Heya guys, im programming a remote administration tool in visual basic at the moment, what would you guys want to see on top of what I have already, I have:

File control
Directory Control
Download from http
Run
Mouse control
Chat
Forced Chat
Message
Cd control
Reverse Connect
Password recovery
Violate (makes the screen flash different colours)
Log off / shutdown / forced shutdown / reboot etc etc
File transfers
Screenshot - In progress

I will not allow any permanent damage so anyone that says "I wAnTXOR tO FuXoR bOxs" will most likely be deleted from GSO, the admins will not tolerate it and neither will I, you will be reported.

Thanks for your suggestions!

Hey chris, i got a good idea/feature...

see, i use 2 laptops, they are both close to me, 1 acts as a server/router. and the one im one acts as my main computer

Sometimes i listen to music but i want to use headphones... sooo....
the problem here is that my main laptop has a broken headphone jack, so if you could add remote music playing so i could plug my headphones into my router and puase play, list load, music load, remotley, that would be cool.

Also dont forget to allow whielisting IP's, dont want those uber haxors to control the music i listen too...

i think that it may be nice to add running processes and services listing...i liked this feature in optix..

so IDE you fancy streaming audio, yeah? Im not sure if its possible but over a network I dont see why I cant just send each song and put it in a temp folder and delete it once you have listened to it. I will look into it - good whitehat use. As for the whitelisting IP's this is non applicable as this is a reverse connect only RAT. I recommend setting up a no-ip domain and using that. As for processes and services I should be able to do processes but as for services im at a loss (anyone?).

dunno if it will be any help to you...but here's the link how to enumerate services in vb

http://www.devx.com/vb2themax/Tip/19044

sounds good if i was you i would remove the silly features like "cd control" and "Violate" and go for more professional features such as webcam viewer, screenshot, keylogger, file manager, window manager stuff like that

The silly features are just adding bulk for the moment, they are only around 1 or 2 lines long each so its not too bad. Need to get the server builder sorted soon. Cheers for the link Da_cash. I will try my best to add service support but im not promising anything!

Edit: Looking hopefull

This may be asking for a bit much, but could you offer sniffing capabilities for the network the remote pc is on?

i would like to see it stealth with no hooks

no no chris, you misunderstood

see my main computer(comp A) has a broken headphone jack.
my router(computer has a working one...

I always leave computer b closed so its difficult to start/stop/choose audio files to play.

The point is i want to use my headphones. So i just want to remote control the files to play(from computer A to , but they will still play locally on computer B.

laptops have easy to break headphone jacks, the goal here is to use the working one... while controlling from the broken one

look out with B[b][/b]) ... it gets parsed as
btw hmm nice..

btw..
Password recovery <-- Windows account ? or more like IM ?
new features hmm.. can't think of any..but will shout if I know something..

Serhat

hmm, webcam feature would be nice
and uninstall (!) and maybe server update feature
some fun stuff is always nice (e.g. hide/show taskbar, systray, quick launch bar, desktop icons, start and fake error messages)
a keylogger which also logs at what time and in which program the keys are pressed, like:

and try to not use too many ports
the beast trojan uses 10 ports to function well
and with netstat -n you see all 10 ports with 10 times the attacker's ip
stealth is pretty important

these are some ideas, dunno if their useful

I'd like to see it not be publically posted, so that antivirus people wont get it and write a sig for it in their detection rules.

Sorry to revive an old thread:

Added:

Uninstall
Update
Grab sam from repair files
AV / FW killing (major ones only atm)

Working on:

System restore points
Netstat stealthing
Grabbing hash from sam file
Client GUI

oh and Mr bob it only uses one port and just prefixes the messages with where they are supposed to go. It sometimes gets confused but is generally fairly fast and pretty accurate!

A registry editor and a keylogger would be great features !

Maybee it's a good idea to make it running as a service ...

Wow! Sounds like a great program. If you want I can help you (ICQ# 220534764). I code VB, too. I.e. i can include an IRC bot in it ;-)

record video from webcam to an encoded mpeg file
Print screen?

Also, @dont-staY made as a service? i know what you mean but as far as i know, in vb u cannot make an app a service.

you can make a program a service in VB

Yes it is possible! with and without a control!

Added some more features
Added Server Builder
Working on webcam view
Working on proper FW killing

Released BETA 0.3

Passiw I would like to work with you a lot, pming you my details now.

yea i would def like to see dll injection, very important now days with admin who actually know what processes should be running.
if you can find a way to dll inject in VB, PLEASE POST IT, because it is rare.

Chris is your AV/FW killer working?

If so i would be very happy if you could send the me source of the av/firewall killer.

I was coding a trojan in VB ages ago...not really working on it anymore, if i code another trojan it will be in C & C++ probably.

If you want an example of a good VB trojan check out

http://cruel-intentionz.com CIA is the best VB trojan around atm.

I wonder if its possible to include a feature which allows you to view the screen of the remote computer in real-time like VNC does. I have tryed to code something in VB like this before, but it was crap!!

Im trying to zip up screenshots then send them then unzip them using command line tools but its just too god damn slow and sending them without compression just overflows the two computers! The VB AV/FW killer works but all it is is a simple function to get the processnumber from the process name and then kill a list of 400 names (even kills the supposedly protected ones) and a different function to use net stop to kill services. Very easy!

this looks like a pretty good program
good luck with it
i want to see how it turns out : v1.0 lol

Hmm, those screenshots are a real pain to do!!
Im sure that that VNC is open source, i know its written in C++ but if we get hold of it and look through it im sure we'l find something that can help us. Its definetly worth adding such a feature, so just stick at it!

it would also be good if it could (incase it gets deleted/found etc) to create a shell which sits there and has nothing to do with the trojan until u need it. like winshell or something, purely as a back up.

eg. spawns it on first install after it kills the fw/av or something

-toe

nov. 2004...is this project even active anymore or finished?

Actually you know I was going to code one in VB also, and I was wanting to do it like this, basiclly it was a simple trojan, connect, and accept, and then it would allow you to code seperate modiules and upload them as dll's and use those as seperate functions, I would like something like that to be inside of it.

L_S

The ability to retrieve alot of system details. e.g] hardware details, cpu type, diskspace, amount of RAM will be very useful.

I also strongly agree with the point Liquidess_Shade has made. The trojan should be easily updatable. Modules should be able to be supplied and executed.

You should add a feature were you can retrieve a list of modules/plugins that have been uploaded. Then there should be a feature which allows the 2 servers to synchrnise their plugins. This will be useful if you come across a server and find loads of cool plugins that someone else has uploaded and you want your server to have the same functionality.

I was writing something similar in java and was using RMI. I wanted the client to tell a server about another server then the servers would communicate and synchronise their tables of plugins. This will be highly beneficial as the client will not necessarily be using their resources/bandwidth.

Hope that makes sense.

Good luck with the project.

KBNET

EDIT: A port scan feature would also be useful.

Hey, Im sort of active, I have a lot of VB6 code which I will clean it up slightly then release what I got.

Just recently I started going again but I have moved to .NET 2005, looking to the future I know many people dont have .NET framework 2 yet but maybe I will be the first 2005 RAT and I love the fact I can move almost seamlessly between C# and VB + System services are better supported.

Anyhow I will release in the next week, its dirty code but im sure some of you could make something of it.

nope you would be the second .net rat:

http://www.platform-2.net/

I'm also contemplating moving to .NET, they have it at my college so I've played around with it a little. I'm still not 100% sure on switching just yet as quite a lot has changed.

Just a thought, would the target need to have the .NET framework installed if your project is going to be coded in .NET?

Yup, if you do it in 2005 then they would need framework 2 which basically noone has!

i would also like to see itself reporting to a php/cgi list, with password option ofcourse , containing the inside ip and outside ip.
i would also love to see a network scan option, or a network share detector or something

Greetz,

FLX

Some other nice things to add in would be a socks server and a ftp server with some sort of access control .