Advertisements

Backtracing a RAT / Find the IP of the Hacker’s RAT

Welcome to my tutorial, today i will be showing you how to get someone’s ip once you have the person’s RAT. In other words, i’m going to show you how easy it is for the feds to get your ip and get you arrested if they wanted to.

1941225

Requirements:
Wireshark [DOWNLOAD]
Sandboxie [DOWNLOAD]

First open Wireshark.
Click on Wireless Network Connection or Local Area Connection (Depending on the Connection type) and click Start.
[Image: 55419b26b9cbb61345a614d203f6d69c.png]

Go to the filter and type “dns”. (use “smtp” and “ftp” for keyloggers)
[Image: ce8d2ff249c7b565e46dc1790af50850.png]

Now you are seeing all connections using dns.

Now we are going to use sandboxie.
Sandboxie is a useful tool used to analyse files before completely letting them in your system. You can run any Virus in sandboxie and once you terminate all processes your computer is not infected. So it would not add to startup or anything.

Anyways, go to the RAT, right click and run in sandboxie.
[Image: 18434b680ca3ca3dfb027dc83d4b102f.png]

Now you are infected, but the virus is trapped in sandboxie, you can easily kill the process. Please do note that the hacker can still controle your computer and view your personal information. Make sure you CLEAR ALL SAVED PASSWORDS in ALL your web browsers, RATs can easily grab your saved passwords on web browsers FROM SANDBOXIE.

Head back to Wireshark, on the right side you should now see a connection between your computer and the RAT’s no-ip dns.
Try to look for something like blahblah.no-ip.biz or blablah.zaptop.org.
This is what it will look like:
[Image: 241JVro.png]

Once you got the RAT server’s no-ip, open cmd and type:

Code:
ping enternoipnamehere.no-ip.biz

[Image: 57e802e9f09a021a3295972c1a6c0608.png]
Hit enter and you will get the IP.

Now go DDOS the hacker or whatever you want to do with it!

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
%d bloggers like this: