Hello everyone how you all doing i hope everyone is doing good today i am going to write this tutorial which is based on how to disinfect our computer system if it has been key logged and then how to hack or revert a ftp and email based keylogger.
Disclaimer- This tutorial is made only for educational purposes, i hereby take no responsibility how you
uses it, its one kind of busting those black hat hackers!!!
Important-Hacking or reverting a keylogger based on ftp is quite difficult technique as you are hacking a hacker!! I will recommend you to read this carefully after that try and try till you get success.
Table of content-
1) What is reverting
2) How to check if you are infected
3) Disinfect or deleting keylogger from your computer
4) Tools needed to revert a keylogger
5) Method to revert a keylogger based on ftp
6) Hack the Hacker
7) Extras (hacking a email based keylogger)
What Is Reverting?
Reverting means reversing an action or undoing the changes in a system, when i say system, then its not only our pc or laptop but any thing in universe!!! But in our case we will consider our computer as system, in which we have to do changes or do reverting.
How To Check If You Are Infected?
1st method-
Every program has their own process which can be seen on task manager. So the first thing to do is to find out which process the Trojan(keylogging program)is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that..
So you have very few chances to know you are infected or not by this method.
2nd method-
i) Go to Start–>Accessories–>Command prompt.
Now after opening command prompt, type netstat -a and hit enter to check for any unknown port.
Newbie note-
NETSTAT command is used to check whatever ports are open or in use!!
netstat -a command will show all the opening ports.
ii) Now type netstat -b. Now check for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored or infected
Newbie note-
netstat -b command show you the active connections with the process with their PID (Process Identifier) and also the packets.
Disinfect or deleting the keylogger -
Go to your task manager.
On the top of it, click on View–>select Column–>Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also Now most of the RATs and Keyloggers resides on Start up.
How to delete them from start up?
a) Go to regedit —>HKLMSoftwareMicrosoft Windows Current versionRun
On the Right hand side, check for the process name which you find on above step, if its not their. check at HKCUSoftwareMicrosoftWindowsCurrent VersionRun
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.
Tools needed to revert the keylogger
i) Keloggers- Its obvious,you will need the keyloggers you want to hack
ii) password stealer-there are many password stealers at internet, i cant post recommended name here
iii)Virtual machine- if you dont know, how to setup a virtual machine, then google it, its easy. We will be using virtual machine so that we can install our keylogger in it without infecting our real machine (computer). Method to revert the keylogger Run the keylogger in your virtual machine and start your password stealer. after some time you will get all info of ftp server on which keylogger is sending the logs along with your password .Now login using ftp password that we got from the sniffer and get going. I would recommend to steal the logs quietly like a ninja, so you can get others logs as well. Of course you can change the pass if you want but it won’t send any further logs.
Hack the Hacker-
Most of hacker use ftp account to get keystroke recorded from slave computer like. Assume hacker have install a key logger to your pc now how to trace that hacker( when the keylogger is installed in your
computer and it is sending keystrokes it have to log in ftp account as the hacker has programed it)
Now u r thinking how to trace???
Get some network tracer or network monitoring tool… NOw hacker have install log file in your pc and u want to hack hacker-
1) Open your netwok tracer chose your network and start monitoring your network ( network monitor will show you you all ftp, http, udp, tcp and all type of connected to your computer)
2) Hacker set particular time after this particular time key stroke will be send to his ftp account it will be maximum 10 min so wait 10 min
3) Hacker is using ftp account so filter its type to ftp and hit enter.
4) Now you will see that the key loger is sending key stroke to ftp account and you will see all information even u will see the user name and ftp password and many thing else.
Extras-
Most of keyloggers are sends information on ftp, but if we came across a keylogger which sends information on email, than what we can do?? So here is method to revert a keylogger based on email-
Get a keylogger and just open a Cheatbook tool (cheatbook of pC/psp games ) Or You can use any hexeditor tool but cheatbook is commonly used by many so i decided to include this in my tut
Now follow the steps-
(a)once you have opened the cheatbook click on The red highlited tab in image (b)in the editor just go to file>open >and select the keylogger
(c) when you have opened the file you should scroll down to the last till the text ends and there is that hacker’s Gmail Id and Pass.
Comments
Post a Comment