Author Topic: Linux RAT  (Read 10337 times)

0 Members and 1 Guest are viewing this topic.

Offline pebcak

  • /dev/null
  • *
  • Posts: 10
  • Cookies: 2
    • View Profile
Linux RAT
« on: February 28, 2014, 04:13:53 pm »
Looking for ideas on implementing a RAT, allowing access to my Ubuntu machines in case of theft, and/or just for giggles.

I have a domain ready to go, but I have no clue how to go about setting this up.


Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Linux RAT
« Reply #1 on: February 28, 2014, 04:20:32 pm »
Looking for ideas on implementing a RAT, allowing access to my Ubuntu machines in case of theft, and/or just for giggles.

I have a domain ready to go, but I have no clue how to go about setting this up.
Ugh.

You don't have any linux experience do you ?
This is a typical windows point of view.

Just setup a reverse SSH shell that always connects back to point x.
Fucking forget the term "RAT" not only because it pisses me off but coz *nix is built this very principle.
Logging onto a remote terminal etc etc.
What the fuck go read book.
*some other lines that Im too lazy to write*
« Last Edit: February 28, 2014, 04:21:09 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Linux RAT
« Reply #2 on: February 28, 2014, 05:27:57 pm »
Yeah basically what Proxx said is all you need. Since you opt to use linux, then you should use linux tools and forget about RATs. SSH is basically the tool you want to use, but in case of theft, I would recommend projects such as http://preyproject.com/ that are built specifically for that purpose.

Offline b0whunter

  • Serf
  • *
  • Posts: 41
  • Cookies: 11
  • The finest sword plunged into salt water will rust
    • View Profile
    • My journal
Re: Linux RAT
« Reply #3 on: March 02, 2014, 11:47:49 pm »

Fucking forget the term "RAT" not only because it pisses me off but coz *nix is built this very principle.


Exactly!! damn its stings inside, i dont know why, but it does every time I hear/read RAT... geez even netcat can do the trick, but proxx is spot on.
“Engage people with what they expect; it is what they are able to discern and confirms their projections. It settles them into predictable patterns of response, occupying their minds while you wait for the extraordinary moment — that which they cannot anticipate.”
― Sun Tzu, The Art of War

Offline I_Learning_I

  • Knight
  • **
  • Posts: 267
  • Cookies: 26
  • Nor black or white, not even grey. What hat am I?
    • View Profile
    • Hacking F0r Fr33
Re: Linux RAT
« Reply #4 on: March 03, 2014, 12:51:10 am »
I will sort of HiJack this thread and take it on a different direction, the one I thought the thread was about.

What about making a "RAT" for Linux?
Sure you can configure SSH or telnet and just use it, but what about an "hidden" connection? Create another SSH/telnet user that can only be seen by a certain user or edit/add .php files being ran by Apache to allow remote control (I believe this would have to be a poorly configured server)

I do believe all these files need to be sudo'd in order to be edited, so unless there's a jailbreak or you "bind it" should be impossible.

Care to comment?
Thanks for reading,
I_Learning_I

Offline c64

  • /dev/null
  • *
  • Posts: 6
  • Cookies: 0
    • View Profile
Re: Linux RAT
« Reply #5 on: March 03, 2014, 03:49:33 am »
Sounds like a job for a rootkit if stealth is an issue.

Offline Fl0urite

  • /dev/null
  • *
  • Posts: 15
  • Cookies: -16
    • View Profile
Re: Linux RAT
« Reply #6 on: March 03, 2014, 08:52:36 am »
Try using metasploit to create a backdoor
 http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Backdoor
just use payload/linux/x86/meterpreter/reverse_tcp :P
If you feel my post was interesting or stood out, give me a cookie!

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Linux RAT
« Reply #7 on: March 03, 2014, 09:26:52 am »
Try using metasploit to create a backdoor
 http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Backdoor
just use payload/linux/x86/meterpreter/reverse_tcp :P
I suggest not doing that because of the dangers involved.
Giving yourself a way into anything means giving someone else a potential entrance.
Especially with just a plain TCP reverse shell.

Would personally configure a second SSH(d) running on some obscure UDP port connecting back to a central point isolated in jail or something along those lines.
« Last Edit: March 03, 2014, 09:27:30 am by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline I_Learning_I

  • Knight
  • **
  • Posts: 267
  • Cookies: 26
  • Nor black or white, not even grey. What hat am I?
    • View Profile
    • Hacking F0r Fr33
Re: Linux RAT
« Reply #8 on: March 03, 2014, 09:04:17 pm »
Would personally configure a second SSH(d) running on some obscure UDP port connecting back to a central point isolated in jail or something along those lines.
This is what I was talking about. The thing is you would still have to have the port not reply/firewalled (in case of an NMAP scan), which means you would probably also need to configure something on iptables, but then again the configuration would pop up and would be noticeable if you ever got hacked.
Thanks for reading,
I_Learning_I

Offline qwk

  • NULL
  • Posts: 4
  • Cookies: -1
    • View Profile
Re: Linux RAT
« Reply #9 on: March 16, 2014, 05:42:24 pm »
http://jrat.su/ works on almost every OS that running java. You could also use netwire and it could be found here: http://www.worldwiredlabs.com/netwire_/

Offline pebcak

  • /dev/null
  • *
  • Posts: 10
  • Cookies: 2
    • View Profile
Re: Linux RAT
« Reply #10 on: May 12, 2015, 04:13:41 pm »
HA!

I must have been blasted out of my fucking gourde to post shit like this.

The correct answer to my question was, "Don't run *nix as a host machine...ever, you fucking fuck."


Offline 0E 800

  • Not a VIP
  • VIP
  • Baron
  • *
  • Posts: 895
  • Cookies: 131
  • • тнε ιηтεяηεт ιs мү яεcүcℓε-вιη •
    • View Profile
Re: Linux RAT
« Reply #11 on: May 12, 2015, 06:40:55 pm »
I was just going to mention Prey.

https://preyproject.com/

The invariable mark of wisdom is to see the miraculous in the common.

Offline r3verend

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: Linux RAT
« Reply #12 on: May 13, 2015, 11:57:30 am »
There are tons of ways instead of "Rating" your self, lmao.
SSH, VNC, etc

Offline jitterbud

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 0
    • View Profile
Re: Linux RAT
« Reply #13 on: May 15, 2015, 02:36:39 pm »
Yeah basically what Proxx said is all you need. Since you opt to use linux, then you should use linux tools and forget about RATs. SSH is basically the tool you want to use, but in case of theft, I would recommend projects such as http://preyproject.com/ that are built specifically for that purpose.
Thanks for introducing this, gonna use it. Its nothing new but cool to see shit like this for nix.
[update] I just tried using prey on my ubuntu machine and its a bitch to setup.
Software repo doesn't install it. So you have to cd /usr/lib/prey/current/bin/ && sudo ./prey config gui. Now it'll run only when you run the script. Restart and it won't run, you have to set it to run on boot.
« Last Edit: May 15, 2015, 02:54:18 pm by jitterbud »

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Linux RAT
« Reply #14 on: May 15, 2015, 02:56:48 pm »
Thanks for introducing this, gonna use it. Its nothing new but cool to see shit like this for nix.
[update] I just tried using prey on my ubuntu machine and its a bitch to setup.
Software repo doesn't install it. So you have to cd /usr/lib/prey/current/bin/ && sudo ./prey config gui. Now it'll run only when you run the script. Restart and it won't run, you have to set it to run on boot.
Yeah, but that's linux...