We can introduce an RAT (aka Remote Administration Tool) as hacker’s plague spreading tool with a heavy vicious bite. Here, HACKAGON will make you learn everything you need to start the “Plague”. But to go further, we need to clear up the basics first so, here we go.
RATs are the so-called magic wand of Hacker’s.
What Is Remote Administration Tool?
A Remote Administration Tool (RAT) is a piece of software that allows a remote “Operator” to control a system as if he has physical access to that system. While Desktop Sharing and Remote Administration have many legal uses, “RAT” software is usually associated with the criminal or malicious activities such as controlling remote PC’s, stealing victims data, deleting or editing some files. One can infect someone else by sending them a file called “Server”. If and when this server file is opened, it burrows itself deep in the system and starts to run in the background. Further, it may also send the attacker a message every time it’s active like when a computer is turned on.
How To Spread Remote Administration Tool?
Some RATs can spread over P2P (peer to peer) file sharing services (Torrents mostly), messenger and email spams (MSN, Skype, AIM, etc.) while other may tag along hiding behind some other software. The user installs something, clicks “Next” 5–6 times and voila! Without anyone ever finding out the RAT has compromised a system.
How To Control Remote Administration Tool Server?
Once installed, the RAT server can be controlled via an RAT client. Basically, it’s just an application that tracks your RAT’s movements. It tells you how many systems are infected, information on their system, versions of OS and other software, their IP address etc. It shows a whole list of IP addresses which may be connected to immediately. After connecting, you can make the computer do pretty much anything like you can send keylogger, uninstall their antivirus, crash their whole system, etc.
What is port forwarding?
In computer networking, Port Forwarding or port mapping is an application of Network Address Translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.
If you’re a gamer or are used to download torrents, you must’ve heard “Port Forwarding” as a way to increase download speeds, reduce lag, etc. In general Port forwarding refers to the redirecting of computer signals to follow specific electronic paths into your computer. The logic behind this shit is, if the computer signal finds its way into your computer a few milliseconds quicker, it will add up to be a possibly dramatic speed increase for your game or your downloading. Don’t start jumping around just yet, your internet connection is probably already optimized for maximum performance (It is so, by default).
Example: A Pencil-thin network cable (that goes into the network adapter) at the back of your computer contains 65,536 microscopic pathways inside it. Your network cable is just like a major highway, except your network cable has freaking 65,536 lanes, and there is a tollbooth on each lane. We call each lane as a “Port”. (FYI, 2^16 = 65,536. So, that tells us 2 bytes = 16 bits in all is sort of the “width” of network cables, which gives us 65,536 different possible combinations – hence, the same number of ports.)
Your internet signal is comprised of millions of tiny little cars that travel on these 65,536 lanes. We call these little cars as “Packets”. These packets can travel as quick as the speed of light, but they do observe a stop-and-go set of rules, where they are required to stop at each major network intersection as if it were a border crossing between countries, or connecting to a different ISP. At each intersection, the packet must do three things:
- Find an open port.
- Pass the identification test, that will allow it through that port, and if not.
- Move to the next port and try again, until it is allowed to pass through the toll.
In some cases, packets sent by hackers will be caught and held at the intersection, where they will then be dissolved into random electrons. When this happens, it is called “Packet Filtering” or “Packet Sniffing”. Likewise, if a hacker gains control of a much-used port, he can control every bit of information that passes through it – Read it, modify or even delete it.
All in all, Port Forwarding is when you command your network router to proactively identify and redirect every packet to travel on specific electronic lanes. Instead of having every packet stop at each port in turn until it finds an open port, a router can be programmed to expedite the process by identifying and redirecting packets without having them stop at each port. Your router then acts like a type of hyper-fast traffic policeman who directs traffic in front of the toll booths.
Can An Antivirus Catch An Remote Administration Tool?
Yes, Actually, Hell Yeah! As a hacker, you will find antiviruses blocking your path at every damn step. But, like every problem, this too has a solution – “Encryption”. It’s called making your server “FUD (Fully Undetectable)”.
Example: Typically encrypted formats, let’s say the password protected .zip or .rar files (if they contain malicious software) can be caught by an Antivirus. Making a program FUD does pretty much the same thing, except it does so like a drunkard with OCD (Obsessive-Compulsive Disorder). What I mean is, running the software through an encryption program again and again so that nothing can recognize what it is and it can pass off as random harmless noise. Something called “Hex Editing” is a well-known way to go about doing this. This is a whole different topic in itself. So, more on this later.
Legal Or Illegal?
Well, some RATs are legal, and some are not. Legal are the ones without a backdoor, and they have the ability to close connection anytime.(Backdoor is something that gives the attacker access to the victim’s system without their knowledge). Plus these are not really referred to as RAT’s, that’s just our (hacker’s) dirty language where the Illegal ones are used for hacking and they may possibly steal data (or worse). A few examples are written below:
- TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
- UltraVNC – Remote support software for on demand remote computer support.
- Ammyy Admin – Like TeamViewer, Ammyy Admin is another reliable and friendly tool for remote computer access.
- Mikogo – Mikogo is an Online Meeting, Web Conferencing, Remote Support tool where you can share your screen with several participants in real-time over the Web.
The above tools while very useful and very legal, require a green light from both the parties involved. That’s the main difference between the ones above and the ones below:
Illegal (Or Barely Legal):
- Cerberus Rat
- CyberGate Rat
These all are used for one purpose – Causing trouble, to say the least. RATs like the ones above are meant to be stealthy. After all, no hacker will want their victims to get a message like: “Congratulations! You have been infected!” (Or maybe let the Antivirus find it). Use any of these on an actual victim, and you will get a ticket to jail, or, at least, a fine. But these are actually used, and mostly without anyone ever suspecting anything wrong. The thing is, hacking is becoming much more of a serious business than a game. An RAT that simply crashes the OS or formats the hard disk gives nothing to the attacker, So why bother doing it in the first place? RAT’s today are evolving (pun unintended). They are becoming more like “parasites” instead of predators. They may be used for DDOSing (by creating massive botnets with tens of thousands of slave computers), clicking ads in the background (the usual click fraud), increasing blog and youtube “views”, even using the compromised systems to “earn money online”, by pushing surveys, exploiting the websites which offer a pay-per-install model, even “mining” bitcoins (Bitcoins are just a fancy new online currency. Bitcoins can be earned by devoting CPU power, then converted into real money, hence their potential exploitation by using RATs).
What’s DNS Host?
A DNS Hosting is a service that runs Domain Name System Servers. Most, but not all, domain name registrars include DNS hosting service with registration. Free DNS hosting services also exist. Many third-party DNS hosting services provide Dynamic DNS.
In general, Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates meaningful human understandable Domain Names into the Numerical (Binary) Identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
What Can Remote Administration Tool Do?
- Manage files (Delete/Modify).
- Controls Web Browser (Change homepage, open a website, etc.).
- Get System Information (OS Version, AV name, RAM Memory, Computer name, Network Addresses, etc.).
- Get Passwords, CC numbers or private data, etc (via Keylogger).
- View and control remote desktop (Take the screenshot or a snap from the webcam).
- Record camera, sound (Control mic and camera).
- Controls victims I/O devices (mouse, keyboard, printer, etc.).
Pretty much everything you can do on your own computer, except play GTA V remotely. (Although technically, you can do that too)
Chances Of Getting Traced?
Yes as well as no because it’s all depends on the slave, it’s really hard to remove the infection or even trace a hacker. There are tools like WireShark, but it’s really hard to trace because PC usually got over 300 connections. So don’t worry.
Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.
We hope that HACKAGON matched our readers expectations regarding RAT – Remote Administration Tool. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.