Reversing a Keylogger, RAT Server
Till now you must have known and understood basic techniques which attackers use to evade antivirus detection of a virus, keylogger and a Trojan.
This section will explain you various techniques which can be used to reverse a keylogger, what reversing here means is extracting the passwords from a server. Now reversing a keylogger or a RAT server at some times be extremely complicated.
Bintext
Now as you know that hotmail does not accept keystroke logs so therefore hackers use a gmail account to accept logs as I told you earlier in winspy installation guide. Bintext is extremely awesome software used for reversing a keylogger.
Download Bin Text a text extractor software used to extract text from application or any file, with bintext you can easily reverse a keylogger or a RAT server and extract the userid and password of the gmail account which on which the logs will be sent.
Requirements
1. Bintext
2. A Keylogger or a RAT server
1. Once you have fulfilled the above requirements go ahead and start bintext.
2. Next click on browse and locate the appropriate server file and click on the go button to load the program code.
3. Next go to the search bar at the bottom and search for the keyword “Gmail” and it will display the attacker’s Gmail username and password and you will come across a screen similar to the below one:
Wireshark
Wireshark previously called Ethereal is basically a packet sniffing tool but it can be used for various purposes, here I will tell you how you can use wireshark to reverse and find out its Ftp password.
Usually if you are infected with a keylogger, the keylogger sends the keystrokes to the FTP in the time interval which is set by the attacker usually 10 to 15mins.
We can monitor our own network with wireshark to figure out what network connections it is making with other iP addresses. As you might already know that FTP uses Port 21, We can filter out all FTP connections in wireshark and can get the FTP username and password for the keylogger server.
So here are the steps you can follow to find out the FTP password for a keylogger server:
Procedure
1. First of all download Wireshark and install it on your computer also make sure to install Winpcap which comes with wireshark installation package.
 |
| Sample screen shot of wireshark running on Ubuntu linux |
2. Now go to capture button at the top and start monitoring.
3. Now type “FTP” at the filter and it will filter out all ftp connections.
4. As you scroll down you will find the “FTP username” and “Password” for victims ftp account and that’s it.
NOTE:So these are the most common all about various techniques which can be used to reverse a keylogger, what reversing here means is extracting the passwords from a server. Now reversing a keylogger or a RAT server at some times be extremely complicated, The next chapter will explain you how to Protection against Keyloggers and Trojans.