Now
all keyloggers and RATs are sending data to the hacker in regular intervals
(usually every 5 to 10 minutes) by using one of the two methods below:
1.
Using the Emails: where hacker configures his email ID and password while creating
the server. Keylogger records the key strokes in a temp file and sends it to
the hacker in form of emails. But this has a limit as most free email servers
like Gmail or Yahoo or Hotmail has limit of 500 composed and received mails. So
most hackers use the second method.
2.
FTP server: While creating the keylogger server, hackers configure their FTP
server, where they receive the logs of key strokes in the form of text
file(usually labeled on the
basis
of current system time stamp).
Hackers
keylogger server uploads the files to FTP server after every few minutes
interval.
If
we monitor all data packages we can easily scan for one of these and then we’ll
have the hackers email info or FTP info. What can we do with this, you might
ask; highly skilled hackers obviously won’t allow this as they create a
completely seperate email or FTP site which leaves no traces of them, but
novice skilled hackers (there’s plenty of those) will just use their own email
or leaving behind information about them. An example could be that you find the
name of the person from the email you backtraced – this ain’t his primary
email, so there’s nothing valuable. From there you can look up his name on
Google, you’ll probably find his real email on some site; then simply try to login
to it using the password from the fake email (most novice skilled hackers will
have the same password).
Wireshark
is a very famous network scanning hack tool which is used by hackers or network
forensic experts to monitor the packet flow of their network cards like
Ethernet or WLAN. It records each and every packet coming and going out of your
system’s Network card.
Packets
is just a bunch of data. Whenever you feel anything suspicious in your system
like your system is compromised or you are infected follow the steps below
prior to removing the keylogger or RAT from your system.
Steps To Reverse
Engineering The Email Or FTP Servers Password:
1.
First of all download and install Wireshark. You can easily get this simply by
Googling it.
Note:
While Wireshark is getting installed, ensure that it installs the Winpcap with
it otherwise it won’t work properly.
2.
Now go to the “Capture”-button in the top menu of the Wireshark and select the
interface (means your network card which can be Ethernet or WLAN).
3.
It will now start capturing the packets through that Network card.
What
you have to do is just keep capturing the records for atleast 30 minutes for
getting the best results.
After
30 minutes, stop capturing the packets.
4.
Now you need to filter your results, for this go to the filter box and type FTP
and SMTP one by one.
Note:
if you get records for FTP then hacker has used FTP server and if you didn’t
get FTP that means the hacker has used SMTP, so give SMTP in Filter box.
5.
As you scroll down you will find the “FTP username” and “Password”
for
victims ftp account in case FTP server is used. And if hacker has used SMTP
then you will find “email address” and its “password” that hacker has used to
create the server.
NOTE:
This won’t work in all cases, but it’s certainly worth trying. You would definitely want to know who is snooping for information a round you:sometimes it's the last person you'll ever suspect
Happy Hunting *Smiling*
No comments:
Post a Comment