Linux menu

Thursday, January 14, 2016

Remote Administration Tool Darkcomet RAT Setting up Without Portforwarding

Remote Administration Tool Darkcomet RAT- picateshackz.com


It is a step by step tutorial with screen shots explaining about how to setup Remote administration tool Darkcomet RAT's remote server without Portforwarding .


Let's start,

1) Click Here and make your no-ip  account 1st.

2) Now click on Add a Host.




3.Now you will see this page.Fill the hostname field with a name.Your ip will be automatically entered.



4.Install No-ip Duc and open it.Click on Select Hosts.



5.Select the host you created and then click on save.



PROXPN

Note:If you have portforwarded then leave this part.Follow this part if you can’t portforward. Read my previous tutorial to setup Darkcomet with portforwarding

1.Click Here and Install Proxpn and create an account.




2.Now Connect.


DARKCOMET



1.Open up Darkcomet and click on edit server.



2.Don’t Select Security Password and click on generate a few times.



3.Now go to network settings and enter your no-ip address and desired port number then click on Test Network and then Add this configuration.



4.Now go to module start up and choose the options that are in the image because these settings can interfere with crypting.I recommend using crypter start up.



5.Adding a Message is your choice.

6.Don’t select any options as these will make the user thing they are infected so they might just format their pc’s.




7.Make sure that is checked.



7.Now go to build module and select what is in the image(it should be generate stubb,most likely) and click build.You can save it whereever you want.


You are done,

Now you can RAT someone by giving him/her this Server file (.exe)

Read my previous post to bypass antivirus detection  when you send your server file for remote installation.

You can also use FUD crypter and binder tools 4 this

What is RATs and how it is popular in hacking remotely(Remote Administrative tool)

*What is RATs and how it is popular in hacking remotely(Remote Admin tool)

remote administration tool (a RAT) is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity. Malicious RAT software is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software.
The operator controls the RAT through a network connection. Such tools provide an operator the following capabilities:
  • Screen/camera capture or image control
  • File management (download/upload/execute/etc.)
  • Shell control (from command prompt)
  • Computer control (power off/on/log off if remote feature is supported)
  • Registry management (query/add/delete/modify)
  • Hardware Destroyer (overclocker)
  • Other software product-specific functions
Its primary function is for one computer operator to gain access to remote PCs. One computer will run the "client" software application, while the other computer(s) operate as the "host(s)".


RAT trojan horses

Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also disable antivirus and firewall software. RAT trojans can generally do the following:
  • Block mouse and keyboard
  • Change the desktop wallpaper
  • Download, upload, delete, and rename files
  • Destroy hardware by overclocking
  • Drop viruses and worms
  • Edit Registry
  • Use your internet to perform denial of service attacks (DoS)
  • Format drives
  • Steal passwords, credit card numbers
  • Alter your webbrowsers homepage
  • Hide desktop icons, taskbar and files
  • Silently install applications
  • Log keystrokes, keystroke capture software
  • Open CD-ROM tray
  • Overload the RAM/ROM drive
  • Send messageboxes
  • Play sounds
  • Control mouse or keyboard
  • Record sound with a connected microphone
  • Record video with a connected webcam
  • Show fake errors
  • Shutdown, restart, log-off, shut down monitor
  • Record and control victim's screen remotely
  • View, kill, and start tasks in task manager
A well-designed RAT will allow the operator the ability to do anything that they could do with physical access to the machine. Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's Day or a holiday. Prank RATs are generally not harmful, and won't log keystrokes or store information about the system on the computer. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, or swap mouse buttons.


Notable RAT software and trojans

How to Hack Website Using Sql Map in Kali Linux - Sql Injection

How to Hack Website Using Sql Map 


In this tutorial i'm going to explain how to hack a website using sql map,  sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. This tool is available in Kali Linux (Hacker's Os).


Let's start with Kali Linux,


Kali Linux


First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you'll need to install Sqlmap on your own. Now if you don't have Kali Linux installed, you might want to go to this page: An Introduction to Hacker's OS Kali Linux and Installation Tutorial

Suggest you to read: Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto


Sqlmap


Basically its just a tool to make Sql Injection easier. Their official website  introduces the tool as -"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections."
A lot of features can be found on the SqlMap website, the most important being - "Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems." That's basically all the database management systems. Most of the time you'll never come across anything other than MySql. 

Hacking Websites Using Sqlmap in Kali linux

Sql Version


Boot into your Kali linux machine. Start a terminal, and type -
 sqlmap -h
It lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple command
sqlmap -u <URL to inject>. In our case, it will be-

 sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1
Sometimes, using the --time-sec helps to speed up the process, especially when the server responses are slow.
 sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --time-sec 15
Either ways, when sqlmap is done, it will tell you the Mysql version and some other useful information about the database.


answered in yes/no. Typing y means yes and n means no. Here are a few typical questions you might come across-
  • Some message saying that the database is probably Mysql, so should sqlmap skip all Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have to be other tests and conduct mysql tests only. Your answer should be yes (y).
  • Some message asking you whether or not to use the payloads for specific versions of Mysql. The answer depends on the situation. If you are unsure, then its usually better to say yes.

Enumeration

Database

In this step, we will obtain database name, column names and other useful data from the database.


So first we will get the names of available databases. For this we will add --dbs to our previous command. The final result will look like -
 sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

So the two databases are acuart and information schema.

Table

Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. It can, however, be useful on a number of occasions. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-
 sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables
The result should be something like this - 


Now we have a list of tables. Following the same pattern, we will now get a list of columns.

Columns

Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data).
The final command must be something like-
 sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns

The result would resemble this-


Data

Now, if you were following along attentively, now we will be getting data from one of the columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump. We will enter multiple columns and separate them with commas. The final command will look like this.
 sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dump

Here's the result


You are done,

John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Under such circumstances, the right thing to do is mail the admin of the website and tell him to fix the vulnerability ASAP. Don't get tempted to join the dark side. You don't look pretty behind the bars. That's it for this tutorial. Try to look at other columns and tables and see what you can dig up, Thank you.