Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Run on linux #10

Open
gfucka opened this issue Jul 25, 2018 · 5 comments
Open

Run on linux #10

gfucka opened this issue Jul 25, 2018 · 5 comments
Labels

Comments

@gfucka
Copy link

gfucka commented Jul 25, 2018

Hi, in the code I see a variable IsLinuxServer.
Does it mean the server can run also on linux?
If yes how can I run it on linux?
Thanks

@AdvancedHacker101
Copy link
Owner

Yes, it does.....
I'm working on a linux version of the server, which is, let's say in beta version, so I could release it sometime.
It's a command line interface, with a server, and a control client app, where the control client controls the infected targets, and the server acts as a "proxy" between the attacker and the target.
I was also working on a MEAN stack web interface to control the clients, but that's incomplete and heavily WIP, but I'm planning on finishing it.
NOTE: It's a separate version of the server written in Python

@gfucka
Copy link
Author

gfucka commented Aug 2, 2018 via email

@AdvancedHacker101
Copy link
Owner

The server written in c# can't just run on linux without any extra effort.
I need to re-write the whole server application in Python (for example).
I know that there is .NET Core which can run c# code on linux, but at the time I didn't know about it.
When it's ready it will be a separate repository on github, and it can run on most OSes which Python can run on.

@gfucka
Copy link
Author

gfucka commented Aug 4, 2018 via email

@AdvancedHacker101
Copy link
Owner

Hey, take a look at Issue #11, this can be the reason the client isn't connecting to your server.

Antivirus Problem

There can be many reasons for this.
I don't think it's signature based, since the client is changing relatively quick, and everybody has his/her own build of the binary.
I think it more has to do with heuristics.
Here are a few things that can be red flag for an AV:

  1. The client instantly starts a TCP connection on port 100
    Port 100 doesn't even have an official assigned service, such as port 80 has HTTP port 443 HTTPS and so on.
  2. Getting the name of the AV
    I read somewhere that this function can also raise a red flag
  3. P/Invokes may raise some red flags also
    Take for example the cd tray opening, or the mouse clicking P/Invoke function.
    Or the function which listens for closing the client.
  4. Static analysis of the binary
    An AV can get the name of the methods, variables contained in the source.
    For ex. uacbypass or password recovery, remote desktop, keylogger.
    The above words can also raise a red flag.

AVs are very different, for example BitDefender flags every .exe file named virus, backdoor, spyware etc.
even if it doesn't contain any actual malware.

Summary

You are free to fork and implement changes, this is the main goal of this project, to play with the R.A.T and get your hands dirty, but I don't want to do it myself.
Reason is, the aim/goal of this project is not to cause harm/damage, but to point out how easy it is to write malware, and learn the different functions of a malware like a R.A.T.
You can learn a lot through writing a program like this:
System functions, networking(TCP), IPC(named pipes), weaknesses of systems and applications, dynamic dll loading, communication across platforms, different OSes etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants