Thursday, April 03, 2008

hunted..yet the hunter :D

Long time ago i posted about Pro-Rat, and how bad guys(!?) use it to hack into others pcs!!
Now what about retrieving information about those evil people :D

according to the rat server i got (1.9 FIX-18):
This Registry :

HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings

Inside it resides the info u need, all the info are encrypted by xor!!! in this occasion xored by 01h
You can retrieve sensitive info about the attacker (his email,ip,report victim site..etc).
Then i got one more thing ,if u get to the cgi site(if the attacker setuped one) then replace that cgi file with log.dat and u can get all the victims ips!!
(or you just run the server and monitor its activities it with ethereal)
Enjoy the hunt!

Labels: , ,

Smilar pages


Post a Comment

<< Home