For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Neo's Guide to RAT [Updated 7.1.12]
06-30-2012, 11:26 PM,
Post: #1
Neo's Guide to RAT [Updated 7.1.12]
Neo's Guide to RAT [Updated 7.1.12]

Remote Administration Tools

RATs stand for Remote Administration Tools. It is a program used to control an Remote PC. Hence, the name “Remote Administration Tool”. They can be used both for White Hat or Fun or personal purposes and also Black Hat or Malicious purposes. The user may take complete or partial control of a Remote Computer with or without his acknowledgement.

Functioning of a RAT

The RAT program is referred to as Client. The RAT client builds an program called server/virus. The server is often referred to as Trojan Horses. The RAT Client needs to use a specific port for the program to communicate with the host. For more about it just scroll down. So, when the server is ran on a remote PC, the infected PC starts communicating with the client. Many RAT used for Black Hat purposes make their functioning hidden from the Host. Thus, when a connection is established the Client can take full or partial control of his computer. When a RAT server is installed without the acknowledgement of the Host then the Host is often referred to as Bot, slave, slave, install, etc.

Types of RATs and its features

Non-Malicious RATs

  • Team viewer
  • Log me in
  • Ammy
  • Join.me

They're mostly used for Personal or White Hat purposes. These require the Host’s permission and the host can cut off the connection any time if wanted. So it’s useful to fix a Remote Computer just sitting at your PC.

Malicious RATs

The name suggests it. It is used for blackhat purposes. Like stealing their information, spying on them,etc. Especially without their knowledge.

TCP RATs

They communicate directly from the host to the client. They require portforwarding. They have many feature than Php/Http bots.
So more features = More fun. They are always the first priority. Get to the Php/Http RAT if you have serious problems in portforwarding.

Free RATs
  • Dark-comet
  • Cyber Gate
  • Poison Ivy
  • Bi-frost
  • Spy-Net
  • Xtreme RAT

Paid RATs

  • Blackshades NET
  • Paradox RAT
  • Client mesh
  • Anguish RAT

PHP/HTTP RATs

They work without the need to port forward. Its more stable than TCP RATs but will have relatively less features though.

List of common Php/Http RATs

  • Vertex NET
  • Loki RAT
  • BlackShades Fusion
  • Lynx RAT
Some general features of a RAT

  • Block mouse and keyboard
  • Change your desktop wallpaper
  • Download, upload, delete, and rename files
  • Drop viruses and worms
  • Edit Registry
  • Format drives
  • Grab passwords, credit card numbers
  • Hijack homepage
  • Hide desktop icons, taskbar and files
  • Log keystrokes, keystroke capture software
  • Open CD-ROM tray
  • Overload the RAM/ROM drive
  • Print text
  • Play sounds
  • Randomly move and click mouse
  • Record sound with a connected microphone
  • Record video with a connected webcam
  • Shutdown, restart, log-off, shutdown monitor
  • Steal passwords
  • View screen
  • View, kill, and start tasks in task manager

Ports

A port is needed for any Remote Connection to communicate with your Computer. For Example, Port 80 used for Web services , Port 25 is used for SMTP. So, a port is needed for every specific program to communicate with a Remote device. Obviously, a RAT too needs a port to communicate with the Remote PC(Host).

Port Forwarding

Port forwarding is the method of opening a specific port on the router to allow out bounding connections. For forwarding a port you must need access to your router. Sometimes UPnP is used in case you don’t have access to your router and your router supports UPnP. UPnP means Universal Plug and Play. If your router supports UPnP then the port may be opened using a third party software such as Utorrent.

VPN

VPN or Virtual Private Network. I need not explain it much here. Its used to hide your IP and stay anonymous. Its like if your under a VPN when you request a web resource it first goes into the VPN server and gets the web resource. Some VPNs may allow you to open some certain ports. So, it can solve your port-forwarding issues.

DNS

DNS known as Domain Name System. If you have an dynamic IP your IP changes often. So, its practically not possible for the bots to stay connected to you. So, a DNS provides you an domain which will redirect to whatever IP you have.

There many DNS providers the most widely used are:
  • NO-IP
  • dyndns


Cryptography

It’s the method of hiding your server from Anti-Viruses. It’s because most of the RAT server are detected by many Anti-Viruses. So when your Victims open your server their Anti-Virus may block it. So in this case a crypter is used. It’s the software that protects your server from Anti-Viruses. So, every crypter has a stub either inbuilt or separate from the crypter. A stub is a code when added to your server makes it FUD or UD.

FUD: Fully Un-Detected
It means that the stub is un-detectable by all Anti viruses.
UD: Un-detected
It means that the stub is un-detected by few anti-viruses and few detect it.

Virus scanning sites

They are often used to check a binary for threats/viruses. These sites use multiple Antivirus engines to test the binary uploaded. Most of them are co-operated by Antivirus companies and they send the binary samples to the Antivirus companies for analyzing them. So if your FUD server is uploaded to sites like this your server will get detected by Antivirus companies. So, obviously your FUD server will become UD. But, some sites do not give out the binary samples to Antivirus companies. They are often used to check the FUD or UD status of the server/stub.

Some sites that give out samples

Virus total
Virus jotti

Some sites that don't give out samples:

http://elementscanner.net/
http://my-avscan.net/
http://www.novirusthanks.org/ (make sure you check the do not distribute sample)

Dependencies

Some crypters coded in VB.NET or C# needs .NET framework for the stub to run. So, they are often described as “.NET dependent crypter”. .NET framework usually comes pre-installed on Windows Vista or above.
Some crypters coded in C++, ASM, VB6 or any other language that does not involve .NET can be run on systems even without .NET framework. They are pretty much stable and have high execution rates. But, they are relatively costlier than the .NET dependent ones.

Java Driveby

It’s a java applet its uploaded to an webhost. Its often covered by an legit looking site clone. So, when the slave opens up the website. An java message pops up. With two options Run or cancel. 90% of people will click Run. So, when Run is clicked your server is executed inside their computer without their knowledge.

Botkilling

Botkilling also known a Ruskilling. The name describes it killing your bot/server. So, it means killing other bots/servers inside the slave’s computer. Some crypters and RATs have this function. Though it may be useful sometimes it will frustrating when you buy some bots and they botkill your server.
Quote
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
06-30-2012, 11:54 PM,
Post: #2
Neo's Guide to RAT [Updated 7.1.12]
Thanks to admin for sharing this.....

This will definitely helps to get to know about the RAT tools available for different purpose..
Once again thanks :-)
Quote
07-01-2012, 10:24 AM,
Post: #3
Neo's Guide to RAT [Updated 7.1.12]
Thanks Bro my next tut readdy :cool:
Quote
08-20-2012, 07:03 PM,
Post: #4
Neo's Guide to RAT [Updated 7.1.12]
Nice tut..thanks for this pretty much helped..
Quote
08-20-2012, 08:01 PM,
Post: #5
Neo's Guide to RAT [Updated 7.1.12]
Welcome Bro :D

Need help ! just ping me Blackhat
Jabber : c0defire@xmpp.jp
ICQ : 701491310

Quote
02-11-2013, 05:10 AM,
Post: #6
Neo's Guide to RAT [Updated 7.1.12]
Mate this Tut have such great illustration , Cheers
Quote
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
11-14-2013, 01:13 AM,
Post: #7
Neo's Guide to RAT [Updated 7.1.12]
Nice tut bros, keep it up.........
Quote
11-29-2015, 09:33 AM,
Post: #8
RE: Neo's Guide to RAT [Updated 7.1.12]
잘쓸게요 ..............................
Quote


Possibly Related Threads...
Thread Author Replies Views Last Post
RAT SETUP | BEGINNERS GUIDE | SUPPORT tundizzt 25 17,244 09-18-2019, 06:27 AM
Last Post: MKYBR
Download Bozok RAT v1.5.1 Updated Codefire 98 80,434 06-02-2019, 12:06 AM
Last Post: apatis

Forum Jump:


Users browsing this thread: 1 Guest(s)
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp


All rights reserved © 2012-2015 OffensiveCommunity, Designed at WallBB Co Uk
Powered By MyBB, © 2002-2019 MyBB Group.