looking for trojan which can send remote IP address / webbug

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

looking for trojan which can send remote IP address / webbug

Post by the_gr8_rules »

Hello all,
i'm looking for a trojan which can send me the IP address of the remote machine whenever it gets changed.
I found one on http://illmob.org but its not available for download.


regards

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

quite many RATs have the option to send notifications (IRC, email, ICQ), check sub7, optix pro or back orifice.
:wink:

User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

Post by the_gr8_rules »

bad_brain wrote:quite many RATs have the option to send notifications (IRC, email, ICQ), check sub7, optix pro or back orifice.
:wink:
I was trying "bo2k" (its back orifice i suppose). Its client part has to be fetched with the IP address where the sever is installed. Now how am i suppose to know that. Thats why i asked for some other trojan which can send the IP address.
or am I missing something ???

regards

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

webbugs

Post by DNR »

Hey brah,
I see what you mean, why deal with a RAT when you just need to get the IP of the target machine when it logs on to the 'net. You are also talking about a target machine that gets issued a dynamic IP, rather than a static IP.

What you need to do is have the target computer retrieve something from your computer everytime it starts up or connects to the internet. A web bug is code created to make the target computer contact the spy computer for a image or request of some sort. The image can be a favicon (those neat graphics next to the URLs kept in your favorite links folder) or a tiny period like this > .

On web pages look for stuff like this;

<img src="http://ad.doubleclick.net/ad/pixel.quicken/NEW" width=1 height=1 border=0>

you know a 1x1 pixel image ain't for viewing..

I prefer to have my email text only, as any image attached to the document can be considered a webbug for tracking.

Web bugs can be sneaky when you attach it to a corporate document or private letter, when anyone opens the file to read it, the computer contacts yours, to retrive a hidden image. Therefore, its IP is recorded on your computer's logger. This a way to get a recipient's IP when that person is trying to remain anonymous, thats why its best not to reply to strange email. Webbugs could be expanded with server side code to investigate your computer for cookies, browser type and history, and even install active code in the case of HTML email or websites. You can bug your profiles on yahoo or others by using a photo (invisible or not) that has to be retrieved from your computer.

Understand?

There are various webbugs you can put on to the target's computer, so let me know which one you choose.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

Web-bugs

Post by the_gr8_rules »

Hi,
Its new concept for me.
I read a bit on antionline about web bugs. Found the following tutorial by "irongeek" there
http://www.antionline.com/showthread.ph ... did=263046

i've interpreted that for these web bugs to work i need have some web server to upload my .gif's there or i should installed a web server on my machine (Apache).
Right ???

please guide me further...


regards

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

Post by DNR »

a firewall/logger is all you need, but you must have a static IP yourself, otherwise, the web bug will contact the wrong machine. Just log into your ISP and leave your box running.

More later as I am very hung over today and I got to work.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

z3mwaz
suck-o-fied!
suck-o-fied!
Posts: 85
Joined: 23 Jul 2006, 16:00
15
Location: Texas
Contact:

Post by z3mwaz »

I was wondering...
can u have a "webbug" send alerts to IRC or ICQ?
I kknow nothing about webbugs

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

review

Post by DNR »

Just remember;

websites and HTML email are active content, which mean they can perform task within the permissions of your browser. Sometimes you will have a pop-up asking you if you want to run code, so you click "ok", sometimes code will run in the background and you won't know it.
Active code can certainly be written to initate contact with a ICQ/email.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

Post Reply