What are TROJANS?
A Trojan is a program that pretends to be legitimate program, while It is malicious in nature and is infecting the system in background. It provides complete access of that system to the Attacker.
How Trojans work?
Trojans work on client server basis. The client will reside on hacker’s system and the server will be on victim’s computer. When the victim clicks the server, client listens to the connections through the specified ports and gives the access to the victim’s system.
Ports
Ports are the end points that provide communication between computers or networking devices.
Physical ports- example usb ports,serial port etc
Virtual ports- Virtual ports provide a virtual connection between the computer systems. These ports are the ones we need for communication on internet. Different Trojans use different ports. These are referenced using some numbers. There are 65535 ports.
Direct connection Trojans
If the Trojan is direct connecting Trojan then attacker can connect to the victim directly and can get access to the victim machine, but the scenario is not always that easy. Victim can be behind a router, in that case direct connection Trojans will not any provide any access to the victim computer. One more disadvantage is we need to know the IP address of the victim.
HACKER-->server-->VICTIM
Example: PRORAT
Reverse connection Trojans
When the Victim is behind a router, direct connection Trojans will not provide any access to the victim computer. Here comes the need of reverse connection Trojans. In this case, the victim will be connected to the hacker using the server file. This is Very useful if the person sits behind a router . After infecting the victims PC, the trojan will automaticly connects to the hacker.
HACKER<--Server<--VICTIM
Example: Darkcomet
Port forwarding
If the hacker does not connect to the Internet directly (with a modem) and he sits behind a router, he needs to forward the trojan ports in his routers configuration if he is doing a reverse connection. This is called portforwarding. The basic idea of port forwarding is to instruct our router to allow external connections to our PC. It varies from router to router based on its company and version.
Dynamic IP address
Most of the computers today do not have a static IP address, So using a service like no-ip which gives you a name like hacker.no-ip.org which can be pinged from anywhere on the internet and it will give your current IP address. Set your reverse connection trojans to connect to this name.
No comments:
Post a Comment