Saturday, 2 November 2013


What is RAT?
RAT stands for Remote Access Tool. It allows to access a system remotely without having physical access to the system. It is basically a service that is available in Windows OS known as remote services. It is used to connect to the network system remotely. Simple Remote Desktop Connection and RADIUS servers are the two common methods of doing this.
So we will exploit this service to get unauthorized access. There are many famous tools that allows us to do the following like blackshades, crybergate, cerberus, turkojan etc.
So here we will be discussing about cybergate.

So how will cybergate work?
In cybergate you can create servers (infected exes). If you victim opens this file you will be able to RAT him.

Will the server(infected file) that I create will be picked up by Anti-Virues?
Yes, it will be. You will need to crypt is using a crypter or use other methods like Hexing.

Oki so lets get to the practical part:

I. Create No-IP Account:

1) Goto No-IP.com and register and account.
2) Login to your account.
3) Click on this
4) Keep the same setting as in the picture. And click on create host.
5) Now goto this page and download the no-ip client.
6) Open the downloaded client and install it.
7) Open the installed No-IP Duc client.
Now give in your login details and you will see the created host.
9) Remove the checkbox and again check it.
10) Minimize your no-ip duc

Remember you always need to open your no-ip client and click the check box to get smiley whenever you are going to control your RATs.

II. Port Forwarding:

What is Port Forwarding?
Port forwarding or port mapping is the forwarding of a TCP/IP packet in a network address translator gateway to a predetermined network (which will be our No-IP Account).

1) Find out your gateway.
2) Goto Start----> Run
3) Type in "cmd"
4) Now type "ipconfig" and click enter
5) And you will get the gateway IP.
6) Now type the gateway IP in your web browser.
7) It will ask for username and password.
You can find your username and password from a sticker behind your router. Most of the time the user and pass will be "admin".
9) After successful login to your router you will be able to see options for portfowarding.
10) Forward port "100" to your local IP.

To check whether port "100" is open. Goto this link:
http://www.canyouseeme.org/
...and type in port 100 and check the result.

III. Creating a server:
1) Close your anti-virus. Since this type of virus/trojan builders are detected by anti-viruses as a false positive.
2) Download: http://darkcomet-rat.com/
3) Unrar/Decompress it and open "CyberGate v1.07.5.exe"
4) Wait for 20 seconds untill the disclaimer notice is scrolled over.
5) Click on Control Center and click "Start".
6) A box will pop up. Give the settings: type in the same details (from the top):
100
1,000
123456
then save it.
7) If any Windows Firewall box pops up click "Allow access".
Goto Control Center -----> Builder ----> Create Server.
9) A new box pops up. Click "Add User". Type in a username.
10) Double click the created username.
11) Select DNS port and delete it.
12) Give username: Cyber
and password: 123456
click add
type-in the NO-iP you created and add ":100" at the end.
click OK - this will add it to the DNS list.
13) Follow the picture
14) Select: Bind File,
Bind "..." to setup some file.
Click add after browsing the file you want the virus to be binded.

So you created a server binded to some file!

If you like it I will post second part tomorrow
share your feedback

0 comments:

Post a Comment