Its one of the biggest threat to our privacy. It’s an act by which an attacker manipulates with the mind of people so that they can give their confidential information to the attacker. They usually trick people by reading their body language. Biggest scam’s like fake lottery, money transfer etc are the result of social engineering. It plays a vital role in any type of phishing. It is the biggest threat to the
companies. They (attacker) usually trick employees of the company resulting in the theft of financial
information/confidential information. An attacker usually call or email people tell them he is from the customer
care/support & ask them some personal question’s like their Name, D.O.B, Residence, email id, Password & usually most of the people give their personal information including their
password thinking that they are getting that call/email from a legitimate source. After collecting some information they get access to your secret information/accounts. And Bang!
Victim gets Social Engineered.
Keylogging
Keylogging is the method of tracking the keys struck on keyboard. It can be done by two ways either using
Software Keylogger or Hardware Keylogger. Both these keylogger’s store the keys struck on the keyboard in the memory in the form of logs. Later these logs can be send to the email id, or the ftp of the attack.
Software Keylogger: They usually consist of two files i.e.
“.dll” & “.exe” file. The .exe file executes the dll file & makes the keylogger work. They are binded & encrypted, making an anti-virus hard to find any evidence. They usually work in stealth mode making victim even more hard to find them. They have many features
like:-1. They work in stealth mode.
2. They capture screenshots.
3. They consist remotely deploy wizard.
4. Registry entries are hidden.
5. Website visited tracks.
6. Application used tracks.
7. Capture HTTP Post operation.
8. Capture video of victim using webcam.
9. Record sound of surrounding using a microphone connected.
10. They can be exported using txt or html.
11. User friendly interface.
12. Can track your location.
13. Automatic delivery of logs after interval set by attacker.
14. Capture chat logs.
15. Password authentication.
Demo: How to hack using Ardamax Keylogger.
1. Buy ardamax Keylogger from their site or just Google it if you don’t want to spend money. You will get a pro version
with remote deployment wizard.Install the setup.
Now register your keylogger.
2. After registering click on remote Installation
3. Click Next until you Security dialog, Click on enable & set password. After that click on Next. Now you will get
Options dialog here set your magic keys.Click next. Now Comes the first part of Control section Select the method
& time interval through which you want to receive the logs as shown in image “4”.Click next. Now comes the heart of this tutorial if you make some mistakes here your
keylogger will not work enter the details as shown in image “5”. Click next. After clicking next you will get another Control dialog as shown in image “6”.Keep your desired settings here. & click next.
Note: Keep you Anti Virus Disabled
4. Keep clicking next until you get destination dialog Select your path, change icon & click next until the wizard gets completed &
you will get a success build message.
5. After building you need to crypt it so that it will not get detected by anti virus. Download any good FUD(Fully UnDetectable) Crypter(google it), which will crypt your keylogger & Now can bypass anti virus.
Note: This file will get detected by most of the anti virus, so keep your anti virus disabled until you make your keylogger.
6. Now share your keylogger through your Social engineering talent :P :D
RAT (Remote Access Trojen)
Its is a type of trojen which is used to control over the victims machine. Once installed it can do whatever an attacker wish, can create files, folders, open cd-drive, play popup, use you files, upload & download files on you
machine. After installing on your machine an attacker can do all these things
remotely:-1. Create, Open & delete Files & Folders.
2. Format complete hard disk 3. Install malicious programs.
4. Overload your memory RAM or ROM
5. Can use your system for malicious purposes like DDOS 6. Hide files, & folders
7. Control your peripherals & start or kill your processes.
8. Record music & video 9. Steal passwords
10. Print rich contents & view your screen.
Some of the commonly used RAT are Cybergate, Darkcomet,LAN filtrator, Spy-Net.
Malware
Malware is a piece of script which is used to destroy/disable computers, gather sensitive data, gain access to private networks, create backdoors or to interrupt a private
computer network. They include worm, Trojans, adwares, spywares, rootkits & viruses. In short when we combine all type of computer threats then they are known as Malware. It is usually used to spy on foreign networks, government
organizations, or corporate sectors. It can be either a piece of script, software or active contents. They usually copy itself from one network to another using removable disks. They are distributed through social networking sites, file sharing websites, or infected websites. Once the file is installed on your device it then connect to internet & download other modules of it.