say3er. Posted October 28, 2011 Report Posted October 28, 2011 Trojan (RAT):Our Trojan (Poison ivy, Darkcomet, Spy net, Cybergate etc.) has two parts a client and a server. Normally a matter of common sense in matters not related to hack the server is who runs the trojan client, but our type of connection established between our slave (the person you want to infect) and we reverse type is ie the client connects and manages the server. Therefore in 2 parts, the Trojan will Customer (which will help us command the server) and the server is what the slave must run so that we can establish a connection.Server:Our server was installed on the slave's PC and will respond to us by sending the information to our ip address and the information or data will be our Trojan (client).But what is the ip?IP stands for Internet Protocol and is a number that identifies a device on a network (a computer, printer, router, etc ...) that itself can be static (always the same) or dynamic (Varies from time to time) as as if we have an IP address 127.0.0.1, ordering our Trojan to respond to that address whether the same change will lose the connection.The solution?A DNS server. This allows us through a series of steps (registration and installation of an application) Replace put it our IP for a Host-no-ip.org eg mafia.no-ip.org. So if we tell the server to respond to mafia.no-ip.iorg for more IP address that our varieties will not lose the connection.Router:In the event that we have a router must open the ports or at least one of them to our server through can hear him.Here's a recap:So that our connection to be successful we must:1 - Open ports.2 - Installing a DNS client.3 - Properly configure our Trojan.One of the factors that can prevent a successful connection are the antivirus and all will know the trojan is in the category of viruses for which the action of the antivirus is disabled or deleted. Therefore we must find a way for the Avs do not detect one of them is the Crypters.Antivirus:The antivirus software uses two methods to protect our PC: 1 - Analyze the file against the database of malware (signatures) would be like a police lineup or when attempting to identify a criminal with a picture: The antivirus compare each file on the hard disk with a "dictionary" of known viruses. If any piece of code (signatures) in a hard disk file matches with the virus known in the dictionary, the antivirus software kicks in and 2 - the constant monitoring of the behavior of files that can be infected.Crypters:Is often used to hide the source code (Signatures) of a server or a Trojan horse, very little is updated every time because as most of them running within days are detected by the Avs is why on some occasions the person who mode this crypter encrypted use a password to have a more limited access. The Crypter has a Stub which has signatures to encrypt our server or trojan is part of crypter is the one modified by various methods for the crypter undetectable. One of these methods is to use two programs and Dsplit Av Fucker with which the firm seeks the Avs and using a hex editor is modified such that the Avs signatures do not detect it.Encryption:It is a technique by which the information becomes unreadable to third parties. To access it you need a key (type encryption) who know only the sender and receiver. Some encryption types: AER-256, ARMON-64, ATOM-128, BASE-64, ESAB-46, EZIP-64, Feron-74, GILA7, Hazz-15, MEGAN-35, OKTO3, TIGO-3FX, TRIP -5, ZARA-128, ZONG22 Etc.Let's review:So that our connection to be successful we must:1 - Open ports.2 - Installing a DNS client.3 - Properly configure our Trojan.4 - Search Crypter Fud, that is undetectable to the Avs. Stub or modify one to make it detectable Fud.5 - Encrypt file.Hiding:To send the server to our slave must hide to avoid being suspicious and run it. One way to hide the server is through still Binders and Joiners.Binder or joiner:These programs are very interesting to inadvertently infect the slave with viruses and Trojans. A binder (also called Joiner or splitter) is a program that links two or more files. These files can be executable or otherwise depending on the binder being used. Some binders can trick the slave server icon changing its own icon for a *. jpg image, a folder or a text document.Then:1 - Open ports.2 - Installing a DNS client.3 - Properly configure our Trojan.4 - Search Crypter Fud, that is undetectable to the Avs. Stub or modify one to make it detectable Fud.5 - encrypt the Trojan.6 - Find a Binder or a Joiner (Must be undetectable).7 - Hiding our server encrypted.8 - Ingenious for our slave will have the file. Quote