There are many small school rookie racing to hackers, as Honker. Every time the chat room have a lot of the students asked me how to invade someone else's computer, how to plant Trojan horses and so the other computer. Do not get me wrong teaching them to go astray Yeah, they all want to know this knowledge, and not want to sabotage all night. Saying is not to say: Heart Church, the good thing in large Yan.
Now idle is idle, on the use of Trojan to Serv-U and to the "fish" for the next hook, let the "fish" were automatically bite, so that we can follow it into the other computer, the "black" its about , try hacking the awe-inspiring, when a hacker version of Jiang Taigong.
First, prepare tool
Do bad things must be well prepared before preceded by much more, such as hackers, only ready, black up only convenient, it smoothly with them. Here is the catch this time we use to "fish" appliances, you had better ready Yeah.
1. Fishing rod - Serv-U. Serv-U FTP Server is a tool that can make your computer into a FTP server, so you can make FTP lovers "into all", and the play should play a.
2. Bait - Remote control the wind took hosts RUNDLL.exe. This is a newly developed, powerful backdoor Trojans, and their safety is great, the system can be hidden to the normal process, part of their anti-virus tools have no alternative but to (at least finding out the author of the Norton 2004). With it, we can be disguised as a file waiting for "fish" bite the.
3. Magic potion - peanut shell client. That's a very useful tool, it can be a dynamic domain name and IP mapping, it would not have time to tell their own IP, "fish" who make their IP protection while in the convenience of the "fish" to bite hook, really great.
Second, fishing strategies
Now what should we speak of strategy, let's speak briefly to "fish" bite of the strategy, and others do not engage in mysticism. Now the network is the most popular FTP downloads, regardless of software, processes, systems, video and so on, as long as download, there will be many connections to download, Nazan with Serv-U to make a FTP server, to find a bit of better software or program, and then renamed as a bait RUNDLL tempting name, such as "important documents", "FTP server address set" and so I put the renamed killgirl.exe, and it and other documents in the same directory FTP for fans to download.
If any fool download this bait, let's Serv-U can be found on the record, then it is your time to show its mettle.
Third, put fishing line
With the above, careful preparation, will now proceed to put fishing line.
First, install a good peanut shell client, register and apply for a domain name, such as the author for the zhntou.vicp.net, use the domain name to access the FTP server, not only convenient, but not exposed to their own IP addresses, IP addresses, after all, exposed too dangerous, and confidence is not high.
Followed by the installation of Serv-U, and set the can anonymously (anonymous) users to access the FTP resource directory, of course, this directory must first keep it RUNDLL Trojan. Then set the Serv-U for the user in the "record" events (Figure 1). Such as the user's corresponding record-keeping to the "G: Program FilesServ-Ulog.log" file, so including the user's IP, which files to download, which carried out operations on all records to the log.log file a .
The next release will be the establishment of a good FTP server to the big forum, you can wait for the fish bite. To have a little patience, after all, "fishing" No patience is not catch any big fish. Moment, we can from the Serv-U's "activities" to see the record data of a large number of connections (Figure 2). First non-urgent, and so on for an hour is the time to close the net.
[5] Thu 03Jun04 11:08:59 - (000018) Connected to 219.242.106.92 (Local address 221.192.18.254)
[5] Thu 03Jun04 11:08:59 - (000018) User ADMIN logged in
[3] Thu 03Jun04 11:09:36 - (000018) Sending file i: hackerkillgirl.exe
[3] Thu 03Jun04 11:09:36 - (000018) Sent file i: hackernethackeriinethackeriichinese.txt successfully (312 kB / sec - 2553 Bytes)
[5] Thu 03Jun04 11:09:47 - (000018) Closing connection for user ADMIN (00:00:48 connected)
The above is the author of the log.log file interception short, you can see, the first line of "219.242.106.92" is the other's IP address, "221.192.18.254" is your IP address, in brackets, "000 018 "Serv-U for the user is assigned an ID mark, the same as long as the ID mark is the same user to operate. From the above we can see that the user downloads a very tempting wind took Trojan "killgirl.exe", and in 11:09:47 "Clossing" disconnected.
Through analysis, we know that eventually the "fool" the beginning bite, and not anxious to wait to collect more than download this "killgirl.exe" Trojan user IP information, so there are more than 10, and then open the Remote control the wind took control side, began to harvest the fish:)
4, big fish caught
Now what is the link to download the wind took that horse and get the IP of the remote host, you can do whatever they want to return as a "black" guest. Well, let's start looking at how to use the remote control the wind took a hacker style show it.
Tip: the wind took the remote control is a very powerful horse, its latest 3.6 version of the antivirus can hardly be detected. The hosts run the program for the first time, the screen has not changed, but the system automatically in C: Program FilesRemote generate a directory called "setup.ini" in the configuration file, the original program files are automatically cleared. After every time you start system, the Trojan will start automatically. If your system has this directory and the file should be careful that woven.
Start the wind took host, in its main window of the "remote host IP" text box, enter our log.log obtained by analyzing the IP address (as shown in Figure 3, the "221.192.20.xx"), completed Click the icon above the first control "connection", when the connection is successful, the main window will appear below the "remote host 221.192.20.xx connection successful" message. At this point, casually Zan how to operate all, the Neat huh.
Tip: log.log analyzed from the wind took out the downloaded Trojan horse "killgirl.exe" user IP, not every one can be connected only after it runs on the computer, and its IP address does not change time to connect successfully. So we have to find a few more "fool" the IP, one by one test, and finally there will be a big fish is your control.
At this point, you rookie friends have finally mastered a hacker tactics, caught his first big "fish", satisfying the same time once again to remind us that we must not be executed to download the program from the network, especially from the QQ, , FTP or on some unknown website to download the program, file, or if the move is likely to cause serious damage oh