In this post i will show you how to revert those keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on warez sites, youtube etc. You basically need the following things:
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp protocol isn't very safe since it doesn't encrypt the data. Anyways you should see the IP address where your PC is sending packets. And also the username and password. This might not work if the server is using other protocol like http, smtp, etc. you'll most probably get junk values in user and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password that we got from the sniffer and get going. I would recommend to steal the logs quietly like a ninja, so you can get others logs as well. Of course you can change the pass if you want but it won't send any further logs.
Posted By Forhadul Hasan Rasel
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on warez sites, youtube etc. You basically need the following things:
- Keylogger, passstealer
- Cain and Abel
- Virtual machine (so you don't get infected, and what if the hacker is using better protocol that would be epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp protocol isn't very safe since it doesn't encrypt the data. Anyways you should see the IP address where your PC is sending packets. And also the username and password. This might not work if the server is using other protocol like http, smtp, etc. you'll most probably get junk values in user and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password that we got from the sniffer and get going. I would recommend to steal the logs quietly like a ninja, so you can get others logs as well. Of course you can change the pass if you want but it won't send any further logs.
Posted By Forhadul Hasan Rasel
No comments:
Post a Comment