you ever wondered to setup a website without signing up at any web
hosting site ? Learning web site designing and wanna keep testing how
your web pages look? Free Web hosting sites removing you phishing
that is serving something . Like webserver serves webpages, ftp
server serves files. Any computer can be turned into a server by simply
installing a server software. In this post,
installing this, contents of a particular directory of our computer
would accessible all over internet . Means one could access those
contents from any part of the world through our Public IP address.
your local machine address that is 127.0.0.1 or localhost. Hopefully you
must get the XAMPP page as shown.
Get a domain name ?
Now you would want to get a domain name instead of using the Public IP to check out your contents.
But how can we get a domain name because our IP is dynamic and to which IP domain name would point ?
Dont worry, we have a solution.
1. Log on to www.no–ip.com and sign up for an account. Choose available domain name.
2. Download their dynamic DNS update client and run on PC.
client would automatically keep updating your dynamic IP address and
that is how the selected domain would always be pointing to your IP
This tutorial is about configuring and using a trojan. There are many
trojans available on internet for free. Some popular ones are Beast, Pro
Rat, Netbus , Back Orifice, Girlfriend, Sub 7. I will be using Pro Rat
in this tutorial.
1. Prorat- Click here to download Trojan Prorat.
2. Hostname –
Your IP address would probably be dynamic that it keeps changing
everytime you disconnect and reconnect. You need a host name which
always automatically keep pointing to your changing IP. Follow these
1. Log On to www.no-ip.com and register for an account.
2. Go to Hosts/Redirects -> Add Host and choose any free available
hostname. Do not change any other option and simply click on Create
3. Downloading and install their DNS update client available here http://www.no-ip.com/downloads.php Run it and enter your credentials. Update your host name and save it.
Lets check whether your IP has been associate with chosen host name or
not. Go to command prompt and type ‘ping yourhostname’ (without quotes) ,
hopefully it should reply with your IP address.
Tutorial for configuring Trojan.
1. Open prorat.exe that you have downloaded.
2. Click on Create and then Create ProRat Server
3. Enter your host name in the ProRat Notification field as shown. Uncheck all other options.
Click on general settings Tab and have a look at server port,password,
victim name. Remember these things.Check out and configure other options
as per your need. You can bind server.exe with any genuine file,
change its icon etc.
Finally click on create server and now its ready to be sent to victim.
Once victim installs it, it would automatically disable
Modes of sending-:
You must be thinking of sending this server.exe to victim through an
email as an attachment but unfortunately you cant do so. The good option
is to upload it on any uploading site like mediafire.com and
give downloading link to victim.
What after victim has run the server part ?
1.Click on ProConnective Tab and start listening to connections. Allow firewall if it asks you to open a port.
2.You will start listening to connections, I mean you will get a notification as shown when victim would be online.
Note: If you know victim is online and still its not listening to
any connections. Trace victim’s IP,enter in IP field and hit connect.
But its gonna work only if he is not behind any network and directly
connected to internet. If you dont know how to trace IP, mention in
What after successful connection ?
victim’s machine. There are numberless interesting things to do. I
leave this part on you. Have Fun.
How to make it undetectable from antivirus ?
Though there isn’t any hard and fast way to make it fully undetectable
from all antiviruses. The real way to do it is modify the source code of
open source trojans available. Its very challenging job. There are many
crypters which claim to make it undetectable but unfortunately hardly
one out every hundred works. I would try to write next article on the
Contermeasure against Trojans –
The obvious coutermeasure against trojans is that do not accept downloading links blindly. Keep your antivirus up to date.
Detecting and removing Trojan –
Though trojan once installed is very hard to remove . It would hide itself from the Task Manager . Install Process Explorer
and it would hopefully show you all process running including trojan.
Kill the process and remove it. One good thing is to carefully check the
open ports and services running through ‘netstat’ command. Anyways ,
the best option is to reinstall the windows.
Feel free to ask the queries in comments 🙂
lets leave . Have your wallpaper ever changed automatically ? Have the
programs ever started without your initiation ? Have the browser opened
unexpected websites automatically ? Simply have you ever felt that
someone else is controlling your computer ? NO ?
might hide this server.exe behind any genuine file like a song or
image. Attacker gives this file to victim and victim is supposed to
double click on it.
part , a port on victim’s computer gets opened and attacker can control
his PC sitting remotely in any part of the world through the control
panel(client part). Attacker can do anything with victim’s computer
remotely that victim himself can do on his computer.
method, after the server part has been installed on victim’s machine,
the attacker enters the public IP address assigned to victim’s computer
for making a connection to it. But limitations of direct connection is
that public IP address is most probably dynamic and gets changed
everytime one disconnects and reconnects. So attacker needs to find out
IP address of victim each time.Moreover the incoming connection like
this is usually restricted by firewall.
main limitation of direct connection is that you can not access the
victim who is behind a router or a network beacuse victim’s machine is
not assigned public/external/wan IP. It is only assigned
private/internal/lan IP which is useless or meaningless for computers
outside that network.The wan IP belongs to his router.
It doesnt matter how attacker is connected to internet. Attacker can be connected to internet any of three means.
Victim is behind a router in this case. (havent inserted the picture of victim behind a network, imagine that )
In this method, attacker enters his own IP address in server part while
configuring it .So when the server part is installed on victim’s
computer, it automatically makes connection with client part that is
attacker. Also the firewall in victim’s machine would not restrict to
outgoing connections. Problem in this case is same that attacker’s IP is
also dynamic. But this can be over come easily. Attacker
actually enters a domain name in server part which always points to his
Reverse connection can bypass a router or a network.
You might be confused at this point. Kindly mention your queries/doubts in comments.
While visiting public internet cafe ,some innocent peoples click the
“Remember” while mozilla asking for remembering. This is one of the
benefit for us to hack their account in very simple way.
Follow these steps to see the saved Passwords:
- click the “Tools” menu in menu bar.
- Select Options
- It will open a small window
- Select the “security” tab in that small window
- You can view “saved Passwords” button
- Click that button.
- It will another small window
- There will be list of sites with usernames
- Select One site and click the “show Password”
- It will clearly show you the password
I found this amazing tutorial which will let you install the easy hacking operating system for hacker i.e “BackTrack 5” on an Android Device.
The most important thing was that they installed Backtrack using a VNC option. In this you don’t have to change your origina operating system and can access backtrack like an application only.
If you know linux you can probably write small script to run the backtrack 5 on your android device.
Description: Backtrack is a very popular linux distribution for penetration testing. It has hundreds of tools for pentesting and hacking. Now a version of backtrack is available for arm processor devices. Normally android based mobile devices uses arm processor so we can install arm version of backtrack on android devices.
This video explains very clearly step by step method of installing process of arm version of backtrack on android devices. Following are the steps and utility for the installation process.
1. Download terminal emulator,android vnc and arm version of backtrack.
2. Extract the content of img file and transfer it in to memory of android devices.
3. Install BusyBox and start it.
4. Open terminal emulator. use “cd” command to get in backtrack directory where extracted content is saved on memory card of device. In this case command is
5. Type “sh bootbt” and we will be in Backtrack.
Do tell us if this tutorial helped you out.