In response to the trojan discussion, here's a short tutorial on IP adresses:
Every computer which is connected to the internet has a unique postal code, the IP adress. Every IP adres (or IP number) consists of 4 times a value between 0 and 255. These value's are seperated by dots. An example of an IP adress (the IP of www.microsoft.com) is 184.108.40.206
There is but one more rule to these IP's, the first number can not be less than 127.
Have you ever heard of, or seen the IP adress 127.0.0.1? This is a very common IP adress. It's the IP of your computer. And mine. And that of Gideon Omega. This IP adress directly links to the computer that requests it. As I said, every computer connected to the internet has one. But how can you get hold of someone's IP adress? There are several ways to doing this:
1. For a website, just ping it! (Pinging is sending a small packet to the destination pc and requesting that pc to send it back.) To do this, go to the command prompt (Start --> Run, a little screen appears. Type command or cmd and press enter) and type "ping www.microsoft.com". (www.microsoft.com can be replaced by any other website) The response will be something like:
Pinging to www2.microsoft.akadns.net [220.127.116.11] with 32 byte data.
Hey, do you recognize the IP adress in this line of text? That's right, it is surrounded by [ and ]. There you go, that's the ip adress of the website.
2. For a PC, there are several ways to do this. My personal favourite makes use of MSN Messenger. You simply send a file (perhaps the trojan.exe?
) to the victim. As the transfer is in progress, type in command prompt "netstat". This should invoke a nice response, which lists all the connections your computer is involved in. Something like:
TCP h9f8t3:2457 18.104.22.168:4662 ESTABLISHED
TCP h9f8t3:40858 SpeedTouch.lan:1025 TIME_WAIT
TCP h9f8t3:2460 messenger.latam.msn.com:80 ESTABLISHED
Now, what does this mean?
the first line:
TCP - this is the protocol
h9f8t3:2457 - h9f8t3 is my computer's name, 2457 is the port used on my side
22.214.171.124:4662 - the remote's computers name, and the port used on the remote side
ESTABLISHED - This simply states that the connection is up
What do we learn from this line? Well, this line probably contains the IP adress of our victim, for the other two computernames are SpeedTouch.lan (This is the name of my dsl-router) and messenger.latam.msn.com. This one simply keeps you signed in to Messenger.
There you go, the victims IP adress.
Another fine method is simply sending the victim an email (provided the victim has an @hotmail
.com emailadress. Keep it simple and friendly. Ask for a reply. When the reply comes in, you can look up the IP adress that sent the email in the email header. How to do this is pretty well described by hotmail itself.
Voila, there you go, that's about all I know about IP adresses. If anyone who reads this knows more about them, please post the info here.