Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)

Related tags

Miscellaneous backdoor cpp malware trojan rat keylogger malware-development rat-malware elliotalderson51 elliot-alderson malware-rat fosciety fsociety-rat elliotalderson fosociety-malware website-control malware-design
Overview

Fsociety-RAT

It was really fun to make this project! This project have a lot of great features and a very good website control for the bots.

The final Malware will bypassing UAC, installing rootkit on 32 bit systems, obfuscated strings, Anti-VM technique, Process Hollowing , Communicate with the website control using CURL (curl is preinstalled in every windows!).

RAT

Malware Persistence Techniques

✔️ The malware hiding a DLL to bypass UAC and a Rootkit in new sections.
✔️ Bypassing UAC using UAC hijacking on the program ComputerDefaults.exe in a "Windows " folder.
✔️ Create a task for the malware in Task Schduler in the path "Microsoft\Windows\Security" with high privileges.
✔️ If the system is 32-bit install and start the rootkit.
✔️ If the system is 64-bit the malware will start Process Hollowing

Malware Attacks

The malware communicate with a control website, this is the current attacks:

✔️ Screenshot
✔️ Task Scheduler
✔️ Remote Shell
✔️ File Manager
✔️ File Explorer
✔️ Keylogger
✔️ Client Info

Website Control Images

Main website control - list the clients and show info about them

plot

Victim profile page

plot

Rootkit

The Rootkit is for 32-bit systems. https://github.com/ElliotAlderson51/Kernel-Rootkit-32Bit

What the Rootkit can do?

Hook the SSDT

✔️ Protect Files (Read\Write\Create\Delete\Rename\Open\Execute)
✔️ Hide Process
✔️ Protect Process, Thread
✔️ Protect Registry Keys (Open\Create\Delete\Set)
✔️ Bypass privilege checks

DLL - Bypass UAC

Create a DLL that will be hijacked to ComputerDefaults to start the malware with high privilege.
https://github.com/ElliotAlderson51/Bypass-UAC

section_injector

This Projects will inject a file to new section in another file.

Injector.exe "section name" "target" "file"

Websites

Fsociety Control Website

This is the Control Website the malware is communicate with to get the commands to execute.

Fsociety Redirect Website

This website have hardcoded url in the malware code, the malware will get the Control Website url from this website.
I create this website so if there is a problem with the Control Website you can just upload the Control Website again and change the url in this website.

Sub Projects

This solutions was helping me to build the final malware

Initialize RAT

This automated the build of the final malware.

✔️ UPX the DLL file
✔️ Inject the DLL and the Rootkit to new sections.

Encoding_Decoding

This helps me to obfuscate the strings in the malware.

TODO

  • Obfuscate Imports

This project is for EDUCATIONAL PURPOSES ONLY. You are the only responsable for your actions! Happy Hacking (;

You might also like...
Administration system for Hackathons :chart_with_upwards_trend: !
Administration system for Hackathons :chart_with_upwards_trend: !

We are looking for maintainers! In order to ensure active development going forward, we are looking for maintainers to join the project. Please contac

Scientific Club of ESI 121 Oct 18, 2022
A cross-language remote procedure call(RPC) framework for rapid development of high performance distributed services.

Motan Overview Motan is a cross-language remote procedure call(RPC) framework for rapid development of high performance distributed services. Related

Weibo R&D Open Source Projects 5.8k Dec 20, 2022
Tars is a high-performance RPC framework based on name service and Tars protocol, also integrated administration platform, and implemented hosting-service via flexible schedule.

TARS - A Linux Foundation Project TARS Foundation Official Website TARS Project Official Website WeChat Group: TARS01 WeChat Offical Account: TarsClou

THE TARS FOUNDATION PROJECTS 9.6k Jan 1, 2023
🐋 This project aims to broaden knowledge of system administration by using Docker: virtualizing several Docker images, creating them in a new personal virtual machine.

🐋 This project aims to broaden knowledge of system administration by using Docker: virtualizing several Docker images, creating them in a new personal virtual machine.

Anton Kliek 1 Jan 26, 2022
Applies a patch from a local or remote file to any package that is part of a given composer project.

Applies a patch from a local or remote file to any package that is part of a given composer project. Patches can be defined both on project and on package level in package config or separate JSON file. Declaration-free mode (using embedded info within patch files) is available as well.

Vaimo 245 Dec 15, 2022
PHP_Depend is an adaptation of the established Java development tool JDepend. This tool shows you the quality of your design in terms of extensibility, reusability and maintainability.

PHP Depend Documentation PHP Depend for enterprise Available as part of the Tidelift Subscription. The maintainers of PHP Depend and thousands of othe

PHP_Depend 837 Dec 14, 2022
A beautiful, fully open-source, tunneling service - written in pure PHP
A beautiful, fully open-source, tunneling service - written in pure PHP

Expose A completely open-source ngrok alternative - written in pure PHP. Documentation For installation instructions, in-depth usage and deployment de

Beyond Code 3.9k Jan 7, 2023
Nuber is an open source container management platform it provides a front end to manage your own cloud infrastructure, using Linux Containers virtualization technology

Nuber is an open source container management platform it provides a front end to manage your own cloud infrastructure, using Linux Containers virtualization technology

null 33 Dec 14, 2022
MajorDoMo is an open-source DIY smarthome automation platform aimed to be used in multi-protocol and multi-services environment.
MajorDoMo is an open-source DIY smarthome automation platform aimed to be used in multi-protocol and multi-services environment.

MajorDoMo (Major Domestic Module) is an open-source DIY smarthome automation platform aimed to be used in multi-protocol and multi-services environment. It is based on web-technologies stack and ready to be delivered to any modern device. It is very flexible in configuration with OOP paradigm used to set up automation rules and scripts. This platform can be installed on almost any personal computer running Windows or Linux OS.

Sergei Jeihala 369 Dec 30, 2022
Owner
Elliot Alderson
But I’m only a vigilante hacker by night. By day, just a regular cyber-security engineer. Employee number ER-280652.
Elliot Alderson
GitHub
Rafel is Remote Access Tool Used to Control Victims Using WebPanel With More Advance Features..

Rafel is Remote Access Tool Used to Control Victims Using WebPanel With More Advance Features..

swagkarna 690 Dec 28, 2022
An open source tool that lets you create a SaaS website from docker images in 10 minutes.

简体中文 Screenshots for members ( who subscribe the plan ) for admin ⚠️ This document was translated into English by deepl and can be improved by PR An o

Easy 669 Jan 5, 2023
PHPCheckstyle is an open-source tool that helps PHP programmers adhere to certain coding conventions.

PHPCheckstyle Overview PHPCheckstyle is an open-source tool that helps PHP programmers adhere to certain coding conventions. The tools checks the inpu

PHPCheckstyle 157 Dec 5, 2022
QaraTMS is open source test case, test suites, test plans and test runs management tool.

QaraTMS - Open Source Test Management System QaraTMS is open source test management software for managing test suites, test cases, test plans, test ru

Alex H 29 Dec 22, 2022
PHP remote closure executor

Jumper Allow you to execute PHP Closure in other distant computer via SSH and without client/server setup. Source computer dependency: PHP >= 5.3 (so

Thibaud Lepretre 45 Aug 11, 2022
Execute Artisan commands on remote servers

Execute Artisan commands on remote servers This package provides a command to execute Artisan command on a remote server. Here's an example that will

Spatie 238 Dec 29, 2022
The server administration software for your needs

The server administration software for your needs. Developed by experienced server administrators, this panel simplifies the effort of managing your hosting platform.

Froxlor 1.5k Dec 29, 2022
Remote Git Library for PHP

This library provides methods to handle git repositories remotely without having to clone the whole repo. It uses the Symfony process component to run the git client.

Martin Auswöger 4 Dec 14, 2022
Remote or monitor your PocketMine:MP server via browser.

PMRemote Remote or monitor your server via browser. Features Monitor (TPS, Server load, Players count) TODO: Remote (Access server console like RCON,

null 11 Dec 7, 2022
Simple, modern looking server status page with administration and some nice features, that can run even on shared webhosting

Simple, modern looking server status page with administration and some nice features, that can run even on shared webhosting

Server status project 363 Dec 28, 2022