Saturday, March 17, 2012

[Tutorial] Disinfecting and Hacking a Keylogger


To disinfect yourself and hack the keylogger.

This tutorial is based on how to disinfect ourself if we are keylogged and then how to hack or revert a ftp and email based keylogger..

Disclaimer-

This tutorial is made only for educational purposes, i hereby take no responsibility how you uses it….
I also take no responsibility if you reached jail but that have very few chances as its not illegeal, its one kind of busting those black hat hackers!!!


Important-
Hacking or reverting a keylogger based on ftp is quite difficult technique as you are hacking a hacker!! I will recommend you to read this carefully after that try and try till you get success….

Table of content-

1) What is reverting
2) How to check if you are infected
3) Disinfect or deleting keylogger from your computer
4) Tools needed to revert a keylogger
5) Method to revert a keylogger based on ftp
6) Hack the Hacker
7) Extras (hacking a email based keylogger)

What Is Reverting

Reverting means reversing an action or undoing the changes in a system, when i told system, then its not only our pc or laptop but any thing in universe!!!
But in our case we will consider our computer as system, in which we have to do changes or do reverting.

How To Check If You Are Infected

1st method-
Every program has their own process which can be seen on task manager. So the first thing to do is to find out which process the Trojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that..
So you have very few chances to know you are infected or not by this method.

2nd method-
i) Go to Start–>Accessories–>Command prompt.
Now after opening command prompt, type netstat -a and check for any unknown port.

Newbie note-
NETSTAT command is used to check whatever ports are open or in use!!
netstat -a command will show all the opening ports.

ii) Now type netstat -b. Now check for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored or infected

Newbie note-
netstat -b command show you the active connections with the process with their PID (Process Identifier) and also the packets.

Disinfect or deleting the keylogger

Go to your task manager. On the top of it, click on View–>select Column–>Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also

Now most of the RATs and Keyloggers resides on Start up. How to delete them from start up?

a) Go to regedit —> HKLMSoftwareMicrosoftWindowsCurrent versionRun
On the Right hand side, check for the process name which you find on above step, if its not their. check at

HKCUSoftwareMicrosoftWindowsCurrent VersionRun
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.

Tools needed to revert the keylogger

i) Keloggers- Its obvious, you will need the keyloggers you want to hack

ii) password stealer- there are many password stealers at internet, i cant post recommended name here, (check comments section located below for names of two most popular recommended password stealer, i will be using them)…..
I will show guides for both recommended stealer and refer them as 1st type and 2nd type..

iii) Virtual maschine- if you dont know, how to setup a virtual maschine, then google it, its easy. We uses virtual maschine so that we can install our keylogger in it without infecting our real maschine(computer).

Method to revert the keylogger

Run the keylogger in your virtual maschine and start your password stealer. after some time you will get all info of ftp server on which kylogger is sending the logs with password also. Now login using ftp password that we got from the sniffer and get going. I would recommend to steal the logs quietly like a ninja, so you can get others logs as well. Of course you can change the pass if you want but it won’t send any further logs.

Hack the Hacker-

Most of hacker use ftp account to get key stroke recorded from slave computer like.

Assume hacker have install a key logger to u r pc now how to trace that hacker( when the keylogger is installed in your computer and it is sending key strokes it have to log in ftp account as the hacker has program it)
Now u r thinking how to trace???
Get some network tracer or network monitoring tool…

NOw hacker have install log file in your pc and u want to hack hacker-
1) Open you netwok tracer chose your network and start monitoring your network
( network monitor will show you you all ftp, http, udp, tcp and all type of connected to your computer)

2) Hacker has set particulate time after this particular time key stroke will be send to his ftp account it will be maximum 10 min so wait 10 min

3) Hacker is using ftp account so filter it type ftp and hit enter.

4) Now you will see that the key loger is sending key stroke to ftp account and you will see all information even u will see the user name and ftp password and many thing else.

5) NOW YOU BETTER KNOW WHAT TO DO NEXT..

AND IF YOU HAVE ANY OTHER ALTERNATIVES THEN DO LET EVERYBODY KNOW. :D

Extras:-

Most of keyloggers are sends information on ftp, but if we came across a keylogger which sends information on email, than what we can do??
So here is method to revert a keylogger based on email-
Get a keylogger and just open a Cheatbook tool (cheatbook of pC/psp games )
Or You can use any hexeditor tool but cheatbook is commonly used
by many so i decided to include this in my tut
Now follow the steps-

(a)once you have opened the cheatbook click on The red highlited tab in image

(b)in the editor just go to file >open >and select the keylogger

(c)
when you have opened the file you should scroll down to the last
till the text ends and there is that hacker’s Gmail Id and Pass

Congrats you just hacked a Keylogger maker’s Email and pass
now enjoy…

Hope you enjoyed this tutorial…

Do LIKE this and SHARE..

2 comments:

keylogger said...

The unknown port is missing at step#2? Please help...

Blogger said...

BlueHost is ultimately the best web-hosting provider with plans for all of your hosting requirements.

Post a Comment

 
Design by Secure Hackers