[Tut] Guide to RAT's [All you wanted to know about RAT]

Monday, August 15, 2011

NOTE: This tutorial is written for educational purpouses only! Spreading malicious software may be Illegal in your country/state.


Introduction

What is a RAT?

A Remote Administration Tool (RAT) is a type of virus which allows you to remotely control an infected PC, different RAT's have different functions, common functions include:
-Webcam view (The ability to look through the infected persons webcam)
-Download and execute (Allows you to download and run a program on an infected computer remotely)
-Remote Desktop (Allows you to view the desktop and manipulate the mouse and keyboard of an infected computer)
-Keylogger (Allows you to view everything an infected user has typed, including there usernames and passwords)

Which is the best RAT?
The honest answer is: There is none.

I have used a lot of RATs in my time including blackshades, but my fave RAT is Cerberus which is free.

Please dont post asking "What is the best RAT!?" use your brain and the search feature

How does a RAT work?
A RAT has 2 parts, a server and a client, you use the client to interfere with people on your RAT list, if someone runs your "Server" they will apear on your RAT list. People try to trick others into downloading there RAT server so they can steal passwords and other things.

Is the use of RAT's illegal?
Yes. Infecting someone elses computer is illegal, although hardly anyone ever gets into trouble for RATing. I'v used RAT's for years and never been in any trouble for it, and I'v infected thousands of computers.

Notes:
-A lot of people post "This RAT is apearing as a virus on my anti-virus even though others say its legitimate!" this is because a RAT client creates a server which IS a virus
-Allthough a lot of people test there server on themselves I'd recomend asking a friend to test it for you.
-Please don't call yourself a hacker just because you know how to RAT people...

RAT setup tuts

Dark comet


Cerberus

Blackshades
[RAT]Blackshades NET Complete [Tutorial]
CyberGate
[RAT]How To Setup CyberGate 1.02.0 (THE CORRECT
Port Forwarding

There are so many threads every day asking for someone to port forward for them it's ridiculous, here is how its done:

1. Open your command prompt (Cmd) and type in "Ipconfig" then click enter, scroll up and you should see something saying "Default gateway", next to that it will show your default gateway.

[Image: img1defaultgateway.png]

Note: Your default gateway will begin with either 10, 172 or 192, but it's most likely going to be 192.168.*.* as most networks are class C /24 networks

2. Now type your default gateway into your web browser and you should be presented with a router login screen.

[Image: img2routerloginscreen.png]

Note: Your default login for your router should be on the back of your router, if not try admin as both the username and the password

3. After logging into your router look for the "Port forwarding" or "Advanced options" section, I can't give you precise instructions as there are many different kinds of router

[Image: img3routerportforwardin.png]

4. After following the information on the above picture click "Add" then turn off your router for 30 seconds and turn it back on to reset your router

Spreading

These are the types of spreading I have used over the past few years, they have worked well for me.

E-Whoring
E-Whoring is pretty much pretending to be a female online in chat rooms, post a download link to your server and say that its your "Nude pics" lots of horny 14 year old idiots will download

Fake videos
A fake video is pretty much making a video of a program then uploading the video to youtube, on the download link underneath the video post your download link to your server instead of a download link to the program. It also helps if you ask friends to post on your video saying that its legitimate.

Heres an example of a fake video made by me, not that it has over 100 likes and a lot of comments even though its fake:
http://www.youtube.com/watch?v=IrplF48zg00

Torrenting
Torrenting is by far the best way to spread your server but its hard to get started so alot of people stay away from it, to torrent bind your server with the installation to a game or program and upload it to a torrent site, again getting friends to like and comment on the torrent would be helpful

Java Drive by
A java drive by is a site which you can make to automatically run a program (E.g. your RAT server) on a computer when it visits the site

Other spreading guides:

Crypting

Crypting your server
After creating your RAT server it will be detected as a virus by most anti viruses, this will lose you a LOT of victims, to get around this people use what is called a "Crypter" to make there viruses undetectable to anti-virus software

How does a crypter work?
A crypter works by jumbling code in your server and adding junk code to make the virus undetectable.

Notes:
-FUD means Fully undetectable, a fully undetectable server is undetectable by all anti-viruses
-UD means undetectable, a undetectable server is undetectable by some AV's and detectable by others
-People are unlikely to FUD crypt your server for free as the more users a crypter has the faster it becomes detectable, there are a lot of crypters available for purchase in the marketplace section of hackforums

Thats it for now, I'll continue to add to the guide as I get more suggestions.

Note that this is my first tutorial ever and I'm actually a networking student and a rookie programmer so hacking software isn't realy my speciality, please correct me if I'v made any mistakes.

Please keep this ed and please leave your suggestions if you have any.
Share this article :

2 comments:

  1. nice you have very good explain about rat i have read this article too rat computer virus this guy also share tool with latest update so you can check hop this will be help full for you ;)

    ReplyDelete

 
Support : Creating Website
Copyright © 2012. Your Unofficial Guide - All Rights Reserved
Proudly powered by Blogger