Here is an introduction to Remote administration tools. These are generally called RATs, and yes they have a vicious bite. although this page doesn’t teach you how to blast open a RAT straight away, here you will learn everything you will need to start a ‘plague’. RATs form an entire class of hacking including trojan infections, backdoors etc. But to go further, we need to clear up the basics first so, here we go.
What’s a RAT?
RAT = Remote Administration Tool. It is mostly used for malicious purposes, such as controlling remote PC’s, stealing victims data, deleting or editing some files. One can infect someone else by sending them a file called “Server”. If and when this server file is opened, it burrows itself deep in the system and starts to run in the background. Further, it may also send the attacker a message every time it is active like when a computer is turned on.
How are they spread?
Some RATs can spread over P2P (peer to peer) file sharing services (Torrents, mostly..), messenger and email spams(MSN, Skype, AIM etc.) while other may tag along hiding behind some other software. The user installs something, clicks “Next” 5 times and voila! Without anyone ever finding out the RAT has compromised a system.
How is the server controlled?
Once installed, the RAT server can be controlled via what’s called a RAT client. Basically it’s just an application that tracks your RAT’s movements. It tells you how many systems are infected, information on their system, versions of OS and other softwares, their IP address etc. It shows a whole list of IP addresses which may be connected to immediately. After connecting, you can make the computer do pretty much anything (except maybe, do hula dance XD) - Send a keylogger, uninstall their antivirus, crash the system etc.
What is port forwarding?
If you’re a gamer or are used to downloading torrents, you must’ve heard “Port Forwarding” as a way to increase download speeds, reduce lag etc. Port forwarding is the redirecting of computer signals to follow specific electronic paths into your computer.If the computer signal can find its way into your computer a few milliseconds quicker, it will add up to be a possibly dramatic speed increase for your game or your downloading. Don’t start jumping around just yet, your internet connection is probably already optimized for maximum performance (It is so, by default).
Let’s take an example: That pencil-thin network cable (that goes into the network adapter) at the back of your computer contains 65,536 microscopic pathways inside it. Your network cable is just like a major highway, except your network cable has freaking 65,536 lanes, and there is a tollboth on each lane. We call each lane a ‘port’.(FYI, 2^16 = 65,536. So, that tells us 2 bytes = 16 bits in all is sort of the “width” of network cables, which gives us 65,536 different possible combinations - hence the same number of ports.)
Your internet signal is comprised of millions of tiny little cars that travel on these 65,536 lanes. We call these little cars “transfer packets”. Computer transfer packets can travel very quickly (just under the speed of light actually), but they do observe a stop-and-go set of rules, where they are required to stop at each major network intersection as if it were a border crossing between countries, or connecting to a different ISP. At each intersection, the packet must do three things:
►Find an open port,
►Pass the identification test that will allow it through that port, and if not,
►Move to the next port and try again, until it is allowed to pass through the toll.
In some cases, packets sent by hackers will be caught and held at the intersection, where they will then be dissolved into random electrons. When this happens, it is called “packet filtering” or “packet sniping”. Likewise, if a hacker gains control of a much used port, he can control every bit of information that passes through it - Read it, modify or even delete.
All in all, Port forwarding is when you command your network router to proactively identify and redirect every packet to travel on specific electronic lanes. Instead of having every packet stop at each port in turn until it finds an open port, a router can be programmed to expedite the process by identifying and redirecting packets without having them stop at each port. Your router then acts like a type of hyper-fast traffic policeman who directs traffic in front of the tollbooths.
Can an antivirus catch a RAT?
Yes. Actually, Hell Yes! As a hacker, you will find antiviruses blocking your path at every damn step. (But we are white hats, right? No matter how annoying, it’s there to protect us, so be happy). But, like every problem, this too has a solution - Encryption. It’s called making your server “FUD” - Fully Undetectable. For example, typical encrypted formats, say password protected .zip or .rar files (if they contain malicious softwares) can be caught by an AntiVirus. Making a program FUD does pretty much the same thing, except it does so like a drunkard with OCD (Obsessive-compulsive disorder). What I mean is, running the software through an encryption program again and again so that nothing can recognize what it is and it can pass off as random harmless noise. Something called “Hex Editing” is a well known way to go about doing this. This is a whole different topic in itself. So, more on this later.
Legal or illegal?
Well, some RATs are legal, and some are not. Legal are the ones without a backdoor, and they have abillity to close connection anytime.(Backdoor is something that gives the attacker access to the victim’s system without their knowledge). Plus these are not really referred to as RAT’s, that’s just our (hacker’s) dirty language 🙂 Illegal ones are used for hacking and they may possibly steal data (or worse).
A few examples are written below:
►TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
►UltraVNC – Remote support software for on demand remote computer support.
►Ammyy Admin – Like TeamViewer, Ammyy Admin is another reliable and friendly tool for remote computer access.
►Mikogo – Mikogo is an Online Meeting, Web Conferencing, Remote Support tool where you can share your screen with several participants in real-time over the Web.
The above tools while very useful and very legal, require a green light from both the parties involved. That’s the main difference between the ones above and the ones below:
Illegal (or barely legal):
These are all used for one purposes - Causing trouble, to say the least. RATs like the ones above are meant to be stealthily. After all, no hacker will want their victims to get a message like: “Congratulations! You have been infected!”(Or maybe let the AntiVirus find it). Use any of these on an actual victim, and you will get a ticket to jail, or at least a fine. But these are actually used, and mostly without anyone ever suspecting anything wrong. The thing is, hacking is becoming much more of a serious business than a game. A RAT that simply crashes the OS or formats the hard disk gives nothing to the attacker, So why bother doing it in the first place ? RATs today are evolving (pun unintended). They are becoming more like “parasites” instead of predators.
They may be used for DDOSing (by creating massive botnets with tens of thousands of slave computers), clicking ads in the background(the usual click fraud), increasing blog and youtube “views”, even using the compromised systems to “earn money online”, by pushing surveys, exploiting the websites which offer a pay-per-install model, even “mining” bitcoins (Bitcoins are just a fancy new online currency. Bitcoins can be earned by devoting CPU power, then converted into real money, hence their potential exploitation by using RATs). (Don’t bother googling this. Like every “Online money making” offer, whether it works or not, this too is a waste of your time. No offence to the BitCoin Foundation :-D)
Whats DNS host?
The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
What all can a RAT do?
Here is list of basic features:
• Manage files. (Delete/Modify)
• Control web browser(Change homepage, open a website etc.)
• Get system informations(OS Version, AV name, RAM Memory, Computer name, Network Addresses etc.)
• Get passwords, CC numbers or private data etc. (via Keylogger)
• View and control remote desktop (Take screenshot or a snap from the webcam)
• Record camera, sound (Control mic and camera)
• Control mouse, keyboard input.
• Pretty much everything you can do on your own computer, except play GTA V remotely. (Although technically, you can do that too)