lets leave . Have your wallpaper ever changed automatically ? Have the
programs ever started without your initiation ? Have the browser opened
unexpected websites automatically ? Simply have you ever felt that
someone else is controlling your computer ? NO ?
might hide this server.exe behind any genuine file like a song or
image. Attacker gives this file to victim and victim is supposed to
double click on it.
part , a port on victim’s computer gets opened and attacker can control
his PC sitting remotely in any part of the world through the control
panel(client part). Attacker can do anything with victim’s computer
remotely that victim himself can do on his computer.
method, after the server part has been installed on victim’s machine,
the attacker enters the public IP address assigned to victim’s computer
for making a connection to it. But limitations of direct connection is
that public IP address is most probably dynamic and gets changed
everytime one disconnects and reconnects. So attacker needs to find out
IP address of victim each time.Moreover the incoming connection like
this is usually restricted by firewall.
main limitation of direct connection is that you can not access the
victim who is behind a router or a network beacuse victim’s machine is
not assigned public/external/wan IP. It is only assigned
private/internal/lan IP which is useless or meaningless for computers
outside that network.The wan IP belongs to his router.
It doesnt matter how attacker is connected to internet. Attacker can be connected to internet any of three means.
Victim is behind a router in this case. (havent inserted the picture of victim behind a network, imagine that )
In this method, attacker enters his own IP address in server part while
configuring it .So when the server part is installed on victim’s
computer, it automatically makes connection with client part that is
attacker. Also the firewall in victim’s machine would not restrict to
outgoing connections. Problem in this case is same that attacker’s IP is
also dynamic. But this can be over come easily. Attacker
actually enters a domain name in server part which always points to his
Reverse connection can bypass a router or a network.
You might be confused at this point. Kindly mention your queries/doubts in comments.