ToRat: Remote Administation Tool using Tor as a Transport Mechanism

June 9, 2019 Comments Off

A Cross-Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients.

Features

the ToRAT_client communicates over TCP(with TLS) proxied through Tor with the ToRat_server (hidden service)
- the anonymity of client and server
- end-to-end encryption
Cross-Platform reverse shell (Windows, Linux, Mac OS)
Windows:
- Multiple User Account Control Bypasses (Privilege escalation)
- Multiple Persistence methods (User, Admin)
Linux:
- Multiple Persistence methods (User, Admin)
optional transport without Tor e.g. Use Tor2Web, a DNS Hostname or public/ local IP
- smaller binary
- the anonymity of client and server
embedded Tor
Unique persistent ID for every client
- give a client an Alias
- all Downloads from client get saved to ./$ID/$filename

QuasarRAT – Open-Source Remote Administration Tool for Windows

Command	Info
select	Select client to interact with
list	list all connected clients
alias	Select client to give an alias
cd	change the working directory of the server
exit	exit the server

Tab-Completion of:
- Commands
- Files/ Directories in the working directory of the client

Command	Info
cd	change the working directory of the client
ls	list the content of the working directory of the client
shred	delete files/ directories unrecoverable
shredremove	same as shred + removes the shredded files
screen	take a Screenshot of the client
cat	view Textfiles from the client including .docx, .rtf, .odt
alias	give the client a custom alias
down	download a file from the client
up	upload a file to the client
escape	escape a command and run it in a native shell on the client
reconnect	tell the client to reconnect
exit	background current session an return to main shell
else	the command will be executed in a native shell on the client

Pupy – A Cross-platform Remote Administration and Post-Exploitation Tool

The important parts live in