basikRAT python Remote Access Trojan



This is a cross-platform Python 2.x Remote Access Trojan (RAT), basicRAT was created to maintain a clean design full-featured Python RAT. Currently a work in progress and still being actively hacked on.
Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. Accessing a computer system or network without authorization or explicit permission is illegal.

Features

  • Cross-platform (Windows, Linux, and macOS)
  • AES-256 encrypted C2 with D-H exchange
  • Accepts connection from multiple clients
  • Command execution
  • Standard utilities (cat, ls, pwd, unzip, wget)
  • System survey
  • Self-destruct
  • Primitive port scanning
  • Client reconnect

Usage

$ python basicRAT_server.py --port 1337

 ____    ____  _____ ____   __  ____    ____  ______      .  ,
|    \  /    |/ ___/|    | /  ]|    \  /    ||      |    (\;/)
|  o  )|  o  (   \_  |  | /  / |  D  )|  o  ||      |   oo   \//,        _
|     ||     |\__  | |  |/  /  |    / |     ||_|  |_| ,/_;~      \,     / '
|  O  ||  _  |/  \ | |  /   \_ |    \ |  _  |  |  |   "'    (  (   \    !
|     ||  |  |\    | |  \     ||  .  \|  |  |  |  |         //  \   |__.'
|_____||__|__| \___||____\____||__|\_||__|__|  |__|       '~  '~----''
         https://github.com/vesche/basicRAT

basicRAT server listening for connections on port 1337.

[?] basicRAT> help

Command             - Description
---------------------------------------------------------------------------
cat <file>          - Output a file to the screen.
client <id>         - Connect to a client.
clients             - List connected clients.
execute <command>   - Execute a command on the target.
goodbye             - Exit the server and selfdestruct all clients.
help                - Show this help menu.
kill                - Kill the client connection.
ls                  - List files in the current directory.
persistence         - Apply persistence mechanism.
pwd                 - Get the present working directory.
quit                - Exit the server and keep all clients alive.
scan <ip>           - Scan top 25 TCP ports on a single host.
selfdestruct        - Remove all traces of the RAT from the target system.
survey              - Run a system survey.
unzip <file>        - Unzip a file.
wget <url>          - Download a file from the web.

[?] basicRAT> clients
ID - Client Address
-------------------
 1 - 127.0.0.1

[?] basicRAT> client 1
Client 1 selected.

[1] basicRAT> execute uname -a
Running execute...
Linux meerkat 4.10.13-1-ARCH #1 SMP PREEMPT Thu Apr 27 12:15:09 CEST 2017 x86_64 GNU/Linux

execute completed.

Build a stand-alone executable



Keep in mind that before building you will likely want to modify both the HOST and PORT variables located at the top of basicRAT_client.py to fit your needs.


On Linux you will need Python 2.x, PyInstaller, and pycrypto. Then run something like pyinstaller2 --onefile basicRAT_client.py and it should generate a dist/ folder that contains a stand-alone ELF executable.


On Windows you will need Python 2.x, PyInstaller, pycrypto, pywin32, and pefile. Then run something like C:\path\to\PyInstaller-3.2\PyInstaller-3.2\pyinstaller.py --onefile basicRAT_client.py and it should generate a dist/folder that contains a stand-alone PE (portable executable).



Todo


  • Interactive shell

  • Client binary generation tool (cross-platform)

    • Pyinstaller

    • Switch options for remote IP, port, etc



  • Persistence (cross-platform)

    • Windows: Registry keys, WMIC, Startup Dir

    • Linux: cron jobs, services, modprobe

    • macOS: LaunchAgent, LaunchDaemons



  • Privilege Escalation (getsystem-esque, dirty cow)

  • Common C2 Protocols (HTTP, DNS)

  • Clean log files

    • Linux: bash history, var logs, audit logs, etc

    • Windows: Event logs, prefetch, etc



  • Screenshot

  • Keylogger

  • Expand toolkit (unrar, sysinfo)

  • Scanning utilities (probe scan / ping sweep, scanning subnet)

  • Password dumping (mimikatz / gsecdump)

  • Tunneling / Pivoting (ssh)

  • Anti-virus detection and evasion

  • VM and Sandbox detection

  • Exfil browser history

  • Search file system for sensitive information using regex

    • addresses, credit cards numbers, socials, PII, etc



  • Detect web cameras and take snapshots

  • Steal wifi passwords





Authors







YOU MAY ALSO LIKE: 
HARDEN TOOLS UTILITY THAT DISABLE RISKY WINDOWS FEATURES

JOIN OUR FACEBOOK GROUP FOR LATEST HACKING TRICKS AND MUCH MORE:
THE WHITE HAT HACKERS

Comments

Post a Comment

Popular posts from this blog

Install Conky Lua on your Linux machine and give it cool looks

Image
Conky is a free and light-weight system monitor for Ubuntu and other Linux distributions, that displays any information on your desktop with graphical interface. Conky is very popular among Ubuntu users and there are many beautiful themes available for it that can display your system information such as CPU usage, RAM usage, Clock, swap, disk, network monitor and more. My favorite theme for Conky is called Conky Lua which allows to display system information on nice rings. This Conky theme works on Ubuntu, Linuxmint, openSUSE, Debian and fedora. Download Conkey Lua here..  DOWNLOAD NOW!!!!!!! How to Install: First you must install Conky on your Ubuntu powered machine Open terminal in Ubuntu (Ctrl+Alt+T) and run the following command: sudo apt-get install conky-all Then download Conky Lua from  HERE DOWNLOAD!! Open your download folder and extract files from downloaded archive file. (right click on archive and select “Extract here”) We are using Ubuntu here so we extracted the ...
Read more

Clash of clans free download

Image
From rage-­filled Barbarians with glorious mustaches to pyromaniac wizards, raise your own army and lead your clan to victory! Build your village to fend off raiders, battle against millions of players worldwide, and forge a powerful clan with others to destroy enemy clans. PLEASE NOTE! Clash of Clans is free to download and play, however some game items can also be purchased for real money. If you do not want to use this feature, please set up password protection for purchases in the settings of your Google Play Store app. Also, under our Terms of Service and Privacy Policy, you must be at least 13 years of age to play or download Clash of Clans. A network connection is also required. FEATURES ● Build your village into an unbeatable fortress ● Raise your own army of Barbarians, Archers, Hog Riders, Wizards, Dragons and other mighty fighters ● Battle with players worldwide and take their Trophies ● Join together with other players to form the ultimate Clan ● Fight against riva...
Read more

Take down website using Slowloris DOS attack

Image
A DoS attack is a type of attack where an attacker can suspend services of a host or a website by sending a large number of traffic and making request constantly from two or more computer or by sending large number of packet (for which you can find tutorial  here  )which make small servers overload and server goes crash and result "Destination unreachable" Here i am going to DOS using Perl base program name Slowloris developed by  Robert "RSnake" Hansen. Slowloris is very effective program  which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. It keep connection open of the target and keep sending request and after some time some become unresponsive to other request which result in server down. It is very easy to use this program for which i am going to give step by step tutorial below STEP 1 As i said it's Perl base program, mostly i use this program on some  Linux d...
Read more