Just go through the Part 1 which includes the basics of  Trojan Click here. This tutorial is about configuring and using a trojan. There are many trojans available on internet for free. Some popular ones are Beast, Pro Rat, Netbus , Back Orifice, Girlfriend, Sub 7. I will be using Pro Rat in this tutorial.

Requirements


1. Prorat- Click here to download Trojan Prorat.
2. Hostname  -  Your IP address would probably be dynamic that it keeps changing everytime you disconnect and reconnect. You need a host name which always automatically keep pointing to your changing IP. Follow these steps -:

1. Log On to www.no-ip.com and register for an account.
2. Go to Hosts/Redirects -> Add Host and choose any free available hostname. Do not change any other option and simply click on Create Host.
3. Downloading and install their DNS update client available here http://www.no-ip.com/downloads.php Run it and enter your credentials. Update your host name and save it.
4. Lets check whether your IP has been associate with chosen host name or not. Go to command prompt and type 'ping yourhostname' (without quotes) , hopefully it should reply with your IP address.

Tutorial for configuring Trojan.


1. Open prorat.exe that you have downloaded.
2. Click on Create  and then Create ProRat Server


 3.  Enter your host name in the ProRat Notification field as shown. Uncheck all other options.

4. Click on general settings Tab and have a look at server port,password, victim name. Remember these things.Check out and configure other options as per your need. You can bind server.exe with any genuine file, change its icon etc.
5. Finally click on create  server and now its ready to be sent to victim.  Once victim installs it, it would automatically disable antivirus/firewall.

Modes of sending-: 
You must be thinking of sending this server.exe to victim through an email as an attachment but unfortunately you cant do so. The good option is  to upload it on any uploading site like mediafire.com and give downloading link to victim.

What after victim has run the server part ?


1.Click on ProConnective Tab and start listening to connections. Allow firewall if it asks you to open a port.
2.You will start listening to connections, I mean you will get a notification as shown when victim would be online.






Note: If you know victim is online and still its not listening to any connections. Trace victim's IP,enter in IP field and hit connect. But its gonna work only if he is not behind any network and directly connected to internet. If you dont know how to trace IP, mention in comments.

What after successful connection ?

After you have managed to connect to victim's machine. There are numberless interesting things to do. I leave this part on you.  Have Fun.

How to make it undetectable from antivirus ?
Though there isn't any hard and fast way to make it fully undetectable from all antiviruses. The real way to do it is modify the source code of open source trojans available. Its very challenging job. There are many crypters which claim to make it undetectable but unfortunately hardly one out every hundred works. I would try to write next article on the same.


Contermeasure against Trojans -
The obvious coutermeasure against trojans is that do not accept downloading links blindly. Keep your antivirus up to date.

Detecting and removing Trojan -
Though trojan once installed is very hard to remove . It would hide itself from the Task Manager . Install Process Explorer and it would hopefully show you all process running including trojan. Kill the process and remove it. One good thing is to carefully check the open ports and services running through 'netstat' command. Anyways , the best option is to reinstall the windows.


Feel free to ask  the queries in comments :)

110 comments:

Post a Comment
  1. What is the difference between a keylogger and trojan horse??..

  2. Keylogger only records the keystrokes hit by victim and sends you remotely, you can't make any changes in victim's computer by installing keylogger but trojan gives you almost full control over victim's computer. Keyloggers are very easy to use comaparitively trojans.

  3. Pls advice on tracing an ip of a victim
    eg:knowing that he is online on facebook

  4. Just upload a simple php script on any webhosting site , give its link to victim. When he would click it, he wud be redirected to any website of your choice and you would get his IP in a text file. Reply if you need script.

  5. yup i want a script, but tell me, wht if i get his ip address? wht can i do

  6. I will write next article on tracing IP...stay tuned..

  7. these backdoors are very old and fulkly detectable now. do you know any new one?

  8. yeah I accept , these are fully detectable by antiviruses. But these can be made undetectable or one could use social engineering to get victim's anti-vir. disabled. They are widely used today.

  9. i had attended ur workshop on ethical hacking in VIT i want to know how to hack someones facebook account.

  10. How do we get to know if the victim is actually online at that particular moment..??(my main question)

    and why is the victim name,server port and server password important??

  11. How do we know if the victim is actually online at tat moment??

    and why is the victim username, server pass important??


    btw..AWESOME explanation:)
    looking forward to your next set of tutorials:)

  12. If the trojan (server part) has been installed on victim's computer then anybody could control his pc through client part. So we need to give a username and password so that it would confirm the actual person who installed that.

  13. oh..ok:)
    thanks:)
    by the way..1 more query..if u dont mind...

    For this trojan attack to work..
    the victim should be online at the same time when we are online too..
    right??
    what if the victtim suddenly shuts down his computer?
    will the connection still remain established?


    and ..

    if the victim doubli clicks on the server ..but we are not online at that moment..
    can we still get access to him ??

  14. The main thing is to install the server that is to make victim to double click on server part. Obviously then, we could then make connection with him whenever he would come online

  15. 1))Can we bind 2 servers with each other for example, (turkojan server + prorat server)?
    2))Can Hex Workshop be any good in crypting servers?
    3))Why is Poison Ivy Server only 10KB compared to 342KB Prorat's Server?
    4))Do you know a new released RAT with Remote Desktop feature?
    5))And Why the Hell did www . turkojan . com + .net disappear? and why there is no Poison Ivy Version releases? or Prorat releases?

    Thank you

  16. 1)yes, we can bind , these are simple exe files
    2)yes , its good but hexing requires a lot of skills
    3) I haven't checked out their source codes.
    4)So wats the big deal, many trojans already support this feature
    5)i dont know and do not need to know

  17. I am pinging my host ******.zapto.org
    Its showing Request Timed Out all the time. And Loss 100% (cmd)
    When I am clicking on Test on (Prorat) then It's showing
    "The Proconnective notification test message can't delivered!"
    What to do now next. Please Send a quick Reply
    Email: Hsakapandit@gmail.com

  18. Make sure that you have properly updated the host name , you should get reply of ping command. Try again and let me know.

  19. whn I am pinging No data is getting Lost. Ping is perfect
    But when I am testing connection I is saying


    "The Proconnective notification test message can't delivered!"

    what to do ??

  20. 1)Turn off your Firewall and disable Anti-Virus for good!
    2)Make sure No-IP DNS is opened and activated...
    3)Open ProRat and click on "ProConnective" Button.
    4)NOW.. TEST.

  21. what to write in server port victim's name and server,s password please send me and temme first.rest i have complted everything

  22. hey temme wat to write in server name server port and victim's name temme first

  23. What is the password to extract Prorat ??

  24. hey all of you don't play with Trojans you will also infected if u made a wrong step. take care.

  25. hello there.first of all when i click on proconnective tab,There is an error message saying,"cannot connect to port 5110.do u want tocontinue"then i continue.This error message is displayed 2 more times with different ports.then proconnective window is opened but doesnot displays the live connections even it is open(i am sure it is opened).Then as u said i clicked on ip and entered the valid ip of my victim,it always says disconnected.I installed this prorat server in my own computer and also operated from the same computer.Then the connection is not displayed in proconnective tab and the ip is also wrong.but that ip works and connects.What is the problem?plz help me ou.Thanks.

  26. To most of the people who ask questions on the comments:
    You guys ask the !dumbest! questions. For ie: difference between keylogger and trojan???
    If you don't know the answer to that then you shouldn't be reading this article. If you have a question, you should "Google" it. And Aneesh, I wouldn't be answering those ridiculous questions. Seriously.

    And finally, Aneesh, do you know any good binders with the official site? I'm trying to bind a lost-door server but I can't find a good binder from an official site. Thank you in advance.
    PS. Nice article but you shouldn't teach script kiddes these stuff

  27. I like your blog and thank you for the direct link to the prorat website. Most people give their download link which might contain others stuff than the original software. Also, please don't teach script kiddies about trojans, because they just ask the DUMBEST questions (ie:what is the difference between a keylogger and trojan).

  28. Thanks a lot for your feedback.

  29. I like yor tips on ethical hacking site. Do you know the new crypters?

  30. one question... if i already know a i.p through php script

    when i go into prorat and insert the victims i.p what about the port? does it have to be changed? will it change automaticlly?

    also when im binding servers to files they wont upload on any file sharing host can you help with this please?

  31. what is the password of Prorat .. ??

  32. if i aleady have the victim's ip adress can i skip all the server making at the begining ?

  33. hey thanks for this great job man ...
    i have one question though..., i have the ip adress of the "victim" and i'm connected to it but they say i need to be connected to the server i've sent the server to the "victim" and they accepted it and oppened it but still no luck ... please help

  34. Password is 'pro'.
    @4you , Srry, I dint get you.

  35. Can the attacker be behind a router in reverse connection?

  36. can i connect to more than one server at a time? and if i connected there are many options like shut down pc , if i click that which server will it affect and shut down? and if i want to remove pro-rat from victim's system what shall i do? And if he is having dynamic ip i will have to find his ip every time?

  37. Hey guys I get this:
    You can only make process with the ProRat Client by using the ProRat Server port.
    If you can't make any process please check your server port and try again.

    When trying to do anything to my local server(127.0.0.1 ofcourse). Why do I get this?

  38. can i connect to more than one server at a time? and if i connected there are many options like shut down pc , if i click that which server will it affect and shut down? and if i want to remove pro-rat from victim's system what shall i do? And if he is having dynamic ip i will have to find his ip every time?

  39. can i connect to more than one server at a time? and if i connected there are many options like shut down pc , if i click that which server will it affect and shut down? and if i want to remove pro-rat from victim's system what shall i do? And if he is having dynamic ip i will have to find his ip every time? Please reply fast, emergency sir!!!!!!!!!!

  40. hi boss can you tell me how to disable victim antivirus :)

  41. Hi every one. First, sorry for my bad english.
    All day I searched for resolve my problem with google... I never find something. My probleme is: I can connect on the prorat server with IP 127.0.0.1 and port 5110 verry well! But, When I try to connect with my static IP to an other Pc in my house. Its always said "disconected" I dont catch it.

    Second: notification with Proconnective wont work... When we need to configure that, I try 127.0.0.1 and it work (normal...) But, If I enter my no-ip adresse, Its say: The ProConnective Connection test messange can't delivered. I've try to ping on the CMD and I search 4 and lost 0 soo, wath is the problem.

    I've see in many website that Prorat doesn't work if the victim's pc is'nt behind a routor... (obviously, How peapole can connect without a routor) I dont get it. Plz help me! I've remove my firewall and my AVG.

  42. Add: I've tryed to open port in 192.127.0.1 (or something like that) for port: 4110,4112,5110,5112,41100,51100. And this still dont work...

  43. can't the name of binded server be changed

  44. Hey Aneesh...i like your artivles....Please tell me can i bind these servers with a jpg image......if yes then how.please.Can i change it's extension withou damaging the server.....

  45. There are numberless binders available on internet, google them. Yeah ofcourse the extension gets changed without any damage.

  46. aneesh...
    im have tested the www.no-ip.com on 2 different ip..
    1 ip is router n the second ip using broadband...
    for the router i get admin page for the router...
    am i need to do port fowarding so that my computer can connect through the vicitm(prorat server)..
    n how about the broadband connection...
    when i ping the dns...www.bla3.org...
    it said request time out..

  47. when antivirus is uninstalled then what happen?
    did internet connection work correctly or not?

  48. @aznspy256

    Who do u think you are.you were a script kiddie when you first started to learn hacking.There is no wrong in asking questions.Whats ur damn problem?? You are the dumbest person I've ever seen on the internet..People like you think they know everything.but actually they know nothing.please think before you say some thing..

  49. hey i am unable to get the victim's status...
    i installed the prorat server in the victim's system. but i am not getting his information i.e, his online status and his ip address......
    i had no-ip domain and installed no-ip duc on my pc...
    i had the pro version of the prorat software..........
    plz help me out guys.....

  50. hey varun where did you get the pro version from please!

  51. plz tell me varun where did you got pro version from, i want one!

  52. does this Prorat work with windows 7 64bits?

  53. hey,
    i have tried prorat with my no-ip.info domain and always end up with a error like message cannot be delivered.
    whats the problem?

  54. Angry Bird Classic HD Download: http://adf.ly/4GiPp

  55. my ping is right but i am getting messeage not delivered.Please help!
    i have disabled everything(firewall,antivirus,etc..\)
    i have premm123.servegame.com as host

    PLEASE GIVE ME A QUICK REPLY>
    THANKS IN ADVANCE
    premm1996@gmail.com

  56. hi plz send me cryter or binder to make keylogger or prorat server FUD to trex6187@gmail.com

  57. hi i m not havng ping so wht i needs to do

  58. Hi

    Does this RAT have DDOS function ?

  59. how do you make this driveby

  60. cant unzip the file...error message comes: Cant execute the file.. what should i do?

  61. ok, i have downloaded prorat and used it many many times before but i have upgraded to windows 7 64bit and i cant seem to use it anymore, even when i install the server to my own computer and try to connect it fails. what is the problem here can you help? i have set up my no-ip aswell yet no notifications? please help

  62. hopefully?? i tried 2 times and it doesn't show my ip when i ping it

  63. port already in used error...what to do?

  64. What password are you talking about, what victims name are we suppose to know and get from where. I thought is just your victim's ip and you are ready to go. Hch.anderson@yahoo.com. Pls.. I need reply

  65. do you need internet for trojan horse to work?

  66. hey i am done wid everything....!!

    just stuck at crypting.
    i have downloaded tonnes of crypters...
    but wen i open them the same dialouge box appears saying......


    ".net framework initialisation error


    unable to find a proper.....to run this application....


    pls help.....!!

  67. I need Php script to identify my friends ip address... and "pls give me ur website link that where i can see all ur updates"....And ur tips are really awesome...Pls say the ways to hack ip address and how can i install trojan into my friends system......"what are the ways are there to install trojan virus in friend's system??"...Thanks in Advance sir..........

  68. and what file I have to send the victim??? i dont understand

  69. i cannot connect with another system after installing server in other system....y proconnective doesnt show any connections...?reply pls....

  70. I tried to upload the file in the Mediafire but It detected the file as a Virus.So Is there any other way to send that trojan file to victim...
    And I have a request Can give some articles on Backtrack especailly on SET ...

  71. send me a nice crypter to make rat undetectable... but the crypter should not make the trojan not worked...?pls send me ...my email is
    mathialaganpriya@gmail.com

  72. send me a nice crypter to make rat undetectable... but the crypter should not make the trojan not worked...?pls send me ...my email is
    mathialaganpriya@gmail.com

  73. I have some sort of RAT on my pc. I have reinstalled and used Deriks Boot & Nuke, but it reloads itself. I am using the factory disc (not a copy) that came with my pc. It seems to have a bootloader attached. This RAT is on my Windows PC, Mac, and iPhone. I've tried a Linux live cd, but still had my permissions denied. If I used the sudo command my keyboard & mouse were disabled. I found a file containing info (credit cards, SSN, addresses, contacts, etc) for every member in my house. This also includes my 8 year old son (his SSN,DOB, school name and address). I'm freaked!! How do I get rid of it??!! All my PCs, laptops and phones (even old ones in the closet) have some sort of script showing me they've been compromised! I cannot just throw away thousands of dollars in computer equipment. I've tried to update, install patches, etc. It will erase the download (if it even let's me) and rewrite it somehow, or just act as if it was installed. I'm sure it's not all the RAT, I'm sure it having disabled my antivirus software made me a great target for every virus and worm out there. ANY suggestions at all would be VERY MUCH appreciated! Thanxx

  74. i following your instruction but i am stuck.

    i am using 3G usb modem (dongle)

    my comp using dynamic LAN IP (10.x.x.x) not dynamic WAN IP (180.x.x.x, etc) which is directed to my hostname (....zapto.org),

    because hostname = WAN IP, so i think the information is sent to WAN IP which is on ISP' router. this makes me never get the notification

    what should i do?

  75. i following your instruction but i am stuck.

    i am using 3G usb modem (dongle)

    my comp using dynamic LAN IP (10.x.x.x) not dynamic WAN IP (180.x.x.x, etc) which is directed to my hostname (xxxx.zapto.org),

    because hostname = WAN IP, so i think the information is sent to WAN IP which is ISP' router. this makes me never get the notification

    what should i do?

  76. hey aneesh i hv googled a lot to search for FUD crypter.. but i cant find ...... so pls pls i very despiratly needs a fud crypter.. pls help .. send me link to download or mail me d tool

    shanks.goel@gmail.com

  77. my proconnective not work actually if i provide manually ip n connect so it work but if i want ot find out clint ip through pro connective is not work it is dont give any type of error only give a black screen i also tried my server in vmware but same thing is dont pro connective cant find any ip plzz help what an i do for...... it

  78. I want gain access to computer which is behind a network, only possible through reverse connection. But I have got some questions?
    Here are they:-
    I want to connect to victim from different places.
    Do I need the same prorat or proconnective every time I want to connect to that server? If yes, then would coping the proconnective from prorat folder can fix the problem problem?

    Starting the prorat says port already in use. Can I use some other port number which are free by default. If yes, Can you give me list of those free ports?

    And one question beyond this trojan
    Can you suggest me a software for remote desktop sharing in steath mode.
    I have physical access to that pc (behind network), with options to disable their local keyboards and mouse, give them fake error messages etc.

  79. please aneesh can i get your yahoo id cos i want us to talk on messenger

  80. it is possible that antivirus removes it..then what to do? please tell

  81. is it important that i and my victim must be connected through same router

  82. I done everything properly ... but still whenever i click on CONNECT it gets disconnected :P

  83. suggest me other than www.no-ip.com ? !because this website is fully differnt than u xplaind by ur snapshot !

  84. how to trace the ip of victim ????????

  85. i use dail up connection .. and when i pinged the host name says 'time Out'

  86. i dont know victims ip. i just send the trojan by usb. now it is installed on victim computer. but now i dont know how to connect with him,. please give me answer....

  87. yes i am having a problem when i going to ping yourhostname' its said that time is request out with 100% percent data loss plus now its say's check your host name
    i don't have no idea what is going on i have windows 8 pro.. please some help

  88. how to trace ip?

  89. can you physically install the server.exe if you have access to the computer by just downloading it?

  90. hello sir..im nt getting the list of ip in pro connective :( i tried this wid my own laptop but cudnt...both the laptops wer connected to the same wifi router..is it possible??

  91. if i know the ip of the victim how to track?

  92. plz tell me how to trace victim ip address.

  93. I am going to present a seminar on this topic, therefore theoretical knowledge regarding networking is necessary along with practical first hand knowledge to cope up with different counter questiions, so please help by answering these questions.... first of all check this link... "http://www.hackersthirst.com/2011/03/cybergate-rat-hacking-facebook-twitter.html"
    why is no-ip software used here ?
    how does we get full administrative control of the Victim's PC ?

  94. ha ha ha omg NOOBS WTF! come one guys do some recherche do some work your selves. i came hear for some info about decompileing a official windows archive then injecting it with a server so i can infect people without being detected. all the crypters are crap and infected by noobs.

  95. any knw how to make ransomware???

  96. I know this post is old, but forwarding ports on my router seems impossible. I've had other people that no how to do it try as well and even they couldn't. Any ideas?

  97. hello friend thanks for this info but i have problem to viewing the image of any article please help me

  98. cant open prorat in Windows 8.....
    nybody thr to troubleshoot?

  99. Images are not displaying. Fix it. They maybe deleted.

  100. Can anybody here help me??? I am a NOOB yes!!!! I need a rat installed on a computer and need a step by step tutorial or anything better. Add me on facebook - Anastasia Petersen

  101. hey i am unable to trace IP please help me 7 give me php script file

  102. When I enter victim's IP, and his port 2443 then rat connects but it don't work. and give error to that client only works when connected through server port. but when i connect through server port 5110, It does not connect. I'm sure victim installed server attached with pic.

  103. I was able to port-forward my router to the turkojan port range, but the problem now is that turkojan is still not opening. When I use online port checker, its saying "closed", and when I use a port checking software that will establish a connection with the port and listening to it, the port will said "opened" but when I try to connect turkojan at this point, I keep getting winsocks error 10048 that address is already in use until when I change the port in the port-checking software before the error stops but turkojan will still be saying "port has a problem". I have tried all my possible best to work around this but seems not working out at all, what can I do please. Thanks

  104. if anybody know much about this software and how it does work kindly contact me lets make real money txtrwilliams@gmail.com

  105. Anybody known much about pro rat should contact me so we can make real deal txtrwilliams@gmail.com

  106. I like dhoom 3

  107. you can check http://afriwap.com i learnt it there

  108. hello sir, i have successfully made a RAT and it's working too
    but i want to know that if there is any way that i can change the resultant trojan extension from .exe to anything like .jpeg or .mp3 etc
    becoz .exe is little doubtfull for the victim.
    i tried so many spoofers but after it my trojan get stop working.

  109. Hack facebook password online...check out hack-fb-online.com

  110. Not Worked!!... I dint got any notification even no IP in my RAT IP FIELD.... Please help & Reply..

Post a Comment