A Remote Administration Tool (RAT) is used to remotely access and manage someone’s computer. You can access single or multiple computers together. We can do following tasks:
- Screen/camera capture or control
- File management (download/upload/execute/etc.)
- Shell control (usually piped from command prompt)
- Computer control (power off/on/log off)
- Registry management (query/add/delete/modify)
- Other product-specific function
To working with any RAT you need to create a rat client and to log into server through RAT client and then you can do whatever you want without knowing the user. You can spy easily.
Reverse Connection
RATs that utilize reverse connection have a few major advantages, such as the ones listed below.
- Outgoing connections generally are less threatening, and are less likely to be detected or blocked by a firewall, such as a router.
- Since the victim's computer is connecting to the remote administrator, he or she will not need to know the victim's IP address in order to connect.
- The remote administrator does not need to know to which or how many computers the RAT is being installed on, which allows for mass-distribution.
- If mass-distributed, it is much easier to keep track of the computers the RAT is installed on, since they are all "calling home" by connecting to the remote administrator.
A diagram is shown below (note, it is basically the reverse of direct connection-type RATs:
Func Func
\ / Func Func
[SERVER] \ /
| [SERVER]
| /
| /
| / Func Func
| / \ /
[CLIENT]-----[SERVeR]
Popular RAT Software
- Back Orifice
- Bifrost
- Bandook RAT
- Poison Ivy
- SubSeven
- Team Viewer
- NetBus
- Y3k RAT
- Optix Pro
- Blackshades
No comments:
Post a Comment