A remote administration tool (RAT) is a programmed tool that allows a remote device to control a system as if they have physical access to that system. While desktop sharing and remote administration have many legal uses, “RAT” software is usually associated with unauthorized or malicious activity. So, here’s how we find out who just ratted our computer. How we backtrack a hacker’s IP to locate him. Let’s start how it works.
How to Backtrack a Hacker’s IP?
Following are the few requirements in order to backtrack a hacker’s IP.
- Wireshark (It’s a tool to capture and sniff the wireless connections.)
- Sandboxie (Sandboxie is a useful tool used to analyse files before completely letting them in your system. You can run any Virus in sandboxie.)
Steps to Follow
- First of all open Wireshark that you just have downloaded.
- Click on Wireless Network Connection or Local Area Connection and click Start button.
- Go to the filter bar and type “dns”. Use “smtp” and “ftp”.
- Now you will see a list of all the connections that are using dns.
- Now we are going to use sandboxie.
- Simply, go to the RAT, right click and run in sandboxie.
- Now if you are infected, but the virus is only trapped in sandboxie, you can easily kill the process. Make sure you CLEAR ALL SAVED PASSWORDS in ALL your web browsers, RATs can easily grab your saved passwords on web browsers FROM SANDBOXIE.
- Move back to the Wireshark, you should now see a connection between your computer and the RAT’s no-ip dns on the right side.
- It will look something like blahblah.no-ip.biz or blablah.zaptop.org.
- Once you got the RAT server’s no-ip, open cmd and type:
As you hit enter and you will get the IP address. This is the IP address of the hacker that is ratting on your computer.
This is all how to backtrack a hacker’s IP. Hope you it’ll make everything clear about how to backtrack a hacker’s IP or about how to backtrack remote administration tool.
Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.