RAT

What Is Remote Administration Tool?

A Remote Administration Tool (RAT) is a piece of software that allows a remote “Operator” to control a system as if he has physical access to that system. While Desktop Sharing and Remote Administration have many legal uses, “RAT” software is usually associated with the criminal or malicious activities such as controlling remote PC’s, stealing victims data, deleting or editing some files. One can infect someone else by sending them a file called “Server”. If and when this server file is opened, it burrows itself deep in the system and starts to run in the background. Further, it may also send the attacker a message every time it’s active like when a computer is turned on.

How To Spread Remote Administration Tool?

Some RATs can spread over P2P (peer to peer) file sharing services (Torrents mostly), messenger and email spams (MSN, Skype, AIM, etc.) while other may tag along hiding behind some other software. The user installs something, clicks “Next” 5–6 times and voila! Without anyone ever finding out the RAT has compromised a system.

How To Control Remote Administration Tool Server?

Once installed, the RAT server can be controlled via an RAT client. Basically, it’s just an application that tracks your RAT’s movements. It tells you how many systems are infected, information on their system, versions of OS and other software, their IP address etc. It shows a whole list of IP addresses which may be connected to immediately. After connecting, you can make the computer do pretty much anything like you can send keylogger, uninstall their antivirus, crash their whole system, etc.

What is port forwarding?

In computer networking, Port Forwarding or port mapping is an application of Network Address Translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.
If you’re a gamer or are used to download torrents, you must’ve heard “Port Forwarding” as a way to increase download speeds, reduce lag, etc. In general Port forwarding refers to the redirecting of computer signals to follow specific electronic paths into your computer. The logic behind this shit is, if the computer signal finds its way into your computer a few milliseconds quicker, it will add up to be a possibly dramatic speed increase for your game or your downloading. Don’t start jumping around just yet, your internet connection is probably already optimized for maximum performance (It is so, by default).
Example: A Pencil-thin network cable (that goes into the network adapter) at the back of your computer contains 65,536 microscopic pathways inside it. Your network cable is just like a major highway, except your network cable has freaking 65,536 lanes, and there is a tollbooth on each lane. We call each lane as a “Port”. (FYI, 2^16 = 65,536. So, that tells us 2 bytes = 16 bits in all is sort of the “width” of network cables, which gives us 65,536 different possible combinations – hence, the same number of ports.)
Your internet signal is comprised of millions of tiny little cars that travel on these 65,536 lanes. We call these little cars as “Packets”. These packets can travel as quick as the speed of light, but they do observe a stop-and-go set of rules, where they are required to stop at each major network intersection as if it were a border crossing between countries, or connecting to a different ISP. At each intersection, the packet must do three things:
  • Find an open port.
  • Pass the identification test, that will allow it through that port, and if not.
  • Move to the next port and try again, until it is allowed to pass through the toll.
In some cases, packets sent by hackers will be caught and held at the intersection, where they will then be dissolved into random electrons. When this happens, it is called “Packet Filtering” or “Packet Sniffing”. Likewise, if a hacker gains control of a much-used port, he can control every bit of information that passes through it – Read it, modify or even delete it.
All in all, Port Forwarding is when you command your network router to proactively identify and redirect every packet to travel on specific electronic lanes. Instead of having every packet stop at each port in turn until it finds an open port, a router can be programmed to expedite the process by identifying and redirecting packets without having them stop at each port. Your router then acts like a type of hyper-fast traffic policeman who directs traffic in front of the toll booths.

Can An Antivirus Catch An Remote Administration Tool?

Yes, Actually, Hell Yeah! As a hacker, you will find antiviruses blocking your path at every damn step. But, like every problem, this too has a solution – “Encryption”. It’s called making your server “FUD (Fully Undetectable)”.
Example: Typically encrypted formats, let’s say the password protected .zip or .rar files (if they contain malicious software) can be caught by an Antivirus. Making a program FUD does pretty much the same thing, except it does so like a drunkard with OCD (Obsessive-Compulsive Disorder). What I mean is, running the software through an encryption program again and again so that nothing can recognize what it is and it can pass off as random harmless noise. Something called “Hex Editing” is a well-known way to go about doing this. This is a whole different topic in itself. So, more on this later.

Legal Or Illegal?

Well, some RATs are legal, and some are not. Legal are the ones without a backdoor, and they have the ability to close connection anytime.(Backdoor is something that gives the attacker access to the victim’s system without their knowledge). Plus these are not really referred to as RAT’s, that’s just our (hacker’s) dirty language where the Illegal ones are used for hacking and they may possibly steal data (or worse). A few examples are written below:
Legal:
  1. TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
  2. UltraVNC – Remote support software for on demand remote computer support.
  3. Ammyy Admin – Like TeamViewer, Ammyy Admin is another reliable and friendly tool for remote computer access.
  4. Mikogo – Mikogo is an Online Meeting, Web Conferencing, Remote Support tool where you can share your screen with several participants in real-time over the Web.
The above tools while very useful and very legal, require a green light from both the parties involved. That’s the main difference between the ones above and the ones below:
Illegal (Or Barely Legal):
  1. Spy-Net
  2. Cerberus Rat
  3. CyberGate Rat
  4. SubSeven
  5. Turkojan
  6. ProRat
These all are used for one purpose – Causing trouble, to say the least. RATs like the ones above are meant to be stealthy. After all, no hacker will want their victims to get a message like: “Congratulations! You have been infected!” (Or maybe let the Antivirus find it). Use any of these on an actual victim, and you will get a ticket to jail, or, at least, a fine. But these are actually used, and mostly without anyone ever suspecting anything wrong. The thing is, hacking is becoming much more of a serious business than a game. An RAT that simply crashes the OS or formats the hard disk gives nothing to the attacker, So why bother doing it in the first place? RAT’s today are evolving (pun unintended). They are becoming more like “parasites” instead of predators. They may be used for DDOSing (by creating massive botnets with tens of thousands of slave computers), clicking ads in the background (the usual click fraud), increasing blog and youtube “views”, even using the compromised systems to “earn money online”, by pushing surveys, exploiting the websites which offer a pay-per-install model, even “mining” bitcoins (Bitcoins are just a fancy new online currency. Bitcoins can be earned by devoting CPU power, then converted into real money, hence their potential exploitation by using RATs).

What’s DNS Host?

A DNS Hosting is a service that runs Domain Name System Servers. Most, but not all, domain name registrars include DNS hosting service with registration. Free DNS hosting services also exist. Many third-party DNS hosting services provide Dynamic DNS.
In general, Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates meaningful human understandable Domain Names into the Numerical (Binary) Identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

What Can Remote Administration Tool Do?

  • Manage files (Delete/Modify).
  • Controls Web Browser (Change homepage, open a website, etc.).
  • Get System Information (OS Version, AV name, RAM Memory, Computer name, Network Addresses, etc.).
  • Get Passwords, CC numbers or private data, etc (via Keylogger).
  • View and control remote desktop (Take the screenshot or a snap from the webcam).
  • Record camera, sound (Control mic and camera).
  • Controls victims I/O devices (mouse, keyboard, printer, etc.).
Pretty much everything you can do on your own computer, except play GTA V remotely. (Although technically, you can do that too)

Chances Of Getting Traced?

Yes as well as no because it’s all depends on the slave, it’s really hard to remove the infection or even trace a hacker. There are tools like WireShark, but it’s really hard to trace because PC usually got over 300 connections. So don’t worry.
Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Comments

Post a Comment

Popular posts from this blog

How To Find The WiFi Password Of Your Current Network

Image
How To Find The WiFi Password Of Your Current Network Method 1: Finding the WiFi Password  in Windows Using Command Prompt First open the Command Prompt on your Windows PC by typing  cmd  in the Start Menu. Now select  Run as administrator  by right-clicking on it. Once Command Prompt is opened, you need to type the following command in it   (Replace  fossbytes  with your WiFi network name), and hit enter. 1 < strong > netsh wlan show profile name = fossbytes key = clear < / strong > After hitting Enter, you will see all the details including your wifi password as  key content  (as shown in the above picture). In case you want a list of your previous WiFi connections, type this command: 1 netsh wlan show profiles Method 2: Revealing WiFi Password Using General Method in Windows First navigate through the system tray ...
Read more

Hacking Any Android Device Using AndroRAT App Binder

Image
Hacking Any Android Device Using  AndroRAT App Binder Usually any Android Device can be hacked using Metasploit Meterpreter attack but many people are not aware of that process as it is not user friendly. But using a simple tool called AndroRAT (Android Remote Administration Tool) it is possible for anyone to hack any Android device. By successfully running this tool one can retrieve following information from target Android device. Get contacts (and all theirs informations) Do vibrate the phone Get call logs Open an URL in the default browser Get all messages Send a text message Location by GPS/Network Do a toast Monitoring received messages in live Streaming video (for activity based client only) Monitoring phone state in live (call received, call sent, call missed..) Stream sound from microphone (or other sources..) Take a picture from the camera You can do almost anything with this tool. All you need to do is to install a simple application...
Read more

HOW 2 CLONE SIN CARD ONLY FOR EDUCATION

Image
HOW 2 CLONE SIN CARD Before I start, I would like to make one thing clear SIM Card Cloning is illegal . This tutorial should be used for educational purposes only.Please Try this { Clone SIM Card easily } on your own not others. Mobile Phone’s are everybody’s need. People often (mostly) do their confidential talks over cell phone’s, But only some know how easy it is to eavesdrop them, there are some tricks and hacks to do that, but the most powerful way is to clone their SIM Card. The Subscriber Identity Module aka SIM Card is the transmitter of signal to the mobile and tower. Our SIM cards contain two secret codes or keys called (imsi value and ki value) which enables the operator to know the mobile number and authenticate the customer, these codes are related to our mobile numbers which the operators store in their vast database, it is based on these secret keys that enables the billing to be made to that customer. The main mission in cloning a SIM Card is to get KI and IMS...
Read more