Attack the Attacker: Get a Hacker’s IP from the Virus on your Computer

Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on RedditPin on PinterestShare on StumbleUponEmail this to someoneDigg thisShare on LinkedInShare on Tumblr

Welcome to today’s tutorial. Here, I will be showing you how to get a hacker’s IP once you have identified the Trojan or other malicious software. You might think this would be very difficult or require special technical skill, but you will see that it is really not that hard. In other words, we will be looking at how easy it is for the feds to grab a sloppy Hacker’s IP and pursue them.

Requirements:

Wireshark [DOWNLOAD]

Sandboxie [DOWNLOAD]

Tutorial:

  1. First open Wireshark.
    Attack the Attacker-1
    Click on Wireless Network Connection or Local Area Connection (Depending on your Connection type) and click Start.
  2. Go to the filter and type “dns“.
    Attack the Attacker-2
    Now you will see all connections using dns.
  3. Next we are going to use Sandboxie.
    Sandboxie is a useful tool used to analyse files before completely letting them in your system. You can run any Virus in Sandboxie and once you terminate all processes your, computer is not infected, so it will not add bad stuff to startup or anything.
    Go to the RAT (Trojan or Virus your anti-virus has identified), right-click and Run Sandboxed.Attack the Attacker-3
  4. Now you are infected, but the virus is trapped inside Sandboxie, you can easily kill the process. Please note that a hacker can still control your computer and view your personal information. Make sure you CLEAR ALL SAVED PASSWORDS in ALL your web browsers, RATs can easily grab your saved passwords on web browsers FROM SANDBOXIE.
  5. Head back to Wireshark, on the right side you will now see a connection between your computer and the RAT’s no-ip or other dns masker. (no-ip is a common service used by hackers to mask their numeral IP address and make it look like something legitimate)
    Try to look for something like blahblah.no-ip.biz or blablah.zaptop.org. Here is a list of free No-ip domains which is what you should look for:
    Attack the Attacker-4
  6. This is what it will look like:
    Attack the Attacker-5
  7. Once you got the RAT server’s no-ip, open cmd and type:

    ping enternoipnamehere.no-ip.biz

  8. Hit enter and you will get his IP!
    Attack the Attacker-6
  9. Now, depending on your skill-set and knowledge… You can decide what you want to do next. Some ideas might be:
    1. Call the Feds (ha ha, yeah they’ll get right on that!)
    2. Track down the ISP that owns that IP and follow file some sort of complaint… (Is that the complaint box right next to the recycle bin?)
    3. Retribution? (DDOS, Port Scan, Metasploit, etc…)

Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on RedditPin on PinterestShare on StumbleUponEmail this to someoneDigg thisShare on LinkedInShare on Tumblr
Tagged , , , , , . Bookmark the permalink.

2 Responses to Attack the Attacker: Get a Hacker’s IP from the Virus on your Computer

  1. Kali says:

    Hypothetically if I was to get back at an attacker, how would I mask my own ip? Is there a way to tunnel my own call home ip through TOR or some way of hiding it completely?

    • Well… If, hypothetically, you were trying to do something on the internet that you didn’t want coming back to you. You should probably do this from a public or intruded wifi, and change your mac address. See if you can setup a proxy script at an anonymous webserver maybe…

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>