Assuming that you must be knowing about the Keyloggers, they send data to hackers in regular intervals which is usually 5 to 10 minutes. Following are the two methods by which it is done :
- Using the Emails : A hacker configures his email and password while creating the server, The keylogger records and stores the keystrokes in a temp file and sends it to the email id of the hacker which he configured. But this generally has a limit as most of the email services give only 500 composed and received mails so most hackers use the second method -
- FTP Server : While creating the server of their keylogger, hackers configure their FTP Server where they receive the logs of keystrokes in a text file. Their keyloggers
upload the file to their FTP Servers after few minutes intervals.
If we monitor all data packages we can easily scan for one of these and then we will have the hackers email or FTP info :) . You might ask What we can do with this; Highly skilled hackers obviously wont allow this as they usually create a completely separate Email or FTP which leaves no traces, But novice skilled hackers (There's a whole bunch of them out there) will use their own email address and info. An example could be that you find the name of the person from the email you backtraced - this ain't his primary email, so there's nothing valuable. From there you can Google his name, you'll probably find his real email on some or other site; then simply try to login to it using the password from the fake email (most novice skilled hackers will have the same password).
Wireshark is a very famous hacking tool used by hackers and forensic experts to monitor the packet flow of their network cards. Well, Packets are just a bunch of data.
Lets begin with the procedures -
STEPS TO REVERSE ENGINEERING EMAIL OR FTP SERVER PASSWORDS :
- First of all download Wireshark from here - www.wireshark.org/download.html (While wireshark is being installed, be sure to install Winpcap with it otherwise it will have problem while working.
- Now navigate to Capture button in Top menu of Wireshark and select your interface (Interface means your network card - Ethernet or WLAN)
- Wireshark will start Capturing the packets through your Network card. Just keep capturing the records for at least 30 minutes to obtain quality results and after that Stop capturing the packets.
- Now you have to filter your results, Go to Filter box and type FTP and SMTP one by one. (If you get result in FTP then the hacker is using FTP server, if not then the hacker is using SMTP, so type SMTP)
- As you scroll down you will witness the FTP username and password of the FTP server of the victim if he is using FTP, If he is using SMTP then you'll find the Email and password of the victim.
NOTE: This won't work in all cases, but it's certainly worth trying. Who wouldn't want revenge if some skid infected your precious PC?
I spent a long time in writing this tutorial. Please spend your 5 minutes to say thanks.



