Process List, File Explorer, Remote CMD & Desktop

[ElektroKill]

Hello Again,
I was trying to test the rat on a Virtual Machine and encountered problems with Process List, File Explorer, Remote CMD & Desktop. A link is available to a video of mine: https://youtu.be/OTfXwSBz55g. the server ui is black because of my windows theme.
plz Help

[PhilipMur]

Hi Electrokill, I have encountered the same problem. The problem seems to be with some virtual machines and the way that it grabs the images from the video card. I have implemented a fix in my version of the tut rat but have not had time to finish it yet. The other problem for finding the contents of the C:\ drive is permissions and shared permissions etc. Also of the process is a 32bit cannot access a 64bit process etc.. but a 64bit can access a 32bit process so watch out for that one. PhilipM

…

On Thu, 16 Aug 2018, 08:31 ElektroKill, ***@***.***> wrote: Hello Again, I was trying to test the rat on a Virtual Machine and encountered problems with Process List, File Explorer, Remote CMD & Desktop. A link is available to a video of mine: https://youtu.be/OTfXwSBz55g. the server ui is black because of my windows theme. plz Help — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AaB-ALJbk5boaBJCZIl1HnZNukrvbUXDks5uRR_AgaJpZM4V_V07> .

[ElektroKill]

when I tested the rat yesterday te RempoteDesktop showed the top 5 pixels of the screen xD, thanks for the reply. btw I ran the rat as admin so idk why it couldn't access C:\

[AdvancedHacker101]

Hi!
Going to install a 32-bit win7 shortly to see if I can replicate the issues.
In the meantime these questions might give some context to the problem:

1. Did it work on the x64 win7?
   I see you have this machine on the video.
2. How did you build the client?
   For me the default build is Debug/x64, maybe that can lead to some problems?
   Going to test it out.
3. Did you install VMWare tools on the machine?
   This could mess with the remote desktop screen share I think for ex. display drivers, etc...
4. How did you start the client.
   I assume on the desktop it's an icon pointing to the .exe where you have all the required files beside the client.

[ElektroKill]

On the x64 vm Remote Desktop worked! I cloned the repo with Github for Visual Studio and built it using Debug AnyCPU, I used Costura.Fody(nuget) to embed the dlls in the exe, I have VMware tools installed on both Virtual Machines, btw do you have a discord account ?

[AdvancedHacker101]

Ok, here is what I got sofar:

1. My build is actually Any CPU too, I was wrong sorry.
2. Process list worked for me, with normal user privs as well as administrator privs.
3. File listing didn't work for me either.
   Client sent a directory not found error, I have to investigate more into this.
4. Remote desktop worked, with the default FPS as well as higher FPS.

Environment

Windows 7 Ultimate SP1, non-activated as well.
Installed Google Chrome and .NET framework 4.5
Copied the debug folder from the client and ran the .exe directly.
VMWare tools installed, every component of it.

[ElektroKill]

Did the remote cmd work for you ? Mine worked but the server didn’t get a response
So do you have a discord account or no ?

[AdvancedHacker101]

I can execute commands but no output, so no : )
I also investigate this.
The file listing was just my mess up, only in the local code, so that also works

[ElektroKill]

Idk why process list didn’t work for me on Win7 x64 and x32, btw the uac bypass dosent work too

[PhilipMur]

In anyCpu properties uncheck prefer 32bit and this will run for 32 and 64 bit processes. Cmd should work then. Files will never be listed unless you query the virtual c drive that is queried. Screen will not update fully untill you get the end bytes of the picture file which i fixed in my version. Philip

…

On Thu, 16 Aug 2018, 11:37 ElektroKill, ***@***.***> wrote: Did the remote cmd work for you ? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#12 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AaB-ANCW49-Ux-gFl2Ho5e-PhQhI4nN_ks5uRUuAgaJpZM4V_V07> .

[ElektroKill]

What should I change to make the Remote Desktop work ?

[PhilipMur]

It is not a quick fix . What i done is the server sends the client ( get picture) the client responds with ok expect this size file ( xxxx) kb or bytes then the server sends back (send) and the process repeats untill the server sends ( stop) . Doing this ensures you have all the picture bytes so you can populate the picturebox. This method is similar to a VNC protocol. PhilipM

…

On Thu, 16 Aug 2018, 11:44 ElektroKill, ***@***.***> wrote: What should I change to make the Remote Desktop work ? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#12 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AaB-AB670sFxGkj_0w1olN97WWwuO7X5ks5uRU0EgaJpZM4V_V07> .

[ElektroKill]

Is this fixed in your fork ?

[PhilipMur]

No sorry i created a slightly different version than Advanced Hackers and have not released it yet as i didnt have time . I will try to get around to it this week. PhilipM

…

On Thu, 16 Aug 2018, 11:56 ElektroKill, ***@***.***> wrote: Is this fixed in your fork ? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#12 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AaB-AD4SSX4GKfYqeKay8xoRBjdJdzdAks5uRU_bgaJpZM4V_V07> .

[ElektroKill]

Ok, I didn’t expect things like this to happen xD
Backstory:
I wanted to make my own rat but I didnt know how so I searched up some source code and found this rat. I thought that it would work perfectly, so I tried learning from the source code but before that I tested it and it didn’t work.

If you are interested in malware making visit my profile xD

[PhilipMur]

In the right environment it does work and advanced hacker done alot of the work but VMs mess with how alot of things work and somethings need to be improved . Thats where people like you and me from the git community should to improve or fix and ask for a merge of our work with the main source code to ultimatley make the best project possible. So if you think you have a fix right now create a fork and upload your work (if you want to) and create a pull request. It will then be tested before a merge with the master code and happy days , you are involved. Advanced haker should have kept a Changelog file so everyone can have a glance over what changes ,by who and what version and when it changed. If you run it on a laptop or another pc it will run ok. PhilipM

…

On Thu, 16 Aug 2018, 12:02 ElektroKill, ***@***.***> wrote: Ok, I didn’t expect things like this to happen xD Backstory: I wanted to make my own rat but I didnt know how so I searched up some source code and found this rat. I thought that it would work perfectly, so I tried learning from the source code but before that I tested it and it didn’t work. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#12 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AaB-AL346Co4oLOZ_ZkayXYXHsv7PGEtks5uRVFKgaJpZM4V_V07> .

[AdvancedHacker101]

OK, i fixed the cmd stuff, basically there was a problem with not encrypting cmd traffic (God knows why I didn't encrypt cmd traffic), now it's encrypted, as well we can read from stdout and stderr in paralell.
And the overall code quality of shell output reading improved compared to the mess it was previously.

[AdvancedHacker101]

I would have done things differently if I started this today, I learned a lot since then.
I will focus on optimizing stuff for now, because I focused a lot on new features without a stable framework to build them on.
Also this was a project on dropbox -> google drive (messed up file extensions) -> github.
Anyways I continue this project and fix existing problems rather than rewriting the whole thing.

[AdvancedHacker101]

commit 85623f7 should fix the remote cmd issue, and enjoy some performance boosts

[ElektroKill]

AdvancedHacker101 do you have a fix for Remote Desktop

[AdvancedHacker101]

I couldn't recreate the problem so I don't know what to fix.
I need to know where the problem is.
Did the client get an image, did the client send the image, did the server receive the image....
If the problem is only what @PhilipMur said, prefixing the packets with the length of the image,
then I could implement that, but that would take some time.
In fact server -> client communication already works like this, just not client -> server

[ElektroKill]

the remote cmd is now working for me :), but process list doesn't work still

UPDATE: only remote mouse and keyboard control work for me