English French German Spain Italian Dutch Russian Portuguese Japanese Korean Arabic Chinese Simplified

Friday, 23 December 2011

How to Own a Hacker - Reverting Keyloggers and Stealers

In my previous article I've been writing about How to know if you are infected with RATs or Keyloggers. Here i will show you how to revert those keyloggers, RATs, or stealers, and find who sent them to you.

What is Reverting?

Reverting generally means reversing an action or undoing the changes. Here in our case, reverting would be more of reversing the action.

For this we will need a keylogger server using ftp. It can be found on warez sites, youtube etc. You basically need the following things:
•    Keylogger, passstealer
•    Cain and Abel
•    Virtual machine
(so you don't get infected, and what if the hacker is using better protocol that would be epic fail).

Getting Started:
Execute the keylogger on your virtual machine

Now run Cain and Abel and do the following things as per stated order

Wait for sometime and then check back the passwords area

As you can see the keylogger used ftp protocol to transfer the logs. Ftp protocol isn't very safe since it doesn't encrypt the data. Anyways you should see the IP address where your PC is sending packets. And also the username and password. This might not work if the server is using other protocol like http, smtp, etc. you'll most probably get junk values in user and pass box if those protocols are used.

So i open the ipaddress

Guess what its our very own drivehq.com =D. Now login using ftp password that we got from the sniffer and get going. I would recommend to steal the logs quietly like a ninja, so you can get others logs as well. Of course you can change the pass if you want but it won't send any further logs


Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More