Learn About Computers

Would you like to react to this message? Create an account in a few clicks or log in to continue.
Learn About Computers

Teaching about Computers


    25. Lan Pentest Am I Hacked combined screens with Linux & Windows 7

    avatar
    Aof
    Admin


    Posts : 97
    Join date : 2018-03-24

    25. Lan Pentest Am I Hacked combined screens with Linux & Windows 7 Empty 25. Lan Pentest Am I Hacked combined screens with Linux & Windows 7

    Post by Aof Tue May 29, 2018 12:59 am


    25. Lan Pentest Am I Hacked combined screens with Linux & Windows 7
    ----
    How to tell if you're hacked in Windows 7?
    1. User clicks on the payload, it allows a hacker to hack into their Pc through a Backdoor.
    1. For Victims of Hacking, Right click on the task-bar, open the task manager.
    2. Click on the performance tab.
    3. Click on Resource Monitor...
    4. Under Network Activity, you can see any network connection that is being made.
    5. You can close out every other program that requires the Internet, and see what is left.
    Some system processes may occaisionally reach out to the world through the network, but
    if you have a persistent process that keeps having network activity for no known reason, you are likely hacked.
    6. netstat /nao = in the Command Prompt Look for established network connections, these are current connections that are happening as we speak.
    It also has a matching PID number as what we've seen in the Resource Monitor.
    7. To kill it, you could just open the task manager, right click on the powershell, and left click go to process, then to end right click on powershell.exe and left click "End Process Tree Now".
    8. tasklist = To kill it from command prompt, first find it with tasklist, you can also match the PID number, to the process in your Resource Monitor if you'd like to make sure it's the one that's using your Internet.
    9. taskkill /im powershell.exe /f = You can kill it by the image name or the PID,
    if you kill it by the PID you would enter, "taskkill /pid 3004 /f" (with the number being the PID Number.)
    10. Now in Linux, they have been disconnected, unless the payload has been set to re-connect after a certain amount of time.
    11. You can trace the IP to the Internet Service Provider from this link.
    http://itools.com/tool/arin-whois-domain-search
        You could likely get an abuse link email from that, or contact the Internet Company that's associated with that IP, they would have the authority to track down who was using that Ip.


      Current date/time is Thu Mar 28, 2024 8:34 pm