LanFiltrator The "Reversed" Trojan. (Free Gobo 2) Security Through Hacking. Straight forward, no nonsense Security tool Tutorials.



Similar documents
1. Hardware Installation

Chapter 3 Security and Firewall Protection

Application Note Configuring the UGate 3000 for use with ClipMail Pro and ClipExpress

DIR-100. Before You Begin. Check Your Package Contents. Triple Play Router

Chapter 2 Preparing Your Network

Self Help Guide IMPORTANT! Configuring Your Router With Your Modem. Please read the following carefully; This Guide refers to the following Products:

Broadband Router ESG-103. User s Guide

From a Finder window choose Applications (shown circled in red) and then double click the Tether icon (shown circled in green).

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE)

How to configure Linksys SPA for VOIP Connections

Multi-Homing Dual WAN Firewall Router

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Chapter 9 Monitoring System Performance

The CIX VFR Club Flight Training Notes Exercise. Configuring a Router to Host a Multiplayer Session

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

How to Remotely Access Hikvision Devices User Manual

How to connect your new virtual machine to the Internet

Lab Configuring Access Policies and DMZ Settings

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version /2004

V310 Support Note Version 1.0 November, 2011

Penetration Testing LAB Setup Guide

Setting up pfsense as a Stateful Bridging Firewall.

Florida Atlantic University VPN Client Installation Guide

P-660R-TxC Series. ADSL2+ Access Router. Quick Start Guide

Setting up and creating a Local Area Network (LAN) within Windows XP by Buzzons

Locate the My Computer icon, found either on the Start menu or the desktop

Prestige 650R-31/33 Read Me First

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Quick Installation Guide

RAPID BROADBAND INSTALLATION RAPID BROADBAND SUPPORT CONTACT DETAILS. AND TROUBLESHOOTING GUIDE. Tel:

SNMP Manager User s Manual

7 6.2 Windows Vista / Windows IP Address Syntax Mobile Port Windows Vista / Windows Apply Rules To Your Device

and that you have ADSL filters installed on all phone sockets,

Scan to Quick Setup Guide

Customer Tips. Configuration and Use of the MeterAssistant Option. for the user. Purpose. Xerox Device Configuration. Xerox Multifunction Devices

How To Configure Apple ipad for Cyberoam L2TP

How to Remotely View Security Cameras Using the Internet

The PostBase Connectivity Wizard

BROADBAND INTERNET ROUTER USER S MANUAL. Version Page 1 of 13 -

Shield Pro. Quick Start Guide

Wireless G Broadband quick install

Chapter 4 Security and Firewall Protection

Remote Desktop How-To. How to log into your computer remotely using Windows XP, etc.

NETWORK SETUP GLOSSARY

Prestige 314 Read Me First

NETWORK SET UP GUIDE FOR

Appendix D: Configuring Firewalls and Network Address Translation

Appendix IP CAMERA Network Connections

McAfee.com Personal Firewall

DSL- G604T Frequently asked Questions.

DSL-G604T Install Guides

Client and Server System Requirements

Version 0.1 June Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)

Chapter 3 Connecting the Router to the Internet

Steps to be taken when you are unable to get the license in Tally.ERP 9

Protecting the Home Network (Firewall)

Quick Installation Guide. Overview. PLANET VIP-156/VIP-156PE/VIP-158 Quick Installation Guide

Wazza s QuickStart 1. Leopard Server - Install & Configure DNS

DRO-210i LOAD BALANCING ROUTER. Review Package Contents

NAS 224 Remote Access Manual Configuration

Quick Installation Guide For Mac users

How To Remotely View Your Security Cameras Through An Ezwatch Pro Dvr/Camera Server On A Pc Or Ipod (For A Small Charge) On A Network (For An Extra $20) On Your Computer Or Ipo (For Free

P-660R-T1/T3 v2 Quick Start Guide

EventSentry Overview. Part I Introduction 1 Part II Setting up SQL 2008 R2 Express 2. Part III Setting up IIS 9. Part IV Installing EventSentry 11

Guide to Setting up Internet Connection Sharing for Windows

Configuration and Access of FTP Server

Steltronic Focus. Main Desk Internet connection

How To Set Up A Computer With A Network Connection On A Cdrom 2.5 (For A Pc) Or Ipad (For Mac) On A Pc Or Mac Or Ipa (For Pc) On An Ipad Or Ipro (

PPTP Server Access Through The

19 LCD / 8 CHANNEL DVR COMBO WITH 160GB HDD & 4 CAMERAS

Prestige 623R-T. Quick Start Guide. ADSL Dual-link Router. Version 3.40

NSP and VIP. Advanced Options Guide Rev. B

1. Panel Descriptions Connecting the 4 Ports VoIP ADSL Router Setting up the TCP/IP in Windows... 5

Soft Solutions, Inc. 4-Sight FAX 7.5. Getting Started. Soft Solutions, Inc.

Quick Installation Guide-For MAC users

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Barracuda Link Balancer Administrator s Guide

FTP Server Application Guide REV:

D-Link DAP-1360 Repeater Mode Configuration

ETHERNET WEATHER STATION CONNECTIONS Application Note 33

Installation and Configuration Guide

801.11n Wireless Broadband Router

Software Installation Guide

DSL Self-install Kit Instructions. SpeedStream 4100

Ultra Thin Client TC-401 TC-402. Users s Guide

Configuring an IP (SIP) Polycom Soundstation on the Avaya IP Office

DDNS Management System User Manual V1.0

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

Sweex Wireless BroadBand Router + 4 port switch + print server

Chapter 4 Firewall Protection and Content Filtering

Quick Installation Guide

DSL Self-install Kit Instructions

V101 SIP VoIP Telephone Adaptor User Manual V1.1m

Designing AirPort Extreme Networks

VPN clients configuration for Windows 98SE - for Library access

ADSL 2/2+ Gateway with g Wireless Compact Guide

VOI-7000 VOI-7100 SIP IP Telephone

FI8910W Quick Installation Guide. Indoor MJPEG Pan/Tilt Wireless IP Camera

6.0. Getting Started Guide

Transcription:

SECUREIT.CO.IL Tutorial LanFiltrator Trojan Security Through Hacking LanFiltrator The "Reversed" Trojan (Free Gobo 2) Straight forward, no nonsense Security tool Tutorials

SECUREIT.CO.IL SECURITY THROUGH HACKING LanFiltrator 1.0 Trojan SecureIT.co.il muts@secureit.co.il http://www.secureit.co.il

SECUREIT.CO.IL Tutorial Lanfiltrator Trojan LanFiltrator 1.0 - The reversed Trojan Description LANfiltrator is a remote access tool, designed to access a remote computer through a router, LAN or proxy server. Remote Administration Tools (RAT's) generally work by connecting to the remote computer IP address. However, if this remote computer is behind a router or a proxy (or otherwise using an RFC 1918 address) it would be impossible for a normal RAT to connect to the remote computer (unless NAT would be preformed on the router - which is unlikely ). This is where LanFiltrator comes in handy. Think of this a Trojan where the traditional "client" and "server" roles have been reversed. The malicious file which infects the target machine does not listen for a client connection it initiates a client connection with a listening "server" on the attacking machine. Thus, the initial connectivity is preformed by the victim, and not by the attacker. This would obviously require the server to know the IP of the attacking machine in order to connect to it. This might be a bit confusing at first, so here's a sample diagram to explain the tutorial environment. Since the victim does not have a public IP address, at can to be reached directly by the attacker. It can however, initiate a connection with the attacker which is exactly how this Trojan works. For more information, look at the Readme files that come with this Trojan.

1. We first need to edit our server file the file that will be sent to the victim machine. The settings are rather plain and straight forward. In the "General" tab, edit port numbers and password (if required). In the installation tab, you edit the server properties. Notice that the "stealth settings" tab you have the two installation options "Make server Visible on Run" or "Melt server after installation". The first option is for testing purposes; i.e. it does not actually install the Trojan, but runs it as an executable. The Trojan will not be restarted after a reboot. The second option actually infects the victim machine, and then deletes the installation file. 1

2. The notification tab is very interesting This is where we will be telling the Trojan to try to connect to the attacking computer after it is installed. We will be using the SIN Notification method. If you are using an ISP DHCP assigned IP (ADSL / Dialup / Cable), you might consider using a free dynamic DNS service, such as No-IP (www.no-ip.com) for name resolution. 3. Once you have gone through all the configurations, you may build the server. 4. Once the Trojan is executed on the victim machine, it will send SIN notification packets to the attacking machine, alerting the attacking machine that it is ready for a connection even though the victim machine is behind a router, or using a NAT 'ed IP address. After the Trojan is executed on the victim machine, we need to start our client.exe program in order to listen for these connections. Click on the "SIN Client" button, and the following window will open. Click on "Start Client" to start listening. 2

5. After a while, we will notice our victim computer connecting to our attacking machine: 6. In case you opted for password protection on your Trojan, you will be prompted for it. Double click on the victim machine computer name, and the main admin panel opens up - you're ready to control the victim machine. 7. We now have a fully fledged Trojan with neat options, such as Web Cam capture, key logger and other features to control the victim machine with. The following is a capture of a message box sent to the victim machine, including an IPConfig to show that the victim machine is indeed using a NAT'ed address. 3

Conclusion and Counter measures This is a difficult attack to stop, as the initial connection with the Trojan is preformed from within the attacked network. The best bet for identifying such an attack would be using a file integrity checker (such as Sentinel 2.0), in conjunction with a correctly configured IDS system (such as Snort) do detect anomalies both in the filesystem, and on the network. For more information about RFC 1918 see: http://www.isi.edu/in-notes/rfc1918.txt You can visit the AreYouFearless Team at : http://www.areyoufearless.com And for God's sake Free GOBO! The End 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information