What is a trojan. Definition: Trojan horse is a destructive program that masquerades as a benign application. Unlike a viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer (are programs that appear to have one function but actually perform another function).
History: The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
Most trojans are in form of client/server. That means that a trojan has two programs. The one is the client (which the attacker will use) and the server (which the victim will run). In order for a trojan to work, requires "handshake" between client and server. Commands are send from and to the client from the server. The server listens on a specific port (or more than one) and waits for connection request.
| ________________<<_________________ | | |--- CLIENT ---| <> |--- SERVER ---| |________________>>_________________| |
To connect a client to a server, we must get the ip (read our Tutorial about "Ip & ports" to learn howto). When connected, the attacker perform various commands using the client.
NOTE: The victim must run the server app on his/her PC in order to connect to the remote PC.
NOTE: If the victim run the server and the attacker cant connect to the server, that usually means that victim has a firewall or a router (or an antivirus which detected the server and deleted it). This is easily bypassed by using a binder and an AV/Firewall killer
No comments:
Post a Comment