an introduction to Remote administration tools. These are generally called RATs,
and yes they have a vicious bite. although this page doesn't teach you how to
blast open a RAT straight away, here you will learn everything you will need to
start a 'plague'. RATs form an entire class of hacking including trojan
infections, backdoors etc. But to go further, we need to clear up the basics
first so, here we go.
What's a RAT?
RAT = Remote Administration Tool. It is mostly used for malicious purposes, such
as controlling remote PC’s, stealing victims data, deleting or editing some
files. One can infect someone else by sending them a file called "Server". If
and when this server file is opened, it burrows itself deep in the system and
starts to run in the background. Further, it may also send the attacker a
message every time it is active like when a computer is turned on.
How are they spread?
Some RATs can spread over P2P (peer to peer) file sharing services (Torrents,
mostly..), messenger and email spams(MSN, Skype, AIM etc.) while other may tag
along hiding behind some other software. The user installs something, clicks
"Next" 5 times and voila! Without anyone ever finding out the RAT has
compromised a system.
How is the server controlled?
Once installed, the RAT server can be controlled via what's called a RAT client.
Basically it's just an application that tracks your RAT's movements. It tells
you how many systems are infected, information on their system, versions of OS
and other softwares, their IP address etc. It shows a whole list of IP addresses
which may be connected to immediately. After connecting, you can make the
computer do pretty much anything (except maybe, do hula dance XD) - Send a
keylogger, uninstall their antivirus, crash the system etc.
What is port forwarding?
If you're a gamer or are used to downloading torrents, you must've heard "Port
Forwarding" as a way to increase download speeds, reduce lag etc. Port
forwarding is the redirecting of computer signals to follow specific electronic
paths into your computer.If the computer signal can find its way into your
computer a few milliseconds quicker, it will add up to be a possibly dramatic
speed increase for your game or your downloading. Don't start jumping around
just yet, your internet connection is probably already optimized for maximum
performance (It is so, by default).
Let's take an example: That pencil-thin network cable (that goes into the
network adapter) at the back of your computer contains 65,536 microscopic
pathways inside it. Your network cable is just like a major highway, except your
network cable has freaking 65,536 lanes, and there is a tollboth on each lane.
We call each lane a 'port'.(FYI, 2^16 = 65,536. So, that tells us 2 bytes = 16
bits in all is sort of the "width" of network cables, which gives us 65,536
different possible combinations - hence the same number of ports.)
Your internet signal is comprised of millions of tiny little cars that travel on
these 65,536 lanes. We call these little cars "transfer packets". Computer
transfer packets can travel very quickly (just under the speed of light
actually), but they do observe a stop-and-go set of rules, where they are
required to stop at each major network intersection as if it were a border
crossing between countries, or connecting to a different ISP. At each
intersection, the packet must do three things:
►Find an open port,
►Pass the identification test that will allow it through that port, and if not,
►Move to the next port and try again, until it is allowed to pass through the
In some cases, packets sent by hackers will be caught and held at the
intersection, where they will then be dissolved into random electrons. When this
happens, it is called "packet filtering" or "packet sniping". Likewise, if a
hacker gains control of a much used port, he can control every bit of
information that passes through it - Read it, modify or even delete.
All in all, Port forwarding is when you command your network router to
proactively identify and redirect every packet to travel on specific electronic
lanes. Instead of having every packet stop at each port in turn until it finds
an open port, a router can be programmed to expedite the process by identifying
and redirecting packets without having them stop at each port. Your router then
acts like a type of hyper-fast traffic policeman who directs traffic in front of
Can an antivirus catch a RAT?
Yes. Actually, Hell Yes! As a hacker, you will find antiviruses blocking your
path at every damn step. (But we are white hats, right? No matter how annoying,
it's there to protect us, so be happy). But, like every problem, this too has a
solution - Encryption. It's called making your server "FUD" - Fully
Undetectable. For example, typical encrypted formats, say password protected
.zip or .rar files (if they contain malicious softwares) can be caught by an
AntiVirus. Making a program FUD does pretty much the same thing, except it does
so like a drunkard with OCD (Obsessive-compulsive disorder). What I mean is,
running the software through an encryption program again and again so that
nothing can recognize what it is and it can pass off as random harmless noise.
Something called "Hex Editing" is a well known way to go about doing this. This
is a whole different topic in itself. So, more on this later.
Legal or illegal?
Well, some RATs are legal, and some are not. Legal are the ones without a
backdoor, and they have ability to close connection anytime.(Backdoor is
something that gives the attacker access to the victim's system without their
knowledge). Plus these are not really referred to as RAT's, that's just our
(hacker's) dirty language :-) Illegal ones are used for hacking and they may
possibly steal data (or worse).
A few examples are written below:
►TeamViewer – Access any remote computer via Internet just like sitting in front
of it – even through firewalls.
►UltraVNC – Remote support software for on demand remote computer support.
►Ammyy Admin – Like TeamViewer, Ammyy Admin is another reliable and friendly
tool for remote computer access.
►Mikogo – Mikogo is an Online Meeting, Web Conferencing, Remote Support tool
where you can share your screen with several participants in real-time over the
The above tools while very useful and very legal, require a green light from
both the parties involved. That's the main difference between the ones above and
the ones below:
Illegal (or barely legal):
These are all used for one purposes - Causing trouble, to say the least. RATs
like the ones above are meant to be stealthily. After all, no hacker will want
their victims to get a message like: "Congratulations! You have been
infected!"(Or maybe let the AntiVirus find it). Use any of these on an actual
victim, and you will get a ticket to jail, or at least a fine. But these are
actually used, and mostly without anyone ever suspecting anything wrong. The
thing is, hacking is becoming much more of a serious business than a game. A RAT
that simply crashes the OS or formats the hard disk gives nothing to the
attacker, So why bother doing it in the first place ? RATs today are evolving
(pun unintended). They are becoming more like "parasites" instead of predators.
They may be used for DDOSing (by creating massive botnets with tens of thousands
of slave computers), clicking ads in the background(the usual click fraud),
increasing blog and youtube "views", even using the compromised systems to "earn
money online", by pushing surveys, exploiting the websites which offer a
pay-per-install model, even "mining" bitcoins (Bitcoins are just a fancy new
online currency. Bitcoins can be earned by devoting CPU power, then converted
into real money, hence their potential exploitation by using RATs). (Don't
bother googling this. Like every "Online money making" offer, whether it works
or not, this too is a waste of your time. No offence to the BitCoin Foundation
Whats DNS host?
The Domain Name System (DNS) is a hierarchical naming system for computers,
services, or any resource connected to the Internet or a private network. It
associates various information with domain names assigned to each of the
participants. Most importantly, it translates domain names meaningful to humans
into the numerical (binary) identifiers associated with networking equipment for
the purpose of locating and addressing these devices worldwide.
What all can a RAT do?
Here is list of basic features:
• Manage files. (Delete/Modify)
• Control web browser(Change homepage, open a website etc.)
• Get system information(OS Version, AV name, RAM Memory, Computer name,
Network Addresses etc.)
• Get passwords, CC numbers or private data etc. (via Keylogger)
• View and control remote desktop (Take screenshot or a snap from the webcam)
• Record camera, sound (Control mic and camera)
• Control mouse, keyboard input.
• Pretty much everything you can do on your own computer, except play GTA V
remotely. (Although technically, you can do that too)