EvilZone
Hacking and Security => Hacking and Security => : pebcak February 28, 2014, 04:13:53 PM
-
Looking for ideas on implementing a RAT, allowing access to my Ubuntu machines in case of theft, and/or just for giggles.
I have a domain ready to go, but I have no clue how to go about setting this up.
-
Looking for ideas on implementing a RAT, allowing access to my Ubuntu machines in case of theft, and/or just for giggles.
I have a domain ready to go, but I have no clue how to go about setting this up.
Ugh.
You don't have any linux experience do you ?
This is a typical windows point of view.
Just setup a reverse SSH shell that always connects back to point x.
Fucking forget the term "RAT" not only because it pisses me off but coz *nix is built this very principle.
Logging onto a remote terminal etc etc.
What the fuck go read book.
*some other lines that Im too lazy to write*
-
Yeah basically what Proxx said is all you need. Since you opt to use linux, then you should use linux tools and forget about RATs. SSH is basically the tool you want to use, but in case of theft, I would recommend projects such as http://preyproject.com/ that are built specifically for that purpose.
-
Fucking forget the term "RAT" not only because it pisses me off but coz *nix is built this very principle.
Exactly!! damn its stings inside, i dont know why, but it does every time I hear/read RAT... geez even netcat can do the trick, but proxx is spot on.
-
I will sort of HiJack this thread and take it on a different direction, the one I thought the thread was about.
What about making a "RAT" for Linux?
Sure you can configure SSH or telnet and just use it, but what about an "hidden" connection? Create another SSH/telnet user that can only be seen by a certain user or edit/add .php files being ran by Apache to allow remote control (I believe this would have to be a poorly configured server)
I do believe all these files need to be sudo'd in order to be edited, so unless there's a jailbreak or you "bind it" should be impossible.
Care to comment?
-
Sounds like a job for a rootkit if stealth is an issue.
-
Try using metasploit to create a backdoor
http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Backdoor
just use payload/linux/x86/meterpreter/reverse_tcp :P
-
Try using metasploit to create a backdoor
http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Backdoor (http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Backdoor)
just use payload/linux/x86/meterpreter/reverse_tcp :P
I suggest not doing that because of the dangers involved.
Giving yourself a way into anything means giving someone else a potential entrance.
Especially with just a plain TCP reverse shell.
Would personally configure a second SSH(d) running on some obscure UDP port connecting back to a central point isolated in jail or something along those lines.
-
Would personally configure a second SSH(d) running on some obscure UDP port connecting back to a central point isolated in jail or something along those lines.
This is what I was talking about. The thing is you would still have to have the port not reply/firewalled (in case of an NMAP scan), which means you would probably also need to configure something on iptables, but then again the configuration would pop up and would be noticeable if you ever got hacked.
-
http://jrat.su/ works on almost every OS that running java. You could also use netwire and it could be found here: http://www.worldwiredlabs.com/netwire_/
-
HA!
I must have been blasted out of my fucking gourde to post shit like this.
The correct answer to my question was, "Don't run *nix as a host machine...ever, you fucking fuck."
-
I was just going to mention Prey.
https://preyproject.com/
-
There are tons of ways instead of "Rating" your self, lmao.
SSH, VNC, etc
-
Yeah basically what Proxx said is all you need. Since you opt to use linux, then you should use linux tools and forget about RATs. SSH is basically the tool you want to use, but in case of theft, I would recommend projects such as http://preyproject.com/ (http://preyproject.com/) that are built specifically for that purpose.
Thanks for introducing this, gonna use it. Its nothing new but cool to see shit like this for nix.
[update] I just tried using prey on my ubuntu machine and its a bitch to setup.
Software repo doesn't install it. So you have to cd /usr/lib/prey/current/bin/ && sudo ./prey config gui. Now it'll run only when you run the script. Restart and it won't run, you have to set it to run on boot.
-
Thanks for introducing this, gonna use it. Its nothing new but cool to see shit like this for nix.
[update] I just tried using prey on my ubuntu machine and its a bitch to setup.
Software repo doesn't install it. So you have to cd /usr/lib/prey/current/bin/ && sudo ./prey config gui. Now it'll run only when you run the script. Restart and it won't run, you have to set it to run on boot.
Yeah, but that's linux...
-
Thanks for introducing this, gonna use it. Its nothing new but cool to see shit like this for nix.
[update] I just tried using prey on my ubuntu machine and its a bitch to setup.
Software repo doesn't install it. So you have to cd /usr/lib/prey/current/bin/ && sudo ./prey config gui. Now it'll run only when you run the script. Restart and it won't run, you have to set it to run on boot.
The problem is between chair and screen.
-
Yeah basically what Proxx said is all you need. Since you opt to use linux, then you should use linux tools and forget about RATs. SSH is basically the tool you want to use, but in case of theft, I would recommend projects such as http://preyproject.com/ that are built specifically for that purpose.
nice share +1
-
https://github.com/mncoppola/suterusu linux rootkit
-
The problem is between chair and screen.
This really can't be taught enough to the folks here who post these kinds of threads/questions. OP may not even know what a rootkit is. Hell, they may not even know what SSH is, but the best way to go about solving the issue is to think of what you want to accomplish and figure out the tools you'll need to get that done.
This is a positive side-effect of a common unix philosophy called "KISS", which stands for "Keep it simple, stupid." When you have a task that needs to get done (in your case remote administration) the working end-result will often be a multi-component solution with each piece of software having their own straightforward purpose.
It will almost never be a single huge file you download off of the internet, w/ a next-next-finish interface, that'll let you open up built in text-to-speech software on your friends computer over the internet. Sorry to break it to you. :-\
-
This really can't be taught enough to the folks here who post these kinds of threads/questions. OP may not even know what a rootkit is. Hell, they may not even know what SSH is, but the best way to go about solving the issue is to think of what you want to accomplish and figure out the tools you'll need to get that done.
This is a positive side-effect of a common unix philosophy called "KISS", which stands for "Keep it simple, stupid." When you have a task that needs to get done (in your case remote administration) the working end-result will often be a multi-component solution with each piece of software having their own straightforward purpose.
It will almost never be a single huge file you download off of the internet, w/ a next-next-finish interface, that'll let you open up built in text-to-speech software on your friends computer over the internet. Sorry to break it to you. :-\
KISS is a good philosophy on life, but you would be surprised how often even highly knowledgeable people miss something simple, ive done it, and had it pointed out to me. I've done it, and figured out days weeks months or years later that holy shit i could have done that so much easier/faster with knowledge i already had...or ive also pointed it out to others. Not saying we dont have a lot of questions here that should have been googled first, then maybe clarified here after. but his orginal post didnt seem totally off base, just that he didnt realize their was so many utilities built in that could do what he was looking for. In other words he may be new to linux, but is at least familiar enough with what he wanted to do windows wise, but wasnt sure about how to do it in linux, and the terminology he used may have been problematic for searching. So i dont see this one as "obviously dumb" as you seem to be implying. To give a good example of this...
A while back (re years ago) i was a member of one of those DIY/self help forums, it was one of the larger ones and i enjoyed the layout, and the fact that over all the people contributing knowledge were very much in the know. For instance i got some car help that i had NOT yet been able to figure out on my own, or with google, that some seriously experienced mechanics helped me to find the solution. Obviously one of the areas i helped in constantly was the computer section. Anyway someone came with the the age old "i forgot my password to my server...uh oh" and by the time i got to it their had been ~5 or so replys on different ways they could break into this windows 2k server without FUBARing it or otherwise destroying data, some of them were...insanely detailed. In other words they were not dumb responses in the sense of right or wrong, every one of them showed a great deal of familiarity with the OS/what the user needed. But every one of them took at least 30 minutes to implement. In comes my post "just use a recovery disk like bartpe(+ link)" chorus from all the sysadmins before me "oh shit why didnt i think of that...". It is not always lack of knowledge, but a difference in viewpoint that makes all the difference. People here posted to shift his viewpoint on what he was looking to do, and im sure (assuming he came back to look at this thread again, which im guessing he did) he learned a lesson.
-
Perhaps you're right Darkvision, I got a little carried away with that post (but i didn't feel like deleting it in the end :D ). OP, after re-reading the thread it seems I wasn't even interested in discussion, but you've come to the conclusion that you shouldn't ever worry about setting up a backdoor on a linux machine, and only focus on Windows boxes? (I'm pretty sure that's what you meant anyways) I'd have to ask what about when you r00t that *nix server and you have practiced setting up hidden remote access in only Windows environments? This doesn't fit the original use-case of fucking around w/ your friends computer but maybe the original question wasn't as dumb as you thought it was. :D
Also, my pevious irritation was aimed at "jitterbud" not you m8.
-
Well I agree with most on the RAT discussion. You should take a look at Veil Framework if you wanna build a payload quickly with little detections. There are some pretty good tutorials on how to use it as well as there own information on there website. Just throwing it out there.
-
ssh
</thread>