25. Lan Pentest Am I Hacked combined screens with Linux & Windows 7
----
How to tell if you're hacked in Windows 7?
1. User clicks on the payload, it allows a hacker to hack into their Pc through a Backdoor.
1. For Victims of Hacking, Right click on the task-bar, open the task manager.
2. Click on the performance tab.
3. Click on Resource Monitor...
4. Under Network Activity, you can see any network connection that is being made.
5. You can close out every other program that requires the Internet, and see what is left.
Some system processes may occaisionally reach out to the world through the network, but
if you have a persistent process that keeps having network activity for no known reason, you are likely hacked.
6. netstat /nao = in the Command Prompt Look for established network connections, these are current connections that are happening as we speak.
It also has a matching PID number as what we've seen in the Resource Monitor.
7. To kill it, you could just open the task manager, right click on the powershell, and left click go to process, then to end right click on powershell.exe and left click "End Process Tree Now".
8. tasklist = To kill it from command prompt, first find it with tasklist, you can also match the PID number, to the process in your Resource Monitor if you'd like to make sure it's the one that's using your Internet.
9. taskkill /im powershell.exe /f = You can kill it by the image name or the PID,
if you kill it by the PID you would enter, "taskkill /pid 3004 /f" (with the number being the PID Number.)
10. Now in Linux, they have been disconnected, unless the payload has been set to re-connect after a certain amount of time.
11. You can trace the IP to the Internet Service Provider from this link.
http://itools.com/tool/arin-whois-domain-search
You could likely get an abuse link email from that, or contact the Internet Company that's associated with that IP, they would have the authority to track down who was using that Ip.