook
[x]Shark
You can find really good RATs, here on HackForums for free. Also there's private version which are Fully Undetectable from AV's, but still you can find some really good RATs for free. You will only need file Crypter to make them FUD again.
Remote Administrator Tools Q&A.
Q - Whats RAT?
A - A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling PC's, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.
Q - How they work?
A - Some RATs can spread over P2P file sharing programs(uTorrent,
Q - Download?
A - Well you can find any type of RAT here, on HackForums. To download click spoiler(down) and you will find some links. Also, you can buy FUD private version of RAT: Albertino RAT, Medusa Rat, jRAT etc. Also you will need DNS host for your RAT.
Q - How do I control server?
A - Once installed, RAT server can be controlled via RAT client. From IP list box you choose PC and connect.
Q - What do I need to setup RAT?
A - Well, you will need Windows OS, open port & RAT. To forward your port scroll for tutorial link or click this URL.
Q - How do I port forward?
A - Port forwarding is easy and important for RAT. Well, you need open port because RAT connects through open port and bypass firewall. Open your web browser and write your IP and connect to your rooter(write Username: Admin & Password: Admin), open port forward page and write port you want and your IP. Well that's all you need to do and now you got open port
Q - How do I make my server FUD?
A - If you want to make your server FUD again, you will need crypter(you can find free FUD one here.). Also, you can hex edit your server, but be careful some servers can crash after hex editing, any way check out this cool tutorial How to make FUD with hex editing.
Q - How do I remove server if I infect myself?
A - When you infect yourself, first what you going to do is to connect to your PC. Some RATs have function to uninstall servers, well you click that and you uninstall it. Well there is another way, download MalwareBytes' Anti-Malware and scan whole computer for trojan.
Q - Legal or illegal?
A - Well some RATs are legal, and some are not. Legal are the one without backdoor left, and they have abillity to close connection anytime. Illegal are used for hacking and they can steal data(Credit Cards, Passwords, private data etc.).
Legal:
- TeamViewer - Access any remote computer via Internet just like sitting in front of it - even through firewalls.
- UltraVNC - Remote support software for on demand remote computer support. VNC.Specializing in Remote Computer Support, goto my pc, goto assist, Remote Maintenance
- Ammyy Admin - Ammyy Admin is a highly reliable and very friendly tool for remote computer access. You can provide remote assistance, remote administration or remote
- Mikogo - Mikogo is an Online Meeting, Web Conferencing & Remote Support tool where you can share your screen with 10 participants in real-time over the Web.
Illegal:
- Spy-Net
- Cerberus Rat
- CyberGate Rat
- SubSeven
- Turkojan
- ProRat
Q - Where and how do I spread?
A - There are few different ways to spread your server. You can spread on warez websites, P2P file sharing websites(uTorrent, Pirate bay etc.), YouTube etc. Well some people use custom made Auto-Spreaders programs to spread their server. But best and most effective way to spread is when you FUD your server.
Q - Whats DNS host?
A - The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
Q - What can RAT do?
A - Here is list of basic features:
A - There are few different ways to spread your server. You can spread on warez websites, P2P file sharing websites(uTorrent, Pirate bay etc.), YouTube etc. Well some people use custom made Auto-Spreaders programs to spread their server. But best and most effective way to spread is when you FUD your server.
Q - Whats DNS host?
A - The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
Q - What can RAT do?
A - Here is list of basic features:
• Manage files
• Control web browser(Change homepage, open site etc.)
• Get system informations(OS Version, AV name, Ram Memory, Computer name etc.)
• Get passwords, credit card numbers or private data etc.
• View and remote control desktop
• Record camera & sound
• Control mouse
• Delete, rename, download, upload or move files
• Control web browser(Change homepage, open site etc.)
• Get system informations(OS Version, AV name, Ram Memory, Computer name etc.)
• Get passwords, credit card numbers or private data etc.
• View and remote control desktop
• Record camera & sound
• Control mouse
• Delete, rename, download, upload or move files
Q - What's reverse Connection?
A - A reverse connection is usually used to bypass firewall restrictions on open ports. The most common way a reverse connection is used is to bypass firewall and Router security restrictions.
Q - Whats direct connection?
A - A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.
Q - Can I get traced when I rat somebody?
A - Yes and no. Depends on slave, it is really hard to remove infection or even trace a hacker. There are tools like WireShark, but it's really hard to trace, because PC usually got over 300 connections. So don't worry.
Direct connection:
A - A reverse connection is usually used to bypass firewall restrictions on open ports. The most common way a reverse connection is used is to bypass firewall and Router security restrictions.
Q - Whats direct connection?
A - A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.
Q - Can I get traced when I rat somebody?
A - Yes and no. Depends on slave, it is really hard to remove infection or even trace a hacker. There are tools like WireShark, but it's really hard to trace, because PC usually got over 300 connections. So don't worry.
Direct connection:
Code:
[Client]
| [Client]
| /
| /
| /
| /
[Server]-----[Client]
| [Client]
| /
| /
| /
| /
[Server]-----[Client]
![[Image: 214a5ap.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_twGKThzsB_XPela0R5m4WrZcwsUCqgIcr4duAhcvzcHOyKSwX1-w3ZuuLfz6Lm8CS38uX4MZm-Ppz4tIRiIfHnuOr6Uw=s0-d)
![[Image: spy-net.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tJQRYin36X1uA3yo8Gr0Gsxnou3cIO6USl7haaaBqh9ptqsiSTdRm9E905bsoLOvZ__kLX7YAkzQalbCkvrG-GT4NQtQ7pr1L5PME=s0-d)
![[Image: xqi3he.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ufVSLwyGDP0jCpfjx5bTnHXyRk6LONoJieInfU_yLhN551z_nkxh0QPveFajozyHJgvUT-FmOlpRPiD8ifAcMSHBEjBA=s0-d)
![[Image: Prorat.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vZE7dbJibpzIx20WAzHuGyRvMmAYVPdwxTOg5-uGa6yuq9OrcaobFiFU654Nq_QWVE0Iu6f5oK0YVUciiYjEPpMnZuZFp_TGztiO6U_BRNIHrsPl-seAKBsg=s0-d)
![[Image: xauvk2.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tra1DscX0texRKeTlOQ47NFgw_OPirjoYRFz8IjGwHp05lFMOCxD07w9leoDFdhDT0bMJCwaoTJECkzOzIwRbuU3rU=s0-d)
![[Image: t5lthz.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vJwd_MPipNF0ixDH6lyYaUhws34dzgxkVM1rQio22_p4EZrT7UNMtxh3FdfIsjK2rf2yC3RJqXnBoDRIvuKkrdzxCJjg=s0-d)
![[Image: bi.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u7g5_DE_A-EVmWspA0Tq0J0owb2Qmp1sSCqCjcHy07tIbX-zAb3TCfBhdmCv9HsTxxF4G2mXgHGoMea0B6GWMf9q9xyQ=s0-d)
![[Image: 6gbnk8.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t6_mFB2XaoOJwFJts5hQ1ZpJjdkO-88zDPx_yD2Q-h0DAzSfwFcow-CnMhGQAxtb-yoW4Jr34xfk4fG6y2jSqPKF9_=s0-d)
![[Image: iz3ho3.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tNdL7SGPpspbCTdnfLI2hJS6fe-IQMFw37j41-8iD2_sJpKHCFm-JzsCg7IbQGhUR-onMGSfIJuzAIzG4qQ4cSysdl=s0-d)
![[Image: mainclientpasswords.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sX-3ntDl_utm9z9yKD2Lsse_sm8nir0qoNgOhgunrF1ZQAqBpLrKTt7Zk2PJb7ZC0rv3KUt91L1HJqUFMIYTWYn0ZkDN0gb81ULNVcWm18X4EzDIuJIPGTOt_fbGzFkXJtMVGGsHZcjWzO6J8=s0-d)
![[Image: ir3t6t.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u9dq4lmFgY_3j_wmtUd40odY99cF4fnNDcbR8S-q8kq9wuWW7QKXUmI0l2ZX2P2PWX0WkNpTwohDmch68O38nbP1iS=s0-d)
![[Image: MSN.jpg]](http://1.bp.blogspot.com/_TRTvzn0EcIY/SsQ7NaoBzSI/AAAAAAAAABI/yOxqUR0iIr4/s400/MSN.jpg)
![[Image: 2ijltau.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vHB7pb_lMK1sM6RTYRMmTIraId8xSoxkqTLeMmbJao_tIzGHi64opwv-5-BJxxajb0YFAjBVlj0i6qeJ33K5JN4Oipqg=s0-d)
======================================
==============================
Tag :
Back Doors,
RATs
Three Most used Backdoor Programs and how to Remove them?
There is a general misconception about security today. Most people would love to believe that their firewalls are completely capable to protect them from anything indecent. The sad part, they could not be more wrong. Hungry Hacker aim to prove it with three separate programs that can compromise the security of computers. You have the opportunity to say “What’s a backdoor?” Yes, these programs were created in 1990, but still pose a real threat today. It is the first two that are still being developed.
Using these programs any noob can remotely access your computer without any Authentication and do whatever he wants. I will tell you some of the features rest of them you need to try it and find out. These Programs :
Work as a key logger.
Send any Information from Victim’s PC to the Hacker’s PC.
Run any program on the Victims PC.
Display any Violating Image on victim’s Screen.
Open the CD Drive
Open any Web page on the Victims Screen.
Disable any Specific Key or whole Keyboard.
Shutdown Victim’s PC.
Start a Song on the Victim’s PC.etc.etc…………..
Back Orifice / Back Orifice 2000
Back Orifice is one of the most common backdoor programs, and one of the most deadly. The name may seem like a joke, but sure, the threat is real. Back Orifice was established in Cult of the Dead Cow group. Back Orifice is an Open Source Program. The main Threat of this software is that by making some changes in the code anybody can make it undetectable to the Anti virus Program running on the Victim’s computer. Apart from the strange title, the program usually gets port 31337, the reference to “Lit” phenomenon is popular among hackers.
Back Orifice uses a client-server model, while the server and client is the victim attacker. What makes Back Orifice so dangerous that it can install and operate silently. There is not required interaction with the user in, meaning you could its on your computer right now, and do not know.
Companies such as Symantec have taken steps to protect computers against programs that they consider dangerous. But even more attacks using Back Orifice 2000. This is due partly to the fact that it is still evolving, as open source. As stated in the documentation the goal is ultimately the presence of the Back Orifice 2000 unknown even to those who installed it.
Back Orifice 2000, developed for Windows 95, Windows 98, Windows NT, Windows 2000 and Windows XP.
Where can I download Back orifice 2000?
Back Orifice 2000 can be downloaded at the following address: http://sourceforge.net/projects/bo2k/
I infected! How do I remove it?
Removing Back Orifice 2000 may require that you change the registry settings. To remove it at 7 simple steps, refer to the diagram below.
How do I delete Back orifice 2000
Click Start> Run, and type “Regedit”(without the quotes)
Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices “
Now looking in the right box: “The umgr32 = ‘c: \ windows \ system \ umgr32.exe”
Right-click on this entry and click Remove. Now restart your computer.
After restarting only open Windows Explorer. Make sure you can see all registered extensions. To do so, select “View Options and configure the appropriate settings.
Go to the WINDOWS \ SYSTEM directory, and find “umgr32.exe” file. Once you find it, delete it.
Exit Windows Explorer and reboot again.
NetBus / Netbus 2.0 Pro
NetBus was established around the same time that the Back Orifice was in the late 1990′s. NetBus was originally designed as a program prank friends and family, of course anything too malicious. However, the program was released in 1998, and is widely used as a backdoor to manage computer.
Like the Back Orifice, NetBus allows attackers to do virtually everything in the computer victim. It also works well under Windows 9x systems, as well as Windows XP. Unlike Back Orifice, the latest version of NetBus regarded shareware is not free. NetBus is also implementing less stealthy operations, as a direct result of criticism and complaints of abusive use.
Where can I buy and download NetBus?
NetBus can be purchased and downloaded at the following address: http://www.netbus.org/
Ok, I am infected. Now what?
Fortunately, the latest version of NetBus is a valid program. It can be removed just like any other program. Previous issuance NetBus is a bit more tricky, however. If you are not lucky enough attacked with the latest version, the withdrawal process and in the Back Orifice.
How do I remove NetBus?
Click Start> Run, and type “Regedit ‘(without the quotes)
Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices “
Now, in the right box, looking as follows: “[Name_of_Server].”Exe Of course, you have to find the actual name of this file EXE-. Usually This” Patch.exe ‘or’ SysEdit.exe “, but may vary.
Reboot and remove all traces of the actual program, which can be left. Additionally, you can set yourself NetBus, and then use its own function disposal.
SubSeven / Sub7
SubSeven or Sub7, has been established for the same purpose was to NetBus pranks. Sub7 actually has more support for pranks, and has more advanced users. Sub7 also widely used by the script kiddies, although that many firewalls and anti-virus software before initialization.
Since Sub7 not supported for several years, the threat is usually very low. Most security programs will not have any problem in ending Sub7 before it has a chance to be started. This shows that the importance to the modernization and security programs is critical, because the money was still there.
Nevertheless, it is widely used by those who have physical access to your firewall, or security programs. If access rights, the tool will work without restrictions.
Where can I buy and download Sub7?
Sub7 not supported more, and hence is not available for download on any legitimate websites. If you were to make a Google search, you would find links to download Sub7. However, this is not the official site, and should be considered dubious and dangerous.
Sounds harmless, How do I remove it?
End of the following processes through the curator: “editserver.exe, subseven.exe”
Delete the following files: “editserver.exe, subseven.exe, tutorial.txt.”
Why these programs is absolutely legitimate?
All the basis behind these programs is that they are designed to help people, not harm. While some like NetBus really were originally created for pranks, they switched routes to avoid legal problems.
These programs claim to be the legitimate remote desktop program, although they certainly easily used for malicious use. These programs really should be used to aid or customer support departments. Why all adolescents is to copy these programs goes beyond us, but leave the content of their networks, while computer is a good idea.
The advent of new technology has made these programs in some respects less effective. However, programs such as Back Orifice 2000, yet still evolving, so do not be surprised to learn that he works in the background, waiting for instructions. Since the best defense is a good offense, be sure to save a sharp eye on what is installed on the network computers. After all, an ounce of prevention is worth a pound of cure.
Tag :
Back Doors,
Trojan Horse
