VIRUSES AND MALWARE

Gain Control Over Victim Machine using njRAT RAT Trojan

In this lab we are going to use Windows Server 2016 and Win XP machines.
Download Prorat_v1.9 software on Windows Server 2016 and launch it.

Now click the Create tab to create a ProRat Server which will be run on Windows XP.

Leave all the options without any change.

Now click the Create Server button.

Rename this server file with a different name so the user on Windows XP is going to launch it without doubt.

Now share this ProRat folder on Windows Server to Windows XP PC so the user can download minecraft.exe file on the local machine.

Type ipconfig on command prompt to display IP address of Server 2016.

Now on Windows XP, open Run and type \\IP_Address to connect to Server.

Shared folder contents will now display as below.

When the user double-clicks the exe file, nothing happens on XP side. Now type netstat –na on Windows XP to see if it started.

It confirms that the victim has launched the fake Minecraft game.

Now switch to Windows Server 2016 OS and type the IP address as below to perform a reverse connection.

Click Connect; the default password is 123456.

Now confirm the connection from Win Server to XP, and run commands on XP.