February 1, 2017

[Video/Guide] Nanocore: Reverse Proxy | RDP | Setup | Connection Troubleshooting

Little note:



Reverse Proxy
What does it do?

Reverse SOCKS allows you to use your clients public IP adress while browsing the internet.

How do I use it?

You will start off by enabling the ‘Network’ plugin in your plugins tab, followed by restarting Nanocore so the plugin becomes active.
You will then go to your Clients –> Connections tab and right clicking the client you wish to use the reverse proxy on.

You will then hover over ‘Network’ and click on ‘Create Reverse Proxy’.
[Image: a7ac82fa15e79901be32f6534238c6ff.png]

You will then be greeted by a box that looks like this. You can just leave this default or if you are experienced you can modify this to your liking before hitting continue.
[Image: 615b09d2b215c6d6fa45ad90fecfdedb.png]

When you’ve hit continue you should automatically be brought to the Network –> Proxy Manager tab which should look like following.
[Image: 2d93b8ece30b362f477a23881afa9791.png]

You’re now at your final step, you can whipe the sweat of your face in just a second.

In your preffered browser of choice head over to your ‘Networking’ tab.
In mozilla firefox this is done by clicking on ‘Settings’ –> ‘Advanced’ –> ‘Networking’ and this should look like following. (I know my picture is Dutch but it looks the same)
[Image: 249aa319208925b014ff7b9c96ec6b2d.png]

Click on the button indicated with the red arrow which says ‘settings’ and then you will copy what I’m showing you in the picture down below. (The port will be different for you!)
[Image: 96a2905be3796166348fbee4845601f7.png]

You can then click ‘OK’ head over to http://www.whatsmyip.org/ to check if your IP has indeed changed!
You’ve now completed the reverse proxy guide. Should any issues have arrived during this please head over to https://nanocore.io/support/ to ask for official support!

Remote Desktop Protocol
What does it do?

Remote desktop protocol is actually built into Windows. It allows you to control a user on a specific machine.

How do I use it?
(Make sure you have a reverse proxy running before starting this NOTE: You don’t need to do the browser part for this to work)

You’re going to right click on your client and hover over ‘Network’ followed by clicking on ‘RDP Manager’.
[Image: c26a97d9ad3fe40bfce7a33d7274d7b2.png]

You will be greeted by a little box that will have a ‘Install’ button ready for you to click at the top left corner. Click it.
You’ll see the title of the box briefly changes to ‘Installing…’ before displaying this.
[Image: 83f0de431aab8a23fc0ee0ae9a959e0d.png]

Right click –> Create account and choose a username/password followed by hitting create.
You’ll now see your username/password displayed in the collums below. (don’t worry if the password appears to be longer than you entered)

Next up is downloading Proxifier, you can do so from here: https://www.proxifier.com/
Open it and copy what I’m going to show you down below. Hold on to your tits cause this might seem confusing. Follow the numbers from 1 –> 3
[Image: d2789eae0ae07d0aa12096e690ff3c00.png]

Now that you’ve done the following you’re going to hit ‘OK’ at the bottom left of your box.
It’ll close that box, bring back the previous one (which should now hold the info you entered) which you will also click ‘OK’ on. You’re now ready to start the RDP.

In windows search utitlity type in ‘Remote Desktop Connection’ followed by opening it. You’ll get a box that looks like following.
[Image: 2960c0e44f0f8d4f63cc8b2c03dd1ec0.png]

Fill in ‘127.0.0.2’ and hit connect. If everything was done correctly you should now be remotely controlling your clients computer!
You’ve now completed the RDP guide. Should any issues have arrived during this please head over to https://nanocore.io/support/ to ask for official support!

DNS/PORT
You’ve bought Nanocore and are ready to get set up and working! Well we’re here to help you.

Ports
In order to receive outside connections you’re going to need an open port. If you don’t have an open port, you don’t have connections. Simple.

Opening Ports
The main issue with making a guide for port forwarding is that every router page is different and asks for different information.
Your best bet is to google your specific router type and following the guide you find there since it’ll hold information that’s impossible for me to know.

Here is a guide on the most basic form of port forwarding which most routers have.

Start off by opening your router page, this is usually done by entering your default gateway in to your browser. (Most people by default have 192.168.0.1)
Once you’ve opened your router page head over to port forwarding. This is usually found somewhere in the advanced tab and (if you’re lucky) should look like this.
[Image: 8724e01188291a2f8bfa3dd265706361.png]

What you’re looking at in order is: Local IP Adress — Begin port — End port — Protocol — Status

Your local IP adress is your IPv4 which you can find by typing ‘ipconfig’ inside of your CMD.exe without the ”.
Your begin/end port is the port you’re trying to open. Usually you’ll want to take 5 digits ports although this makes no difference. (I’ll use port 30000 for this guide)
Protocol this decides what connection types you’ll allow through the port. If it gives you the option choose both, if not choose TCP.
Status obviously you’ll want to make sure this is set to active. (so the port is open)

Now that you know all of this go ahead and fill in the information into your router page, it should look like following.
[Image: 6eba8a9a07a7bde30d08eeb430c31151.png]

Once you think you’ve filled in all necessary (you really should look up a guide for your router) you can go ahead and hit save.
Your port has now been opened but you’re not done yet, we still have to do something in Nanocore. Go ahead and open Nanocore.

Inside of Nanocore click on ‘Network’ –> ‘Port Manager’. At the bottom right of Nanocore hit add port and fill in the port you just opened.
Right click on the port inside of Nanocore and hit ‘Enable’ and you should be left with the following.
[Image: 99f53027e3140b51a565a454014581fd.png]

Now all that’s left is to add a rule to your windows firewall or temporarily disabling it so you can go test your port!
You can find an in-depth guide on how to do that here: https://technet.microsoft.com/en-us/libr…30369.aspx

Once you’ve added the rule to your firewall (or disabled it) you can go to http://canyouseeme.org and fill in your port to see if it’s open!

DNS
Using a DNS is in many cases not necessary although using one never hurts.

What does it do?
Well to understand this first of all you’ll need to understand how a C&C (Nanocore) <–> Client connection works.
The simple version. (All you need to know)

NO DNS

  1. Clients opens your .exe
  2. Client is now sending a direct signal to your IP. (since that’s what you entered in your builder)
  3. Client shows up in your list since your PC is now receiving a signal.
  4. Your IP changes so the client no longer shows up in list. You’ve now lost your client since you have no way of changing what IP your .exe is sending the connection to.

WITH DNS

  1. Clients opens your .exe
  2. Client is now sending a direct signal to your DNS. (since that’s what you entered in your builder)
  3. Your DNS is now re-directing that connection to your IP. (since your DNS is set up with your IP)
  4. You now receive a client connection in Nanocore.
  5. Your IP changes so you loose your client connection in Nanocore.
  6. You change your DNS IP to your new IP and your client connection comes back.
  7. This works because your connection is now as follows. Nanocore — (changeable) DNS — Client and NOT Nanocore — Client.

Setting up a DNS

Now that you understand how a DNS works and why you should use one it’s upto you to decide if you wish to use one.
If you do wish to use one you can keep reading since we’re covering how to do that as well!

For this guide we’ll be using a provider known as ‘Freenom’. There’s a lot of providers, you don’t HAVE to use this one.
Head over to: http://www.freenom.com/nl/index.html?lang=nl and fill in a name for your DNS. It can be anything! You can then click on ‘Search’.

Choose one of the free ones that pop up and click on ‘grab now’ followed by ‘Checkout’.
On the page that shows now you can change the period to 1 year for free, do that then click continue.

At the bottom left you should see a ‘verify your email adress’ box. Fill in your email adress followed by clicking ‘verify my email adress’.
Once you’ve verified your email it’ll ask you to fill in a lot of information. Go ahead and do that before hitting continue.

Now that you’ve done that you should be brought back to the default page where at the top right you have a ‘services’ option.
Click on that followed by ‘My domains’ –> ‘Manage Domain’ –> ‘Manage freenom DNS’. You should now have something that looks like following, fill in your information and save it.
[Image: a4164c3ba299b761bdcd6c153306ac3c.png]

Once you’ve done that hit save changes and your DNS is ready for use!

Building a binary with Nanocore
So your port is open, your DNS is properly configured and you’re ready to build your binary.
Building your binary is super easy, Nanocore even has some messages to help you along!

First of all you’ll need to figure out what your goal for that binary is. By that I mean is it for testing purposes? And where are you testing it?
Depending on where you’re testing/using it you’ll need to fill in a different IP inside of your client builder. Check the spoiler to figure out what IP you need to use for your situation!

Choosing your settings shouldn’t be too difficult since if you hover over an option Nanocore will tell you exactly what it does!
I’ll still give the 2 most commonly used as examples down below!

When testing on yourself use the following.
[Image: 932b6e8b41898ce28be3c18cb98953a6.png]

When sending a binary to your clients use the following.
[Image: c0423467dafe19eda06771eba4706595.png]

That’s honestly all you need to know when it comes to builder your binary.
If you have any further questions (first of all check connection troubleshooting) feel free to comment down below or visit our support site! https://nanocore.io/support/

Connection Troubleshooting
So you’ve set up Nanocore but it’s not working as intended? Have a read through this, you’ll likely find your issue.

  • Are you using the right IP adress?

This is where most people go wrong. Using the correct IP adress inside of your client builder will change the outcome of a lot things. Obviously.
Look in the spoiler to find a guide on what IP you should use for each situation.

  • Are you sure Nanocore is using the port and not another application?

If for example you are running 2 RATs at the same time you MUST use a different port for each of them. Make sure Nanocore has it’s own port opened JUST FOR NANOCORE.

  • Your clients dissapeared over night?

A few things could have happened here.
1) Your port closed. If your port has been closed all you need to do is go to your router page, change the IPv4 (since yours has now likely changed) and your port will be open again.
Clients still not there?
2) Your public IP has changed. If it has and you were not using a DNS as a safety feature your clients are now all gone. If you were using a DNS you only need to change the IP your DNS is pointing to to your new IP and your clients should return.
Clients still not there?
Impossible. If you’re facing this situation that means your clients have uninstalled Nanocore from their PC and you will have to ask for them to re-install it.

  • Is your firewall properly configured?

If you don’t wish for connections to be blocked you will have to disable/make exceptions inside of your firewall. (Make sure you allow TCP/UDP connections from the port used in Nanocore)
You can find an in-depth guide from Microsoft on how to do that here: https://technet.microsoft.com/en-us/libr…30369.aspx

  • Did all of the above but nothing worked?

Don’t worry! We’ve got your back. You can ask any further questions at our support site. Make sure you’re as descriptive as possible so we can help you as quickly as possible!
Here’s some great information for us to have: Your license key, what you’re trying to do, how you’re trying to do it, any kinds of errors, builder pictures, etc.
Support site: https://nanocore.io/support/

Category : Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by Bolkya Resha and Software Testing Theme