Thread: Security and non back-traceability an illusion?

Hi

just a simple question about security... The security of the owner of the rat, and just not the security of remote user being controlled...

I think i'm paranoid but...If the controlled pc belongs to an person endowed of instruments in order to trace to us through the isp?

many reverse rat uses proxy servers like no-ip or others in order to :
-bypass routers
-be anonymous

but i think is as illusion to be anonymous. on the other hand i asked some posts ago for a php / http controlled rat. in order to command the rat by http and from any position like university or a cyber-cafe.

right right, you can tell me... "but local-client controlled rat are secure, i can use it from university from my pc (oh oh oh warning about MAC address traced by isp or used to grant network access) and from any wireless network (same problem except open unsecure networks, sure you'r right), but are only few cases.

an http / php controlled rat on the other hand can be used behind an encrypted network like tor or using a proxy chain being sure to be not backtraceable.

i cannot use a rat from an open cyber-cafe because i cannot install or deploy anything (right right, i can download and execute a client positioned on a public web space, but only if it doesn't require any library to install in positions locked as system32).

sure sure the php scripts are more complicated and limitated in use against a full delphi client, it's right... but i think that filemanager / shell / limited spy / registry / local info / services killer / keylog / mass-broadcast command can be the minimal set of function required by a good rat.

all this arguments to establish pro and cons on client <-or-> http controlled rat.

can you give me a feedback? just in your own opinion

cya

sunCollapSe

whats your problem?

if don't do anything which is illegal (eg steal private information etc) there will be no need to be "untraceable"

so why care

PS you could also make a RAT which listens to incoming calls from a phone, then while you're taking it will interpret the audio-commands hidden in your voice. then you can control it from everywhere except mars

Nothing is anonymous even your Godlike php RAT

hf

eh eh

your' right

nothing to say

oh... can you send me a postcard from mars? thanx in advance

Originally Posted by suncollapse

but i think is as illusion to be anonymous. on the other hand i asked some posts ago for a php / http controlled rat. in order to command the rat by http and from any position like university or a cyber-cafe.

I think you are way to paranoid. I'm paranoid too but after some experience, the shit should disappear.
Anyway, you should use IRC to control your RAT if you are so paranoid. Keep in mind that almost every FW is logging all connections and I think that those logs can not be deleted very easy.

What are you hacking anyway? PPL are not so experienced to trace you back, ppl are busy with their own shit, like anyone would bother.

Anonymity is illusion that's why you need to be less paranoid. Use RAT that leaves nothing behind (dll, exe, reg settings etc), do not leave your RAT installed if you have stolen the information you need, do not go around and speak about your deeds like you have owned the earth and you should be fine.
Also, pay attention what you do with stolen information. Trade only with *known* 'traders'.

Trade only with *known* 'traders'

hey tjf have you got a list of these known traders /jk

LOL
sure.
find a channel #thieves-guild (accounts, carding, botnets, hacked shells, you name it)
or join #c0replay

I wasn't really joking you know. There are a lot of ppl who go for sensitive information. And then, if a person is so paranoid about his own security, I guess he is not hacking his neighbors who play video games, night and day.
Or, he simply wants attention to his php RAT or something...

edit:
*known* 'traders' - I was refering to ppl he knows who they are - I've just noticed how confusing it sounds LOL

oh well i think you'r right. by the way...in many situations irc cannot be used because use some "non universal open" ports like 80.

i dont want to collect "stolen" information

and from many posts i think this is the wrong place to talk abot

i remember the main difference between rat and trojan, and i play attention, ISP is everywhere eh eh eh

in an old situation at my work i was in such position :

ME <--LAN-.><---- remote proxy with open port only 80 ----->(WEB)<---LAN---><---host---->

a nat to nat.... hmmmm reverse is good by the way i was in the position to not have a fixed ip or a public ip. so i thought to use a system like "logmein" ( https://secure.logmein.com/go.asp?page=home ), this is a real bridge but in the form of html/connection acts like a web controlled rat

for this reason and for invisibility i wrote this post

i love this forum... i feel really at home...