Hack and Control someone's PC by RAT
Today I will show you how to Hack and Control PC by the help of RAT. Remote Administration Tool is is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
To make this type of attack possible hackers bind it or distribute and get it install on the victim's computer.After installation of server file hacker can control victim's computer mouse to webcam and many more thing sitting thousand miles away.
Below I will mention about some famous RAT and their features. If you want you can download them from their respective site.
1. Netbus
NetBus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.
There are two components to the client–server architecture. The server must be installed and run on the computer that should be remotely controlled. It was an .exe file with a file size of almost 500 KB.
Features
- Keystroke logging
- Keystroke injection
- Screen captures
- Program launching
- File browsing
- Shutting down the system
- Opening / closing CD-tray
- Tunneling protocol (NetBus connections through a number of systems.)
ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool). As with other trojan horses it uses a client and server.
ProRat opens a port on the computer which allows the client to perform numerous operations on the server (the machine being controlled). ProRat is known for its server to be almost impossible to remove without up-to-date antivirus software.
Features
Beast is a Windows-based backdoor trojan horse, more commonly known in the underground hacking community as a Remote Administration Tool or RAT. It is capable of infecting versions of Windows from 95 to 8.1.
Features
- Logging keystrokes
- Stealing passwords
- Full control over files
- Drive formatting
- Open/close CD tray
- Hide taskbar, desktop, and start button
- Writing on-screen
- Movement of cursor
- Feed the cat
- Take screenshots
- View system information
- View webcam
- Download & run files
- Password Protect your bound server from being used by anyone else
Beast is a Windows-based backdoor trojan horse, more commonly known in the underground hacking community as a Remote Administration Tool or RAT. It is capable of infecting versions of Windows from 95 to 8.1.
It used the typical client–server model where the client would be under operation by the attacker and the server is what would infect the victim. Beast was one of the first trojans to feature a reverse connection to its victims, and once established it gave the attacker complete control over the infected computer. It mainly targeted three infection sites:
- C:\Windows\msagent\ms****.com (Size ranging from 30KB to 49KB)
- C:\Windows\System32\ms****.com (Size ranging from 30KB to 49KB)
- C:\Windows\dxdgns.dll or C:\Windows\System32\dxdgns.dll (Location dependent on attacker's choice)
On a machine running Windows XP, removal of these three files in safe mode with system restore turned off would disinfect the system.
The default ports used for the direct and reverse connections were 6666 and 9999 respectively, though the attacker had the option of changing these. Beast came with a built-in firewall bypasser and had the ability of terminating some Anti-Virus or firewall processes. It also came with a binder that could be used to join two or more files together and then change their icon.
Features
The default ports used for the direct and reverse connections were 6666 and 9999 respectively, though the attacker had the option of changing these. Beast came with a built-in firewall bypasser and had the ability of terminating some Anti-Virus or firewall processes. It also came with a binder that could be used to join two or more files together and then change their icon.
Features
- Direct or Reverse connection option
- DLL injection location (e.g. explorer.exe)
- Server name change option
- Server installation directory (e.g. <windir>)
- Various IP and Server info notification options (e.g. email, icq, cgi, etc.)
- Startup keys selection
- Anti-Virus and firewall killing
- Other miscellaneous options (e.g. automatic server file deletion, fake error messages, offline keylogger, icon changer, etc.)
- File Manager – along with browsing victim's directories it could upload, download, delete, or execute any file
- Remote Registry Editor
- Screenshot and Webcam capture utility
- Services, Applications, and Processes Managers, providing the ability of terminating or executing any of these
- Clipboard tool that could get currently stored strings
- Passwords tool capable of recovering any stored passwords in the victim's computer
- Power Options (e.g. shutdown, reboot, logoff, crash, etc.)
- Some tools mainly for creating nuisance (e.g. mouse locking, taskbar hiding, CD-ROM operator and locker, URL opener, wallpaper changer, etc.)
- Chat client providing communication between the attacker and the victim
- Other tools such as a Remote IP scanner, live keylogger, offline logs downloader, etc.
- Server Controls (e.g. server deleter, updater, terminator, info provider, etc.)
4. SubSeven
SubSeven, is a remote administration tool/trojan program (RAT—where the "T" can have a dual meaning in this case). Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
Because its typical use is to allow undetected and unauthorized access, Sub7 is usually described as a trojan horse by security experts.
SubSeven, is a remote administration tool/trojan program (RAT—where the "T" can have a dual meaning in this case). Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
Because its typical use is to allow undetected and unauthorized access, Sub7 is usually described as a trojan horse by security experts.
Additionally Sub7 has some features deemed of little use in legitimate remote administration like keystroke logging.
Sub7 worked on the Windows 9x and on the Windows NT family of operating systems, up to and including Windows 8.1
Features
Sub7 worked on the Windows 9x and on the Windows NT family of operating systems, up to and including Windows 8.1
Features
- recording:
- sound files from a microphone attached to the machine
- images from an attached video camera
- screen shots of the computer
- retrieving a listing of recorded and cached passwords
- taking over an ICQ account used on the target machine (back then the most popular messaging service); added in version 2.1. This included the ability to disable the local use of the account and read the chat history
- features which were presumably intended to be used for prank or irritating purposes including:
- changing desktop colors
- opening and closing the optical drive
- swapping the mouse buttons
- turning the monitor off/on
- "text2speech" voice synthesizer which allowed the remote controller to have the computer "talk" to its user
- penetration testing features, including a port scanner and a port redirector.
Instuctions
- Remember one thing "To run a VIRUS you need a HUMAN BEING".
- This tutorial is only for Educational Purposes,do not use it to Hack someone PC.
