C-Sharp-R.A.T-Client icon indicating copy to clipboard operation
C-Sharp-R.A.T-Client copied to clipboard
verified publisher icon AdvancedHacker101

Run on linux

Open gfucka opened this issue 7 years ago • 5 comments

Hi, in the code I see a variable IsLinuxServer. Does it mean the server can run also on linux? If yes how can I run it on linux? Thanks

gfucka avatar Jul 25 '18 10:07 gfucka

Yes, it does..... I'm working on a linux version of the server, which is, let's say in beta version, so I could release it sometime.
It's a command line interface, with a server, and a control client app, where the control client controls the infected targets, and the server acts as a "proxy" between the attacker and the target. I was also working on a MEAN stack web interface to control the clients, but that's incomplete and heavily WIP, but I'm planning on finishing it. NOTE: It's a separate version of the server written in Python

AdvancedHacker101 avatar Jul 27 '18 09:07 AdvancedHacker101

Thank for you answer. I don't understand are you working to a linux server but it is not yet on github?

Il giorno ven 27 lug 2018 alle ore 11:52 Advanced Hacker 101 < [email protected]> ha scritto:

Yes, it does..... I'm working on a linux version of the server, which is, let's say in beta version, so I could release it sometime. It's a command line interface, with a server, and a control client app, where the control client controls the infected targets, and the server acts as a "proxy" between the attacker and the target. I was also working on a MEAN stack web interface to control the clients, but that's incomplete and heavily WIP, but I'm planning on finishing it. NOTE: It's a separate version of the server written in Python

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client/issues/10#issuecomment-408371134, or mute the thread https://github.com/notifications/unsubscribe-auth/AGet1dhJH7ClBK1hTYVs5nxkvDSSEGn7ks5uKuL5gaJpZM4Vf1KX .

-- Dott. Giosia Gentile

gfucka avatar Aug 02 '18 14:08 gfucka

The server written in c# can't just run on linux without any extra effort.
I need to re-write the whole server application in Python (for example).
I know that there is .NET Core which can run c# code on linux, but at the time I didn't know about it.
When it's ready it will be a separate repository on github, and it can run on most OSes which Python can run on.

AdvancedHacker101 avatar Aug 04 '18 18:08 AdvancedHacker101

Thank you for answer I try to run it on Linux with mono, it start and also listen on port 100, but when a client connect there are some exceptions and it stop.

I have another question to you. Sorry for all the questions but your work is very good and I want understand more. I create the client exe and I make a scan with antivirus it is recognised as malware...why? Do you yet know this??

Thanks

Il sab 4 ago 2018, 20:57 Advanced Hacker 101 [email protected] ha scritto:

The server written in c# can't just run on linux without any extra effort. I need to re-write the whole server application in Python (for example). I know that there is .NET Core which can run c# code on linux, but at the time I didn't know about it. When it's ready it will be a separate repository on github, and it can run on most OSes which Python can run on.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client/issues/10#issuecomment-410470441, or mute the thread https://github.com/notifications/unsubscribe-auth/AGet1dA414KjQcV2D2g5sw3mHd75fOdyks5uNe6WgaJpZM4Vf1KX .

gfucka avatar Aug 04 '18 19:08 gfucka

Hey, take a look at Issue #11, this can be the reason the client isn't connecting to your server.

Antivirus Problem

There can be many reasons for this.
I don't think it's signature based, since the client is changing relatively quick, and everybody has his/her own build of the binary.
I think it more has to do with heuristics.
Here are a few things that can be red flag for an AV:

  1. The client instantly starts a TCP connection on port 100
    Port 100 doesn't even have an official assigned service, such as port 80 has HTTP port 443 HTTPS and so on.
  2. Getting the name of the AV I read somewhere that this function can also raise a red flag
  3. P/Invokes may raise some red flags also
    Take for example the cd tray opening, or the mouse clicking P/Invoke function.
    Or the function which listens for closing the client.
  4. Static analysis of the binary
    An AV can get the name of the methods, variables contained in the source.
    For ex. uacbypass or password recovery, remote desktop, keylogger.
    The above words can also raise a red flag.

AVs are very different, for example BitDefender flags every .exe file named virus, backdoor, spyware etc. even if it doesn't contain any actual malware.

Summary

You are free to fork and implement changes, this is the main goal of this project, to play with the R.A.T and get your hands dirty, but I don't want to do it myself.
Reason is, the aim/goal of this project is not to cause harm/damage, but to point out how easy it is to write malware, and learn the different functions of a malware like a R.A.T.
You can learn a lot through writing a program like this:
System functions, networking(TCP), IPC(named pipes), weaknesses of systems and applications, dynamic dll loading, communication across platforms, different OSes etc.

AdvancedHacker101 avatar Aug 05 '18 10:08 AdvancedHacker101