CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Gain Control over a Victim Machine using the njRAT RAT Trojan
  • 2. Hide a Trojan using SwaysCryptor
  • 3. TheefRAT Trojan

Was this helpful?

  1. Module 7. Malware Threats

1. Gain access to systems with Trojans

The lab tasks in this exercise demonstrate how easily hackers can gain access to the target systems in the organization and create a covert communication channel for transferring sensitive data.

PreviousModule 7. Malware ThreatsNext2. Infect the system using Virus

Last updated 2 months ago

Was this helpful?

1. Gain Control over a Victim Machine using the njRAT RAT Trojan

njRAT is a RAT with powerful data-stealing capabilities. In addition to logging keystrokes, it is capable of accessing a victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop.

  1. Download and run the trojan software. A [Port Now] pop-up appears, leave the port number to default and click on OK.

  2. The njRAT GUI appears; click the [Build] button located in the lower-left corner of the GUI to configure the exploit details.

  3. The Builder dialog-box appears; enter the IP address of the Windows 11 (attacker machine) machine in the Host field, check the options Randomize Stub, USB Spread Nj8d, Protect Prosess [BSOD], leave the other settings to default, and click Build.

    In this task, the IP address of the Windows 11 machine is 10.10.1.11.

  4. The Save As window appears; specify a location to store the server, rename it, and click Save.

  5. In this lab, the destination location chosen is Desktop, and the file is named Test.exe.

  6. Once the server is created, the Done Successfully! pop-up appears; click OK.

    A Server pop-up appears, click OK.

  7. Now, use any technique to send this server to the intended target through email or any other source (in real-time, attackers send this server to the victim).

  8. Here, you are acting both as an attacker who logs into the Windows 11 machine to create a malicious server, and as a victim who logs into the Windows Server 2022 machine and downloads the server.

  9. Double-click the server (Test.exe) to run this malicious executable.

  10. Unless the attacker working on the Windows 11 machine disconnects the server on their own, the victim machine remains under their control.

  11. The GUI displays the machine’s basic details such as the IP address, User name, and Type of Operating system.

  12. Right-click on the detected victim name and hover the cursor over Manager and click File Manager from context menu.

  13. The File Manager window appears. Double-click any directory in the left pane (here, ProgramData); all its associated files and directories are displayed in the right pane. You can right-click a selected directory and manipulate it using the contextual options. Close the File Manager window.

  14. Right-click on the detected victim name and click hover the cursor over Manager and click Process Manager from context menu.

  15. You will be redirected to the Process Manager, where you can click on a selected process and perform actions such as Suspend, Kill + Delete, Kill, and Refresh.

  16. Close the Process Manager window.

  17. Right-click on the detected victim name and click hover the cursor over Manager and click Registry from context menu.

  18. Window showing the registries folders will be opened, choose a registry directory from the left pane, and right-click on its associated registry files.

  19. A few options appear for the files; you can use these to manipulate them. Close the window displaying Registry folders.

  20. Right-click on the detected victim name and hover the cursor over Manager and click Remote Shell from context menu.

  21. This launches a remote command prompt for the victim machine (Windows Server 2022).

  22. In the text field present in the lower section of the window, type the command ipconfig/all and press Enter.

  23. This displays all interfaces related to the victim machine, as shown in the screenshot.

  24. Similarly, you can issue all other commands that can be executed in the command prompt of the victim machine. Close the Remote Shell window.

2. Hide a Trojan using SwaysCryptor

3. TheefRAT Trojan

Start server on victim and then use the client to connect to it.

Click to switch back to the Windows 11 machine. Maximize njRAT GUI window. As soon as the victim (here, you) double-clicks the server, the executable starts running and the njRAT client (njRAT GUI) running in Windows 11 establishes a persistent connection with the victim machine, as shown in the screenshot.

Screenshot
Windows 11
GitHub - lexisxs/njRAT-All-Versions: NjRAT is a Remote Administration Tool. This repository contains a Njrat Editions.GitHub
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo
Logo