See video and control mouse of remote computer anonymously

Discussion in 'Ethical hacking' started by SephirothsHell, May 23, 2012.

  1. SephirothsHell

    SephirothsHell New Member

    Joined:
    May 23, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hi everyone,

    I'm currently having a special problem on my office LAN: someone is entering various PCs but the weird thing is that it appears that this person is actually seeing and controlling the other computer's video and mouse pointer.

    As far as I know, you can use a RAT to obtain plenty information and data from other PC, but I haven't heard of any hack which enables you to see and control remote PCs without any visible trace of "something" wrong natively.

    How could it be possible?
    How could I trace that hack?
    How could I avoid it and protect from it?

    Thanks in advance.
     
  2. Syperus

    Syperus New Member

    Joined:
    Sep 2, 2011
    Messages:
    45
    Likes Received:
    9
    Trophy Points:
    0
    Location:
    127.0.0.1
    Is your computers on the LAN running an AV? Are they behind firewalls? It's very possible to get RAT'd if you don't have any protection enabled. Are your computers running Windows or Linux? I would create backups and format all the pc's. Then install your AV and firewall and install an Intrusion Detection System. If your on Linux I recommend Snort. I love that program. There's a Windows Version called WINSnort. There are several Trojan tools that allow you to take control of the victims screen and mouse. Blackshades is one of the most popular because it offers the tools needed to do this. Also log IP addresses connecting to your network. You might get lucky and it being someone who doesn't know a lot about networking and isn't connected through a proxy or VPN.
     
  3. SephirothsHell

    SephirothsHell New Member

    Joined:
    May 23, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Thanks for your replay Syperus.

    What is the most effective tool to trace or log that IP?
    Isn't necessary to "accept" a Trojan's server before getting hacked?

    My LAN is on Windows, running Kaspersky from local server but lately there's been some issues with some PCs non accepting AVs.

    Thanks again!
     
  4. Syperus

    Syperus New Member

    Joined:
    Sep 2, 2011
    Messages:
    45
    Likes Received:
    9
    Trophy Points:
    0
    Location:
    127.0.0.1
    If your PC's are not accepting AV's that could be a fairly strong sign that those computers are infected. I would disconnect them from the rest of your network asap. Yes you need to accept the trojan server and run it before it does its job like opening port and start listening for connections to that port, but is there anyway you could have been duped into running one or someone running one? There are many different ways to trick people into running Trojans. You could visit a website that runs malicious JavaScript coding to download and run a Trojan if your not careful.

    As for tracing an IP, there are programs that you can try, websites that will attempt to trace it for you, or you can do it from your Windows box. Run a traceroute on the ip and it'll show you all the bounces between you and that IP. It's not going to give you the persons home address or whatever, but you might be able to get the ISP name and possibly a broad location estimate. If your not familiar with this type of stuff you could try entering the IP at http://whatismyipaddress.com/ip/69.171.228.74. This will trace the IP and give you a location if possible. Remember there is a chance the person could be connected through a proxy or VPN and finding their location depends on how anonymous that proxy or VPN is. Tracing a proxy or VPN by yourself without any good software will be very hard, if not impossible.
     
  5. Alex.Gabriel

    Alex.Gabriel New Member

    Joined:
    Oct 23, 2011
    Messages:
    86
    Likes Received:
    7
    Trophy Points:
    0
    Occupation:
    Linux system administrator
    Location:
    Italy
    Home Page:
    http://blog.evilcoder.net
    Do you have Remote Desktop enabled ?
    Do you have Radmin installed ?
    Check passwords for suspected user , change it.
    If that thing happens again use the method that Syperus said.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice