A remote access tool (a RAT) is a piece of software that allows a remote "operator" to
control a system as if he has physical access to that system. While desktop
sharing and remote administration have many legal uses, "RAT" software is usually
associated with criminal or malicious activity. Malicious RAT software is typically installed
without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its
operation from the victim and from security software.
Basically RAT is a tool which allows unauthorized Remote access to someone’s
computer system, and allows us to remotely control the system, modify content and
blow of its Privacy.
Its primary function is for one computer operator to gain access to remote PCs. One
computer will run the "client" software application, while the other computer(s) operate as
the "host(s)".
The RAT Trojans can generally do the following:
Block mouse and keyboard
Change your desktop wallpaper
Download, upload, delete, and rename files
Drop viruses and worms
Edit Registry
Use your internet to perform distributed denial of service attacks (DDoS)
Format drives
Grab passwords, credit card numbers
Hijack homepage
Hide desktop icons, taskbar and files
Log keystrokes, keystroke capture software
Open CD-ROM tray
Print text
Play sounds
Control mouse or keyboard
Record sound with a connected microphone
Record video with a connected webcam
Shutdown, restart, log-off, shutdown monitor
Steal passwords
View screen
View, kill, and start tasks in task manager
A well designed RAT will allow the operator the ability to do anything that they could do
with physical access to the machine.
The different types of RAT Software’s are:
DarkComet RAT
Blackshades RAT
Xtreme RAT
Cybergate RAT
Sub Seven
Pain RAT
JRAT
Net Devil
Apocalypse RAT
Shark RAT
Back Orifice
Bandook RAT
Bifrost
LANfiltrator
Optix Pro
ProRat
Step 1 – Setting Up Your DNS
Questions to ponder:
Slaves or victims are connected to as long as we are online, but what will happen if we
accidently or purposely go offline?
Will they connect to us again when we are online again?
The answer to all this is, that the victims catches will disappear if the connection between
them and us is disturbed or terminated ev en for once, So in order to keep the connection
between them and us alive we use a Domain service which will act as a temporary host in
place of us, So that When we are offline it will take our place and make the connection
alive and we are back, Then to give back the session to us.
So for all this you need to register on to an active Domain/ Website
So you’ll need a DNS so that the slaves have a connection to connect back to you.
You’ll need to go to No-ip.com.
It is a free Domain registering website that allows us to register a domain, so as to link it
to our account.
After you go to no-ip you’ll need to register an account, after you do this you should be
able to login.
After you see this page click on "Add a Host".
This is going to be your host name, this can be any name, and there are some sample
hosts names given you have to choose from it. For the hostname input any name you
want.
Congrats you now have a DNS for your RAT
Then you’ll scroll down and click on "add Host"
Now that we have created a Domain, we need some intermedium connectivity with the
domain, so we use special software which acts as an interface between our machine and
the domain registered.
In this case, we are going to use the software by the name DUC Client.
This client is available free on the same website, just go on and download the client.
Go to Download options and download the software
Now install this DUC (Dynamic Update Client) T ool and Login via noip details.
The details will be the same that you have filled in the domain registration time.
After Successfully Login, Please click on Select Hosts and Select your all hosts
After selecting your hosts, click on Refresh Now button.
Step 2 – Port Forwarding
Port forwarding is the process that your router or firewall uses to sort the right kind of
network data to the right port. Computers and routers use ports as a way to organize
network data. Different types of data, such as web sites, file downloads, and online games,
are each assigned a port number.
Basically Port forwarding is a process of assigning a dedicated logical port to our newly
made virus. By using port forwarding, the router or firewall sends the correct data to the
correct place.
PORT FORWADING WAY 1:
Now to open or forward the port, you need to go to router setting page, now First of all
you need to know your ip address it may or may not be asked by the router . To check your
ip open your command prompt (cmd) through RUN Command and type “ipconfig”
Note Down your IPv4 Address and Default Gateway and Open your Default Gateway
address in your browser by typing this link http://192.168.1.1/
On the router setting page, follow these steps to locate the appropriate setting column.
Generally the port address field is found in NAT settings Virtual Servers or in
Firewall settings
The entries made should be of both TCP and UDP protocol, make sure the settings are
saved before exiting
WAY 2: You can also Open/ Port Forward your port by adding the entry into your Torrent
client.
Torrent clients like: Bit Comet, Bit torrent, U Torrent etc. All you have to do is, initialize any
torrent client and start downloading any torrent file, after it begins downloading open the
properties if the torrent file, there you will notice a port number generally having the value
in thousands, you can change that value to the value of port number you want and click on
update/ save, and so the torrent client will activate that specific port for the downloading of
the requisite torrent file.
TO CHECK IF PORT IS OPEN/IN FORWARD MODE OR NOT:
To check if the port is in open /forward mode or not, we first add the entry into our Dark
Comet client,
That is, we simulate our Remote access tool to start listening for activities on the specific
ports.
This can be done by , opening your DARK COMET Client, from the tabs given click on
Socket/Net, from there in the list right click and click on add port/listen to new port
and enter your port number, or if there are more than one port repeat the process and add
all your port number step by step.
Now that the client is in listening mode, open your web browser and open the URL,
“canyouseeme.org”. Here enter your port no which you want to confirm is open or not.
If it is a success, then it will look like this
Step 3 – Make a Payload Virus/Trojan
Open your Dark Comet client , click on DARK COMET RAT Server Module Full
Editor (Expert mode).
S1) First of all in the Main setting window, in the process mutex column click 2-3 times
on Random to generate a random algorithm.
Then in Server ID column you can give a nameif not then leave it as it is, then in Profile
name , you can give a profile name for the setings we wil use, so that in future you don’t
have to again tune all settings, just load the previous profile.
You can also use the active FWb option to bypass the firewall security , so that it can easly
run with firewall on in victims system.
S2) Now in the next step i.e. in Network setting window, in IP/DNS column enter your
domain name which was created on your no-ip account, and in Port column add the
unique port number which you have set in port forward mode
S3) that is Module startup, here are many a great options to use, first option is to start
the stub in windows , that is to start your virus file as a windows operating file, you can
here define the name of the process by which it will run , and will be shown in the process
manager.
Also on to the next option you can choose to melt the file, that is after the very first
execution the file will melt itself that is will disappear, but the process will continue to run.
Also you can change the Creation date, along with you can change the Attributes of the
virus, like you can make it hidden, system file, read only file etc.
S4) Moving on to the next option of Install message, here you can create a message
that you want to display , when anybody runs your virus file.
S5) Now the next option is Module shield, here are given variety of options to safeguard
your virus file. You can choose all the options or the option which pleases you the most
S6) Next option is of key logger , use it if you have a active FTP account, fill the columns
and enjoy every keystroke pressed b y the victim onto his/her system
S7) The next to next options are generally of no big use, so we skip them, coming to next
option of File binder, here you can bind your virus file onto some existing file, so that
your virus is not visible, as it will be masked onto some existing file, after choosing the file ,
click on add file/bind file to generate a newly binded file
S8) Next is to choose an Icon for the file,
S9) Last option is Stub finalization; here you can choose to compress your virus.
When done, click on generate/Build the stub, provide a specific path for the file to generate,
after that your file will be saved for distributing to others.
Here is a list of the victims catched by this activity.
control a system as if he has physical access to that system. While desktop
sharing and remote administration have many legal uses, "RAT" software is usually
associated with criminal or malicious activity. Malicious RAT software is typically installed
without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its
operation from the victim and from security software.
Basically RAT is a tool which allows unauthorized Remote access to someone’s
computer system, and allows us to remotely control the system, modify content and
blow of its Privacy.
Its primary function is for one computer operator to gain access to remote PCs. One
computer will run the "client" software application, while the other computer(s) operate as
the "host(s)".
The RAT Trojans can generally do the following:
Block mouse and keyboard
Change your desktop wallpaper
Download, upload, delete, and rename files
Drop viruses and worms
Edit Registry
Use your internet to perform distributed denial of service attacks (DDoS)
Format drives
Grab passwords, credit card numbers
Hijack homepage
Hide desktop icons, taskbar and files
Log keystrokes, keystroke capture software
Open CD-ROM tray
Print text
Play sounds
Control mouse or keyboard
Record sound with a connected microphone
Record video with a connected webcam
Shutdown, restart, log-off, shutdown monitor
Steal passwords
View screen
View, kill, and start tasks in task manager
A well designed RAT will allow the operator the ability to do anything that they could do
with physical access to the machine.
The different types of RAT Software’s are:
DarkComet RAT
Blackshades RAT
Xtreme RAT
Cybergate RAT
Sub Seven
Pain RAT
JRAT
Net Devil
Apocalypse RAT
Shark RAT
Back Orifice
Bandook RAT
Bifrost
LANfiltrator
Optix Pro
ProRat
Step 1 – Setting Up Your DNS
Questions to ponder:
Slaves or victims are connected to as long as we are online, but what will happen if we
accidently or purposely go offline?
Will they connect to us again when we are online again?
The answer to all this is, that the victims catches will disappear if the connection between
them and us is disturbed or terminated ev en for once, So in order to keep the connection
between them and us alive we use a Domain service which will act as a temporary host in
place of us, So that When we are offline it will take our place and make the connection
alive and we are back, Then to give back the session to us.
So for all this you need to register on to an active Domain/ Website
So you’ll need a DNS so that the slaves have a connection to connect back to you.
You’ll need to go to No-ip.com.
It is a free Domain registering website that allows us to register a domain, so as to link it
to our account.
After you go to no-ip you’ll need to register an account, after you do this you should be
able to login.
After you see this page click on "Add a Host".
This is going to be your host name, this can be any name, and there are some sample
hosts names given you have to choose from it. For the hostname input any name you
want.
Congrats you now have a DNS for your RAT
Then you’ll scroll down and click on "add Host"
domain, so we use special software which acts as an interface between our machine and
the domain registered.
In this case, we are going to use the software by the name DUC Client.
This client is available free on the same website, just go on and download the client.
Go to Download options and download the software
Now install this DUC (Dynamic Update Client) T ool and Login via noip details.
The details will be the same that you have filled in the domain registration time.
After Successfully Login, Please click on Select Hosts and Select your all hosts
After selecting your hosts, click on Refresh Now button.
Step 2 – Port Forwarding
Port forwarding is the process that your router or firewall uses to sort the right kind of
network data to the right port. Computers and routers use ports as a way to organize
network data. Different types of data, such as web sites, file downloads, and online games,
are each assigned a port number.
Basically Port forwarding is a process of assigning a dedicated logical port to our newly
made virus. By using port forwarding, the router or firewall sends the correct data to the
correct place.
PORT FORWADING WAY 1:
Now to open or forward the port, you need to go to router setting page, now First of all
you need to know your ip address it may or may not be asked by the router . To check your
ip open your command prompt (cmd) through RUN Command and type “ipconfig”
address in your browser by typing this link http://192.168.1.1/
On the router setting page, follow these steps to locate the appropriate setting column.
Generally the port address field is found in NAT settings Virtual Servers or in
Firewall settings
The entries made should be of both TCP and UDP protocol, make sure the settings are
saved before exiting
WAY 2: You can also Open/ Port Forward your port by adding the entry into your Torrent
client.
Torrent clients like: Bit Comet, Bit torrent, U Torrent etc. All you have to do is, initialize any
torrent client and start downloading any torrent file, after it begins downloading open the
properties if the torrent file, there you will notice a port number generally having the value
in thousands, you can change that value to the value of port number you want and click on
update/ save, and so the torrent client will activate that specific port for the downloading of
the requisite torrent file.
TO CHECK IF PORT IS OPEN/IN FORWARD MODE OR NOT:
To check if the port is in open /forward mode or not, we first add the entry into our Dark
Comet client,
That is, we simulate our Remote access tool to start listening for activities on the specific
ports.
This can be done by , opening your DARK COMET Client, from the tabs given click on
Socket/Net, from there in the list right click and click on add port/listen to new port
and enter your port number, or if there are more than one port repeat the process and add
all your port number step by step.
Now that the client is in listening mode, open your web browser and open the URL,
“canyouseeme.org”. Here enter your port no which you want to confirm is open or not.
If it is a success, then it will look like this
Step 3 – Make a Payload Virus/Trojan
Open your Dark Comet client , click on DARK COMET RAT Server Module Full
Editor (Expert mode).
on Random to generate a random algorithm.
Then in Server ID column you can give a nameif not then leave it as it is, then in Profile
name , you can give a profile name for the setings we wil use, so that in future you don’t
have to again tune all settings, just load the previous profile.
You can also use the active FWb option to bypass the firewall security , so that it can easly
run with firewall on in victims system.
domain name which was created on your no-ip account, and in Port column add the
unique port number which you have set in port forward mode
S3) that is Module startup, here are many a great options to use, first option is to start
the stub in windows , that is to start your virus file as a windows operating file, you can
here define the name of the process by which it will run , and will be shown in the process
manager.
Also on to the next option you can choose to melt the file, that is after the very first
execution the file will melt itself that is will disappear, but the process will continue to run.
Also you can change the Creation date, along with you can change the Attributes of the
virus, like you can make it hidden, system file, read only file etc.
S4) Moving on to the next option of Install message, here you can create a message
that you want to display , when anybody runs your virus file.
S5) Now the next option is Module shield, here are given variety of options to safeguard
your virus file. You can choose all the options or the option which pleases you the most
S6) Next option is of key logger , use it if you have a active FTP account, fill the columns
and enjoy every keystroke pressed b y the victim onto his/her system
S7) The next to next options are generally of no big use, so we skip them, coming to next
option of File binder, here you can bind your virus file onto some existing file, so that
your virus is not visible, as it will be masked onto some existing file, after choosing the file ,
click on add file/bind file to generate a newly binded file
S8) Next is to choose an Icon for the file,
S9) Last option is Stub finalization; here you can choose to compress your virus.
When done, click on generate/Build the stub, provide a specific path for the file to generate,
after that your file will be saved for distributing to others.
Here is a list of the victims catched by this activity.
.png)
This blog is more effective and it is very much useful for me.we need more information please keep update more.
ReplyDeleteSelenium Training in Chennai
Selenium Course in Chennai
JAVA Training in Chennai
Python Training in Chennai
Big data training in chennai
SEO training in chennai
Selenium Training in Chennai
Selenium Training in Tambaram