Trojan Horse (Basics) - Part 1

Have you watched movie Troy ? okay lets leave . Have your wallpaper ever changed automatically ? Have the programs ever started without your initiation ? Have the browser opened unexpected websites automatically ? Simply have you ever felt that someone else is controlling your computer ? NO ?
Congrats, you probably haven't been a victim of trojan yet :).

A trojan horse is a remote administration tool(RAT). This is some thing extremely dangerous.  A trojan gives the full control of victim's PC to the attacker. 
 A trojan has two parts . One is client part (Control Panel) and other is server part (meant to be sent to victim).

The basic methodology of using a trojan is as follows:-

1. Attacker creates an executable file of size in kbs. This  is  server part of trojan and mostly called as server.exe

2.Attacker might hide this server.exe behind any genuine file like a song or image. Attacker gives this file to victim and victim is supposed to double click on it.

3.As victim run that server part , a port on victim's computer gets opened and attacker can control his PC sitting remotely in any part of the world through the control panel(client part). Attacker can do anything with victim's computer remotely that victim himself can do on his computer.

Note: Now I am assuming that you know a little bit about IP addresses that is lan/internal/private and wan/external/public IP.
Two different methods of working of Trojan.

1. Direct Connection : In this method, after the server part has been installed on victim's machine, the attacker enters the public IP address assigned to victim's computer for making a connection to it. But limitations of direct connection is that public IP address is most probably dynamic and gets changed everytime one disconnects and reconnects. So attacker needs to find out IP address of victim each time.Moreover the incoming connection like this is usually restricted by firewall.
The main limitation of direct connection is that you can not access the victim who is behind a router or a network beacuse victim's machine is not assigned public/external/wan IP. It is only assigned private/internal/lan IP which is useless or meaningless for computers outside that network.The wan IP belongs to his router.

It doesnt matter how attacker is connected to internet. Attacker can be connected to internet any of three means.

Victim is behind a router in this case. (havent inserted the picture of victim behind a network, imagine that )
2. Reverse Connection: In this method, attacker enters his own IP address in server part while configuring it .So when the server part is installed on victim's computer, it automatically makes connection with client part that is attacker. Also the firewall in victim's machine would not restrict to outgoing connections. Problem in this case is same that attacker's IP is also dynamic. But this can be over come easily. Attacker actually enters a domain name in server part which always points to his dynamic IP.

Reverse connection can bypass a router or a network.

You might be confused at this point. Kindly mention your queries/doubts in comments.

Note:This was just a basic theoretical guide of Trojans. Read Part 2 containing configuration and step by step use of   Trojans here.


Post a Comment
  1. Waiting For Part 2 Please Publish Soon U rock

  2. I have one! Windows asks me about 4 times when I start up if I want to run it. Just on a hunch, I click cancel. How can I get rid of it?

  3. Yes antiviruses treat keyloggers,trojans as viruses and warn us when we download/open them. Use softwares like "deep freeze" while testing them at your own computer. Dont worry,dont click cancel and it would be okay.

  4. how a domain will point the attakers dynamic IP address.. can u explain it more....

  5. I am behind a router. Tell me the correct procedure to forward the connection to my port.

  6. actually aneesh g, i have BEAST trojan virus and ven i make a server client and attach it behind any oder file like jpg or any pdf and locate it in pendrive, so after inserting dis pd to any oder laptop victims antivirus detect it as a virus so dis trick dont work coz victims antivirus delete it.

    plz help aneesh if i can do anything by wich it open in victims laptop widout capturing by antivirus.......

    thanx in advance..

  7. Hey just to know, when you use the second method, the victim can see your IP address, and so retrace that to you, right? You can't be anonymous when doing so?

  8. visit my blog

  9. you are 100% correct mate. Best explanation. All stars

  10. what is the password of prorat v9

  11. hello sir i have some keyloggers but they can be detected by antivures can you help me how to make them fully undetectable..please sir am waiting please sir mail me

  12. Hey,
    I am all new at this stuff so if I am making a mistake please correct me.
    Reverse connection is making attacker to be server and our victim to be client. But how can client connect to server if we are behind the router (as mentioned in the direct connection)?

    Do we have to make some kind of allowance on our router? If we do that, wouldn't we become vulnerable?

  13. prorat v9 password is "pro"

  14. I got all victim'sinfo and rat cann't fucking connect

  15. without images ... article is incomplete for example...
    for example "It doesnt matter how attacker is connected to internet. Attacker can be connected to internet any of three means."..............

    image is not there...den it's not possible...for understanding the next step...or concept...plz put images as early as possible

  16. can u please tell me from where can I download a Trojan

  17. the photo's is not working !!

Post a Comment