Detection of attack on Windows password: PupyRAT

Detection of attack on Windows password: PupyRAT

Authors

  • Dr. Juby Mathew ktu
  • Pratheesh Francis
  • Reshma Sarah Rony
  • Sandra Sebastian

Keywords:

Password cracking, Remote Administration Tool, Hashing, Backdoor attack

Abstract

Password cracking has become one of the popular means of breaking into one’s privacy. Various methods have been adopted to store passwords securely from intruders. One such method is to keep the passwords hashed. The user passwords in Windows are stored as hashed codes in a registry hive. To obtain these codes secretly and remotely from the target system, the Remote Administration Tool (RAT) like PupyRAT is used. It can connect to a target system through a backdoor attack. Once a session is created, the attacker can bypass the User Account Control (UAC) to gain the admin privilege. Only then can the attacker download the registry hive. To be able to bypass the UAC, PupyRAT injects multiple PowerShell commands into the target system. A system that detects these PowerShell windows is developed to alert and terminate possible RAT attacks.

Published

2022-06-23

How to Cite

Dr. Juby Mathew, Pratheesh Francis, Reshma Sarah Rony, & Sandra Sebastian. (2022). Detection of attack on Windows password: PupyRAT. National Conference on Emerging Computer Applications, 2(1). Retrieved from https://ajcejournal.in/nceca/article/view/35

Issue

Vol. 2 No. 1 (2020): NCECA 2020

Most read articles by the same author(s)