Home

Published

- 3 min read

Remote Administration Tools (RATs)

RedTeam offensive security script execution cybersecurity
img of Remote Administration Tools (RATs)

Our invisible Ghostwriter has been working overtime - oh wait, it’s just us, br|ςКёđ.

Remote Administration Tools (RATs)

Not much to explain, we assume? Rats, Rats everywhere…

…and scammers, liars, thiefs, impostors, consultants…

https://youtu.be/MSYfRGxfBgc?si=lJH7hGTQ-OVdK4ES&t=921
(Also skip to Timestamp: 20:05 for a 3-years ongoing Scam with millions of damage)

Windows RATs

Popular & Commercial Solutions

Advanced & Open-Source Solutions

  • MeshCentral - Open-source remote management system.
  • NoMachine - High-speed remote desktop solution.
  • X2Go - Secure Linux remote desktop, Windows client available.
  • TightVNC - Open-source VNC remote control tool.
  • UltraVNC - Advanced VNC-based remote administration.
  • TigerVNC - Open-source high-performance VNC.
  • Remmina - GTK+ remote desktop client for various protocols.

Android RATs

Legitimate & Remote Support Apps

Security Research & Ethical Hacking Tools

Note: Try at your own risk. May be backdoored, may download additional stages hidden deep in deps, may be ScamWare…

  • AndroRAT
  • AhMyth
  • L3MON
  • HaxRAT
  • LizRAT
  • Metasploit
  • FatRat
  • Cypher
  • Craxs
  • Spy note
  • Spy Max
  • DarkComet
  • BetterAndroRAT
  • Airavat RAT
  • UnknownRAT
  • NetWire
  • Dendroid
  • LizRAT
  • ShivaTheCreator

L3MON Example

Cause obviously some examples had to be made…

bash
   $ git clone https://github.com/alj3322/L3MON
Cloning into 'L3MON'...
remote: Enumerating objects: 643, done.
remote: Counting objects: 100% (31/31), done.
remote: Compressing objects: 100% (24/24), done.
remote: Total 643 (delta 16), reused 7 (delta 7), pack-reused 612 (from 1)
Receiving objects: 100% (643/643), 29.27 MiB | 11.50 MiB/s, done.
Resolving deltas: 100% (240/240), done.

$ cd L3MON
$ git checkout dc1765943c02443f045ef1ab6987ce9b6968c068
fatal: unable to read tree (dc1765943c02443f045ef1ab6987ce9b6968c068)
$ git fetch --all
$ git checkout dc1765943c02443f045ef1ab6987ce9b6968c068
fatal: unable to read tree (dc1765943c02443f045ef1ab6987ce9b6968c068)
$ git reset --hard dc1765943c02443f045ef1ab6987ce9b6968c068
fatal: Could not parse object 'dc1765943c02443f045ef1ab6987ce9b6968c068'.
$ git rev-parse dc1765943c02443f045ef1ab6987ce9b6968c068
$ git fetch --all --prune                                        
$ git fetch origin +refs/heads/*:refs/remotes/origin/*
$ git fetch origin +refs/tags/*:refs/tags/*
$ git fetch origin dc1765943c02443f045ef1ab6987ce9b6968c068  
$ cd ..

$ git clone https://github.com/jenv/jenv.git ~/.jenv
$ echo 'export PATH="$HOME/.jenv/bin:$PATH"' >> ~/.bashrc
$ echo 'eval "$(jenv init -)"' >> ~/.bashrc
$ source ~/.bashrc
$ wget https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u442-b06/OpenJDK8U-jre_x64_linux_hotspot_8u442b06.tar.gz
$ tar -xvzf OpenJDK8U-jre_x64_linux_hotspot_8u442b06.tar.gz
$ sudo mv jdk8u442-b06-jre /usr/lib/jvm/java-8-openjdk  
$ jenv add /usr/lib/jvm/java-1.8.0-openjdk-amd64
$ cd /opt/L3MON
$ jenv local 1.8
$ npm install
$ npm audit fix
$ npm run test                                                  

> L3MON@1.0.0 test
> node index.js

SUCCESS Build Succeded!

L3MON RAT APK builder

…and who took it seriously is guilty as charged.

Linux & macOS RATs

Linux Remote Administration Tools

macOS Remote Administration Tools

Detection & Removal Tools

If you’re concerned about unauthorized RATs on your system, consider using these security tools: