So, most of the noobs hear about no-ip and doesn't even understand what that is ! No-Ip is a Dynamic DNS, and we need it to keep the server connected to us no matter how many times our IP changes !
more detailes ?
Ok, we all know that our IP changes almost every time we disconnect from the Internet and reconnect again. So lets say that we setup a server, and in the connection settings we used our IP which is ( i.e. 121.18.199.45 ), after that we spread the server and got like 10 victims. These victims will stay with us for as long as our IP is the same, but whenever our IP changes the server from the slave's PC will not connect back to us anymore !!!
So, if you turned your router off, or you lost the connection for any other stupid reason, then you managed to get back online with a new IP ( i.e. 121.11.56.17 ) you'll lose all 10 victims, because the server will not be able to find your new IP address and connect them to you !!
In conclusion, when we setup a server using no-ip in the connection settings, and when we activate the no-ip client program on our PC, the client will keep track of the changes in our IP address, and no matter what is the current IP or how many times it changes, the server will always be able to find us via our no-ip host .
I hope it's clear now :)
Tip 2 : FUD-ing the server
Of course, FUD-ing the server is important to infect the slave in the first place, it's also important to keep him infected for a long time without him knowing, and without him getting warnings from his AV or FW about a suspicious file or activity. So FUD-ing the server must be a habit of you'rs to increase the serve's chances of passing any AV scan operation also !
Noob Question : what does ( FUD ) mean ?
It means making the server Fully UnDetectable !
Or by other word ( Crypting ) the server !
Tip 3 : SetUp your server correctly ( with installation & startup settings )
One of the most important things while setting up your RAT, is to make sure that you're setting it up correctly and to activate the installation and startup settings .
And of course don't forget to activate the ( Persistant mode ) for the server as well ( on some RAT's it's called aggressive mode), this will make the server really hard to kill, ergo you'll not lose the slave easily .
Tip 4 : Updating the server with a new FUD one from time to time
This method is rearly used by RATters, and that is wrong ! the server updating function available on your RAT is a great and powerful thing if you used it correctly, so if you have a Crypter and you can get a FUD server you should update the server on your slave's PC from time to time with a new FUD one of course. By doing this you'll protect the server from getting detected and you'll definitly increase the server's chances to servive .
So it depends on the Crypter you're using. If you're using a public crypter it might stay FUD for like 1 - 2 weeks after that the server will become detected by multiple AV's. Of course private crypters and advanced crypters provids a longer time of FUD-ness .
Tip 5 : Giving the server dated IDs
Lets assume that you succeeded in infecting a 100 slave with a FUD server has the ID ( Pirate-Bay ), after couple of weeks of indicting them your server started to get detected by Av's, so you decided to update your server with a new FUD one, it's better if you give your new server a new and unique ID such as ( PB 21-Dec ) the ( PB ) stands for ( Pirate-Bay ) and the 21-Dec is the updating date. This way you can know the slaves infected by the old server and the ones with the new server so you can keep updating the old ones .
No-ob Question : what is server ID ?
Server's ID is a name that you can give for the server on the slave's PC, so for example when you spread your server in a torrent site you can name the server ( torrent ) so all the victims infected with this server will have the ID name ( torrent ). This helps you to identify the slaves. It's called ( Server ID or Identification ) depending on your RAT .
Tip 6 : Infect VIP slaves with multiple servers
This is a bad ass move actually :P , but lets say that you have a slave which is very important to you for some reason, and you don't want to lose him anytime soon, so I strongly suggest that you infect him with multiple servers ( I don't mean run the same server in his PC over and over again ! ) I mean infect him with totally different servers. You can infect him with a different RAT or even Key-logger if that is enough for you, or you can use the same RAT but with different settings ( different server password or different port ). Anyways, you can use your imagination on this ;)
Tip 7 : Always use injection option !
Well, some people will not agree with me on this ! ( some say it corrupt the server and others say it decrease the FUD-ness ) .
But I always find it better to inject the server to the Defult Browser, so it's your choice .
Tip 8 : General tips for RATs !
* Always give the server a meaningful Identification name, and let it be a reminder on where did you get this vicim from .
* I always protect the server with the port number as a password, so if I'm using port 2413 the server's password will be 2413. This way I'll never forget the pass .
* Use a different port for every RAT, so you can run multiple RATs in the same time if you ever needed to.
* Infect yourself with a non-persistant server and try to get familiar with the commands and functions, so you won't get confused while you're playing with a slave.
AND U DoNe !
Click To View :
Labels: Tips Pc