# 1. Gain access to systems with Trojans

{% embed url="<https://rumble.com/embed/v6m4i7r/?pub=4jw86f>" %}
Virus and trojans CEH labs complete walkthrough
{% endembed %}

## 1.  Gain Control over a Victim Machine using the njRAT RAT Trojan

njRAT is a RAT with powerful data-stealing capabilities. In addition to logging keystrokes, it is capable of accessing a victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop.

{% embed url="<https://github.com/lexisxs/njRAT-All-Versions>" %}

1. Download and run the trojan software. A **\[Port Now]** pop-up appears, leave the port number to default and click on **OK**.

2. The njRAT GUI appears; click the **\[Build]** button located in the lower-left corner of the GUI to configure the exploit details.

   ![](https://labondemand.blob.core.windows.net/content/lab168800/instructions255477/nj1.jpg)

3. The **Builder** dialog-box appears; enter the IP address of the **Windows 11** (attacker machine) machine in the **Host** field, check the options **Randomize Stub**, **USB Spread Nj8d, Protect Prosess** **\[BSOD]**, leave the other settings to default, and click **Build**.

   > In this task, the IP address of the **Windows 11** machine is **10.10.1.11**.

   ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/aapo2o0p.jpg)

4. The **Save As** window appears; specify a location to store the server, rename it, and click **Save**.

5. In this lab, the destination location chosen is **Desktop**, and the file is named **Test.exe**.

   ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/btmffdng.jpg)

6. Once the server is created, the **Done Successfully!** pop-up appears; click **OK**.

   > A **Server** pop-up appears, click **OK**.

7. Now, use any technique to send this server to the intended target through email or any other source (in real-time, attackers send this server to the victim).

8. Here, you are acting both as an **attacker** who logs into the **Windows 11** machine to create a malicious server, and as a **victim** who logs into the **Windows Server 2022** machine and downloads the server.

9. Double-click the server (**Test.exe**) to run this malicious executable.

   ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/oiuhfrsz.jpg)

10. Click [Windows 11](https://labclient.labondemand.com/Instructions/68454e3d-81b6-4093-b7c7-5ad3fcbd8862) to switch back to the **Windows 11** machine. Maximize njRAT GUI window. As soon as the victim (here, you) double-clicks the server, the executable starts running and the njRAT client (njRAT GUI) running in **Windows 11** establishes a persistent connection with the victim machine, as shown in the screenshot.

    ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/mp2xxjio.jpg)

11. Unless the attacker working on the **Windows 11** machine disconnects the server on their own, the victim machine remains under their control.

12. The GUI displays the machine’s basic details such as the IP address, User name, and Type of Operating system.

13. Right-click on the detected victim name and hover the cursor over **Manager** and click **File Manager** from context menu.

    ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/42fiqfqz.jpg)

14. The **File Manager** window appears. Double-click any directory in the left pane (here, **ProgramData**); all its associated files and directories are displayed in the right pane. You can right-click a selected directory and manipulate it using the contextual options. Close the **File Manager** window.

    ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/gjg51ola.jpg)

15. Right-click on the detected victim name and click hover the cursor over **Manager** and click **Process Manager** from context menu.

16. You will be redirected to the Process Manager, where you can click on a selected process and perform actions such as **Suspend**, **Kill + Delete**, **Kill**, and **Refresh**.

    ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/kboqopar.jpg)

17. Close the **Process Manager** window.

18. Right-click on the detected victim name and click hover the cursor over **Manager** and click **Registry** from context menu.

19. Window showing the registries folders will be opened, choose a registry directory from the left pane, and right-click on its associated registry files.

20. A few options appear for the files; you can use these to manipulate them. Close the window displaying Registry folders.

    ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/xorvdejg.jpg)

21. Right-click on the detected victim name and hover the cursor over **Manager** and click **Remote Shell** from context menu.

22. This launches a remote command prompt for the victim machine (**Windows Server 2022**).

23. In the text field present in the lower section of the window, type the command **ipconfig/all** and press **Enter**.

    ![](https://labondemand.blob.core.windows.net/content/lab168800/screens/mluqn3kn.jpg)

24. This displays all interfaces related to the victim machine, as shown in the screenshot.

    ![Screenshot](https://labondemand.blob.core.windows.net/content/lab168800/screens/agkakgwa.jpg)

25. Similarly, you can issue all other commands that can be executed in the command prompt of the victim machine. Close the **Remote Shell** window.

## <mark style="color:red;">2. Hide a Trojan using SwaysCryptor</mark>

## <mark style="color:red;">3. TheefRAT Trojan</mark>

Start server on victim and then use the client to connect to it.

### CEH v13 Practical Full Course

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}