In the event you want to pwn a person who uses Linux desktop?
If so, glad to see this, there are cross platform rats that work on Linux but a Linux specific is rare to me.
Oh and I wouldn't say undetectable,AV may not detect it now but Linux detection can be pretty wild, even with good EDR vendors a lot of tuning is needed due to how customizable it is (admins/devs always do one off unusual things, windows has more predictable structure).
Didn't read the code but I loathe the python usage, if for windows you can use pyinstaller to build an exe. Anywhere else, your rat will break because of python versioning/deps.
The client runs on Windows and is written in C++ (bot directory). It's still terrible, amateur-level code that nobody should be running but the most critical aspect here is the architecture: Fixed, with most things hardcoded and hard to adapt/change. Also, no runtime flexibility whatsoever. This isn't what an advanced attack toolkit looks like, even a minimal one written in C/C++.
If it was fully undetectable it would mean that it would have no effect and does not exist on disk or in memory of any sort. Any malware/RAT is detectable in someway since it has some effect that shouldn't be there. That can be network activity, just the process running, just the code existing on a drive or in memory or anything else.
Looks like it's just a standard executable that listens on a hardcoded IP and port. This is the kind of stuff we'd whip up in an afternoon during a pentest when we needed a throwaway tool to use.
Certainly not FUD or "advanced". No encryption/obfuscation used to communicate with C2 at all, common patterns in the c++ binary that drops on clients, no polymorphism, drops itself on the disk. Might be a fun toy project for the author but this wouldn't be useful in any actual security testing deployments.
8 comments
[ 4.9 ms ] story [ 35.0 ms ] threadOh and I wouldn't say undetectable,AV may not detect it now but Linux detection can be pretty wild, even with good EDR vendors a lot of tuning is needed due to how customizable it is (admins/devs always do one off unusual things, windows has more predictable structure).
Didn't read the code but I loathe the python usage, if for windows you can use pyinstaller to build an exe. Anywhere else, your rat will break because of python versioning/deps.
Here is my own contribution to this space:
https://downloads.immunityinc.com/infiltrate-archives/python...
With you posting it here, I can guarantee that at least a few people are going to upload it to online scanners.