Friday, 4 March 2016

Top Remote Administration Tools [RAT's] For Download for Educational purpose only

What is Remote Administration Tool? 
A Remote  Administration  Tool  is a malicious program which can be used to control the victim's computer remotely.The concept used for a RAT is client and server technology,where the hacker is the SERVER and the victim is the CLIENT.

Features Of RAT: 
  • Screen/camera capture or image control
  • File management (download/upload/execute/etc.)
  • Shell control (from command prompt)
  • Computer control (power off/on/log off if remote feature is supported)
  • Registry management (query/add/delete/modify)
  • Hardware Destroyer (overclocker)
  • Other software product-specific functions

These are the primary functions which are used by RAT and there are additional features when it comes to RAT Trojan

Additional Features:
  • Block mouses and keyboards
  • Change the desktop wallpapers
  • Downloads, uploads, deletes, and rename files
  • Destroys hardware by overclocking
  • Drop viruses and worms
  • Edit Registry
  • Use your internet connection to perform denial of service attacks (DoS)
  • Format drives
  • Steal passwords, credit card numbers
  • Alter your web browser's homepage
  • Hide desktop icons, task bar and files
  • Silently install applications
  • Log keystrokes, keystroke capture software
  • Open CD-ROM tray
  • Overload the RAM/ROM drive
  • Send message boxes
  • Play sounds
  • Control mouse or keyboard
  • Record sound with a connected microphone
  • Record video with a connected webcam
  • Show fake errors

In this Scenario,we will see the setup of the RAT for DarkComet,

This tutorial will explain how to set up and use the DarkComet RAT, a remote administration tool, with pictures.

Most remote administration tools require port forwarding because for the packets to reach your computer through the router, the router needs to know which computer on the network to send the packets to; you tell the router to forward any packets sent to specific port to a specific address on the network. We also need to set up a no-ip account and host because almost everyone has a dynamic IP address which means your IP address can change any moment and you will loose all your slaves/bots; no-ip prevents this by telling all bots to resolve your no-ip host which tells the bots what your IP address is.
Shutdown, restart, log-off, shut down monitor
Record and control victim's screen remotely
View, kill, and start tasks in task manager
Let the hacker surf the web with the IP-address of the infected computer

Let's get started

Portforwarding

1-Navigate to your router's internal IP address using a browser. This is generally 192.168.0.1 but it varies from model to model; I have a NetGear router. You can Google your router's model name and you will most likely find it.

2- Enter your login details. If you don't know them, ask your parents, if they don't know and your router is furnished by your Internet service provider you can try finding the details they gave you; or you can Google your router's model name and "default password" or something alike. It will generally yield results like "admin admin".

3-Click "Services"

4-Click "Add Custom Service".

5-Enter a name such as "Remote Administration" and select "TCP/UDP" and enter 1604 into both port fields. Press Apply.

6-Click "Firewall Rules".

7-Under "Inbound Services", press "Add".

8-Select "Remote Administration" from the drop down menu. Make sure it's set to "ALLOW always"for the Action drop down menu.

9-Open command prompt. Hold the Windows button on your keyboard and press R. Type cmd.exe and hit Enter.

10-In the command prompt window, type ipconfig and hit Enter.

11-Find your main adapter's IPV4 address. In my case it's 192.168.0.5. Enter it into the "Send to LAN Server" field

12-Press apply(done)

Setting up no-ip:
1-Navigate to www.no-ip.com in your browser.

2- Click on "Create Account"

3-Click "Sign Up" under Free DNS

4-Enter your details and press "I Accept, Create my Account".

5-You will receive an email with an activation link.
Click it to activate your account.

6-Login to your account and you will be in your control panel, press the large "Add a Host" button.

7-Enter a host name in the Hostname field that doesn't look suspicious. I use "socksproxy1" for example to make it look like it's just a proxy, even though it's not. Choose any domain they have, it doesn't matter; just make sure you remember it.

8-Don't change anything else, it's good as it. Your IP should be in the IP Address field.

9-Press Create Host".

                                     Darckcomet 5.3.1 from the below link.

2-You'll be presented with a RAR archive, extract it using free 7-Zip or paid WinRAR.

3-Open the folder you extracted DarkComet to and run DarkCometRAT.exe.

4-Select the "Socket / Net" at the top of the DarkComet window

5-Right click near the top list view and press "Add port to listen"

6-Type in 1604 or whatever port your forwarded. Uncheck "Try to forward automatically (UpNP)"; press "Listen".

7-Close the client settings window and click on the blue drop down menu again in the upper left hand corner and click on server module and then "Full".

8-If you entered a password in the client settings window before, Check "Security Password" and enter the password you entered. Press the "Generate" button several times next to the "Process Mutex" field. This will ensure that your slave won't be able to run the server twice by creating a mutual exclusion. If you plan on using the server in a crypter or distributing it on people who are likely to run it in a sandbox, make sure that "Active FWB" is unchecked.

9-On the left hand side of the window, click on "Network Settings". In the "IP/DNS" field enter your no-ip host name and for the "Port" field enter the port you forwarded; once you've entered the details, click "Add this configuration".

10-Click on "Module Shield" and ensure that the top three check boxes are checked to make the server more difficult to find.

11-Select "Build Module" and click "Build Server". You'll be prompted where to save the file, save it where you can retrieve it later.

Congratulations! You just port forwarded, set up no-ip, and downloaded + set up DarkComet.and please use any startup in your crypter not in your rat. I worked on this for around 6 hours or more, so if you enjoyed this tutorial, leave a thanks.
NOTE: For bypassing your anti virus without detection of your RAT installed on your PC,you should make your RAT as FUD[Fully UnDetectable].You can make your RAT as FUD by using CRYPTERS AND BINDERS.This is applied for installing it on your PC as server and on the victim's PC as client.So, if the Anti Virus detects the RAT as Malicious content,it will delete it without your permission.

Best way for installing on your PC [server] is to turn off your Anti virus for a while,till you make your RAT FUD using Crypters .

Top Notable RAT's are:
Cybergate
Blackshades
PoisonIvy
DarkComet.....Download It HERE
Paradox
Xtreme RAT
Arcom RAT 1k.....Download It HERE
And the rest you can get it for download by clicking HERE

0 comments:

Post a Comment