Author Topic: Development of Trojan RAT  (Read 3570 times)

0 Members and 2 Guests are viewing this topic.

Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: Development of Trojan RAT
« Reply #15 on: November 26, 2014, 11:34:24 pm »
Otherwise, replies should be for the OP

...quite right...

@OP; please understand that a RAT is exceedingly simple, in concept.  Essentially, it's nothing more than a common server & client.  You create a server that runs on the target system and awaits a client connection(reverse connections are also possible but that's something for you to explore on your own).  The client then connects to the server and sends information that the server interprets as a command to activate one of its functions.

Study topics(in no particular order): network communication, event loops, argument parsing, running without a window, running as a service, programmatically performing intended tasks... that's pretty much the basics.  Anything beyond that is just adding features of your own design.

Good luck && have fun.  Also, please try not to be destructive.
-Xires

Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: Development of Trojan RAT
« Reply #16 on: November 27, 2014, 12:12:33 am »
Remote Access Trojan + 9000 = Trojan Remote Access Trojan or TRAT.

The 'T' in RAT stands for 'Tool', not 'Trojan'.  So TRAT is 'Trojan Remote Access Tool', which is actually legitimate.  Though, since it's in C#, it's probably going to be Windows-only so..Trojan Windows Access Tool?  Yup, seems about right.
-Xires

Offline 0E 800

  • Not a VIP
  • VIP
  • Baron
  • *
  • Posts: 895
  • Cookies: 131
  • • тнε ιηтεяηεт ιs мү яεcүcℓε-вιη •
    • View Profile
Re: Development of Trojan RAT
« Reply #17 on: November 27, 2014, 04:24:01 am »
Potato potato. I find equal amount of results for both RAT as being remote access trojan and remote access tool. In most cases RDP works well enough for remote access but is not advertised as being a RAT. Whereas most RAT's have more diabolical names and intentions.

Teamviewer which is also a remote access tool is not advertised as being a RAT. For those reasons and because of the top 3 Google results I think its remote access trojan. I did see that it is also referred as remote access tool.

I am not a professional, it just my opinion.
I also think grapefruit is really called greatfruit; its bigger than an orange and its not a grape.

Btw - really enjoyed the play on words :D
« Last Edit: November 27, 2014, 04:32:02 am by 0E 800 »
The invariable mark of wisdom is to see the miraculous in the common.

Offline 0E 800

  • Not a VIP
  • VIP
  • Baron
  • *
  • Posts: 895
  • Cookies: 131
  • • тнε ιηтεяηεт ιs мү яεcүcℓε-вιη •
    • View Profile
Re: Development of Trojan RAT
« Reply #18 on: November 27, 2014, 06:10:00 am »
Well put. I agree whole heartedly.

virii -  around the same time warez and appz and gamez were key terms for ftp searching.
The invariable mark of wisdom is to see the miraculous in the common.

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Development of Trojan RAT
« Reply #19 on: November 27, 2014, 08:06:16 am »
virii -- this must have been created by someone who wasn't quite attentive at his Latin class and thought it would make them sound educated.

Java was part of my undergrad so I understand the JVM

Never heard of any Java course that teaches how the JVM works.
I had a scratch of it in compiler building. But actually, the people who understand the JVM are quite rare.

Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: Development of Trojan RAT
« Reply #20 on: November 27, 2014, 10:57:17 am »
I also think grapefruit is really called greatfruit; its bigger than an orange and its not a grape.

Your logic is undeniable.

Reminds me of that time skids started calling viruses, virii. That almost had a choke hold until reasonable people stood up and said "you're a fucking idiot for using the term". Now a days you just dont see virii used any more. but for about half a decade it was extremely prevalent. and wrong.
virii -  around the same time warez and appz and gamez were key terms for ftp searching.
virii -- this must have been created by someone who wasn't quite attentive at his Latin class and thought it would make them sound educated.

In the 80s & early 90s, at least in the community within which I 'grew up', there was an established difference among those who actually created such software.  Where 'viruses' and 'virii' differed was in the details & techniques.  So 'virii' was used to describe the subset of 'viruses' that were particularly artful in design, especially those which attempted to survive in unpredictable ways.  With similar logic, at the time, the plural of "mouse", referring to non-living devices used as input for computer systems, was "mouses" rather than "mice" because the latter was reserved for living creatures.  To this day, I still have a tendency to differentiate between the terms.
-Xires

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: Development of Trojan RAT
« Reply #21 on: November 27, 2014, 01:28:30 pm »
In the 80s & early 90s, at least in the community within which I 'grew up', there was an established difference among those who actually created such software.  Where 'viruses' and 'virii' differed was in the details & techniques.  So 'virii' was used to describe the subset of 'viruses' that were particularly artful in design, especially those which attempted to survive in unpredictable ways.  With similar logic, at the time, the plural of "mouse", referring to non-living devices used as input for computer systems, was "mouses" rather than "mice" because the latter was reserved for living creatures.  To this day, I still have a tendency to differentiate between the terms.

Interesting. But why is there only a differentiation for the plural and not the singular?
I also think they could have applied a latin plural form that makes more sense.
"viri" is a different word and means "men"
"virii" is not possible, because a word must have the ending -ius to get double ii

Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: Development of Trojan RAT
« Reply #22 on: November 27, 2014, 03:44:13 pm »
As I recall, the trend originally subsided due to media(who also did not differentiate between 'hackers', 'phreakers', 'crackers', etc.) usage of 'viruses' and the growing popularity in the late 90s of the new underground.  The emergence & popularization of publicly released software like Sub7, BackOrifice, NetBus, Cain & Abel, L0pht Crack and more gave power to people that were vastly under-educated and ignorant; script-kiddies.

Around the same time, instant messaging grew in popularity and tons of new software came out to use existing and create new protocols for communication.  This accelerated the spread of malicious code by people who had lost sight of the very real lives behind the computers that they attacked.  Real hacking started to take a back seat and as the skids grew in number, there were far more people being called 'hackers', even without understanding what it actually meant.  This trend tends to continue even today, which is why so many of us are bothered by the hoards of skids bound toward destroying everything that hacking once was.

Toward the beginning of the century, as fear spread and efforts to create better security increased, many archives of viral code began to be shut down.  A few went further into hiding but some were also exposed.  A mixing of topics and vernacular muddled about in chaos for a while until there was an eventual firm split in experience level.  The script-kiddies were condemned by those that actually took some time to learn something and we saw the emergence of new 'crews' and 'groups' like HDC, SoldierX, HackNet, l33tphr34ks, ratpak and more.  Groups & crews began to attack one another, each believing that others embodied aspects of 'skids' and it became a term of slander.

Those that survived grew to some degree and again terminology was coined, intermixed, lost, and exchanged.  Things like 'l34t5p34k' became popular and plagued us all.  As well, the concept of 'old school' emerged and people tried to imitate nearly anyone recognized as such.  Thus, the term 'virii', along with others, saw resurgence before it eventually faded from common use.  The original meaning behind it had been lost and the educated(though not historically-aware) among the newer populations began to condemn its use.  For most, it was a fine price to pay in exchange for the limiting(if not elimination) of 'l34t5p34k'.

These days I have found new disturbing trends of terminology; 'crypter', 'hooking', etc.  As well, some of the kids these days assume any library function itself to be an API.  There is yet much work to be done.
-Xires

Offline d4rkcat

  • Knight
  • **
  • Posts: 287
  • Cookies: 115
  • He who controls the past controls the future. He who controls the present controls the past.
    • View Profile
    • Scripts
Re: Development of Trojan RAT
« Reply #23 on: November 27, 2014, 03:57:25 pm »
As I recall, the trend.... etc etc

Dude, you sound like an old man shaking your fist as kids walk on your lawn.

"get outta here you damn kids with your damn sub7, back in my day we used to hack the BBS with nothing more than a dial up modem and a captain crunch whistle."

Plus this elitism in the hacking scene is my least favorite part of it, why have you gotta be better or different from 'script-kiddies'?

Saying that I do find the history lesson interesting, but common, come back to earth a bit please. If you don't like the ignorance then focus your attention on teaching people, not complaining.
Jabber (OTR required): thed4rkcat@einfachjabber.de    Email (PGP required): thed4rkcat@yandex.com    PGP Key: here and here     Blog

<sofldan> not asking for anyone to hold my hand uber space shuttle door gunner guy.


Offline madf0x

  • Knight
  • **
  • Posts: 172
  • Cookies: 50
    • View Profile
Re: Development of Trojan RAT
« Reply #24 on: November 27, 2014, 04:25:28 pm »
Dude, you sound like an old man shaking your fist as kids walk on your lawn.

"get outta here you damn kids with your damn sub7, back in my day we used to hack the BBS with nothing more than a dial up modem and a captain crunch whistle."

Plus this elitism in the hacking scene is my least favorite part of it, why have you gotta be better or different from 'script-kiddies'?

Saying that I do find the history lesson interesting, but common, come back to earth a bit please. If you don't like the ignorance then focus your attention on teaching people, not complaining.

Umm what do you think he's been doing this whole time? He's educating on how things used to be and how they evolved to how things are now cause he has a fairly rare perspective. If I recall correctly he is in fact a teacher or planning on being one(my memory could be off, this was from a brief conversation on irc a few years back).

As for why you have to be better than script-kiddies, well thats explained pretty much right in the definition of a script-kiddie. They don't understand the underpinnings behind the tools they use and don't care to learn. Curiosity and exploration aren't motivating factors for them at all. The whole mindset of a script kiddie is pretty antithetical to what a hacker is. Not to say a lot of skids can't move beyond that limiting mindset but unfortunately it's pretty rare.

Also I think this thread has derailed off topic. Derailed into a more interesting discussion than the original, but derailed none the less.

Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: Development of Trojan RAT
« Reply #25 on: November 27, 2014, 05:18:33 pm »
Dude, you sound like an old man shaking your fist as kids walk on your lawn.

"get outta here you damn kids with your damn sub7, back in my day we used to hack the BBS with nothing more than a dial up modem and a captain crunch whistle."

Yes, that's pretty accurate.

Plus this elitism in the hacking scene is my least favorite part of it, why have you gotta be better or different from 'script-kiddies'?

Hacking is about learning, first and foremost.  It is, at its very core, in direct opposition to the very concept of 'script-kiddies'.  'Skids', as they're commonly called, are those which do not take the time to learn at all but rather rely upon programs created by others to entertain their 'point, click, hack' lust.  To most of us, it's a direct insult for people to use technology that they do not understand nor care about understanding in order to attack others, especially those undeserving of such an attack.  It's one thing to use scripts or programs for exploratory purposes as grow in the pursuit of knowledge; it's quite a different matter to use them to be destructive without regard for the time, effort and knowledge that has been put into their creation.

Please imagine that you had spent some time learning quite a bit of material and created a tool to make a complex task far easier.  Then you published it to assist others who had reason to use such a utility only to hear a vast number of complaints.  Complaints from people who could care less about your efforts, didn't understand how the tool worked or what it was doing.  These same people didn't even bother searching Google for an explanation or tutorial.  What's worse, is those same people insisting that you are stupid or worthless because you haven't created something that does exactly what they want and how they want.  Would you feel a bit insulted?

Real-world example: http://9v.lt/blog/photobucket-ripper-update/

Of course, people can deal with a situation as described above without too much difficulty; flames to /dev/null & all that.  But what if you worked hard, studying and practicing, and had achieved some sort of status among worthy peers?  Suddenly a large number of people begin discrediting your achievement by making a mockery of all of the effort that you painstakingly went through.  If someone spent 6-8 years in seminary school to attain a meaningful title only to see it rendered moot because people could simply get the same status by going to ulc.org and filling out a form, they would probably find that fairly insulting.  Likewise, real hackers, feel insulted by those who would call themselves the same without regard for the meaning behind the title.

Hacking, again, is about learning, after all.  Those unwilling to learn are therefore disqualified from legitimately calling themselves hackers.  So we created a new title for them.  Hackers ARE different from script-kiddies.  And, as hackers, one should always be trying to better themselves and their knowledge.  Therefore real hackers are also definitively better than script-kiddies.

Yes, it's elitism, but it's constructive elitism.

Saying that I do find the history lesson interesting, but common, come back to earth a bit please. If you don't like the ignorance then focus your attention on teaching people, not complaining.

This is precisely what I focus on.  I teach, tutor, educate, instruct, inform, demonstrate, edify, guide, illuminate, edify, coach, explain, train, 'learnimicate'..and I do so often.  For example, the previous post was a history lesson, as you observed.  Once upon a time this very community was filled with ignorance and as a result of the efforts of the more knowledgeable people here, it has since become a community that promotes learning and understanding.  It is what makes this a "place to be" for those looking to learn.
-Xires

Offline 0E 800

  • Not a VIP
  • VIP
  • Baron
  • *
  • Posts: 895
  • Cookies: 131
  • • тнε ιηтεяηεт ιs мү яεcүcℓε-вιη •
    • View Profile
Re: Development of Trojan RAT
« Reply #26 on: November 27, 2014, 05:42:55 pm »
May you your wick be infinite, that it never burns out. :)

Happy Thanksgiving folks.
The invariable mark of wisdom is to see the miraculous in the common.

Offline d4rkcat

  • Knight
  • **
  • Posts: 287
  • Cookies: 115
  • He who controls the past controls the future. He who controls the present controls the past.
    • View Profile
    • Scripts
Re: Development of Trojan RAT
« Reply #27 on: November 27, 2014, 05:55:41 pm »

Hacking is about learning, first and foremost.  It is, at its very core, in direct opposition to the very concept of 'script-kiddies'.  'Skids', as they're commonly called, are those which do not take the time to learn at all but rather rely upon programs created by others to entertain their 'point, click, hack' lust.  To most of us, it's a direct insult for people to use technology that they do not understand nor care about understanding in order to attack others, especially those undeserving of such an attack.  It's one thing to use scripts or programs for exploratory purposes as grow in the pursuit of knowledge; it's quite a different matter to use them to be destructive without regard for the time, effort and knowledge that has been put into their creation.

Please imagine that you had spent some time learning quite a bit of material and created a tool to make a complex task far easier.  Then you published it to assist others who had reason to use such a utility only to hear a vast number of complaints.  Complaints from people who could care less about your efforts, didn't understand how the tool worked or what it was doing.  These same people didn't even bother searching Google for an explanation or tutorial.  What's worse, is those same people insisting that you are stupid or worthless because you haven't created something that does exactly what they want and how they want.  Would you feel a bit insulted?

Real-world example: http://9v.lt/blog/photobucket-ripper-update/

Of course, people can deal with a situation as described above without too much difficulty; flames to /dev/null & all that.  But what if you worked hard, studying and practicing, and had achieved some sort of status among worthy peers?  Suddenly a large number of people begin discrediting your achievement by making a mockery of all of the effort that you painstakingly went through.  If someone spent 6-8 years in seminary school to attain a meaningful title only to see it rendered moot because people could simply get the same status by going to ulc.org and filling out a form, they would probably find that fairly insulting.  Likewise, real hackers, feel insulted by those who would call themselves the same without regard for the meaning behind the title.

Hacking, again, is about learning, after all.  Those unwilling to learn are therefore disqualified from legitimately calling themselves hackers.  So we created a new title for them.  Hackers ARE different from script-kiddies.  And, as hackers, one should always be trying to better themselves and their knowledge.  Therefore real hackers are also definitively better than script-kiddies.

Yes, it's elitism, but it's constructive elitism.

This is precisely what I focus on.  I teach, tutor, educate, instruct, inform, demonstrate, edify, guide, illuminate, edify, coach, explain, train, 'learnimicate'..and I do so often.  For example, the previous post was a history lesson, as you observed.  Once upon a time this very community was filled with ignorance and as a result of the efforts of the more knowledgeable people here, it has since become a community that promotes learning and understanding.  It is what makes this a "place to be" for those looking to learn.

Ah now I understand what you meant by script-kiddie a bit better.
I totally understand the frustration hackers have with people who don't want to learn the background and just point and hack. It is insulting and it's the same with any field in life, unappreciative people are dicks, always.
I still think we should try to put skids in the deep end, where they can understand whether or not hacking is for them.
Whereas if they never got into the circles where they could learn this shit, they would stay on HF and use all the ub3r1337crypter.exe and continue to think of themselves as hackers.
I don't know if I am making sense. Anyway thanks for explaining that.
Jabber (OTR required): thed4rkcat@einfachjabber.de    Email (PGP required): thed4rkcat@yandex.com    PGP Key: here and here     Blog

<sofldan> not asking for anyone to hold my hand uber space shuttle door gunner guy.


Offline promitheas

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Development of Trojan RAT
« Reply #28 on: January 27, 2015, 10:24:21 pm »
I don't know if this was mentioned in an earlier reply, but I'll say it anyway. Your best bet for this project based on what I believe to be your skill level is to go with python and sockets. Learn about them really well, they are dead useful for a bunch of other things too. I even saved you some research :)
https://docs.python.org/2/howto/sockets.html