J0k3rj0k3r Posted July 11, 2016 Share Posted July 11, 2016 (edited) I believe many of us know about this rat "Galileo RCS", this is not one of the popular HF craps but most advance rat at the moment selling for $21,000 from company, and funny part seller sells to agencies and government bodies, only with a lot of verification/authorization from government.Here it is for you to study and defend!! This is the hidden content, please Sign In or Sign Up 1. Credits -- LookaPW and 4armed Security 2. Download lic/dongle patch and license[HIDE-THANKS] This is the hidden content, please Sign In or Sign Up 3. Download RCS setup complete files [HIDE-THANKS] This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] Setup MD5 - 80D9F6C1D803A2321AC5B21615ADCAD8 [VERDE]Size: 1.05 GB[/VERDE] PASS RAR This is the hidden content, please Sign In or Sign Up 4. Install VMs -- RCS MASTER ( Windows 7 x64 | 5 GB RAM ) -- RCS Collector ( Windows 7 x64 | 2 GB RAM) -- Anonymizer ( CentOS 7 x64 | 2 GB RAM) 5. Configuration - Port forwarding -- RCS MASTER -- 442 / 443 / 444 -- RCS collector -- 80 6. Configuration - RCS MASTER Installation a. Set time 01 April 2015 (Disable internet time sync + vmx) Look here: This is the hidden content, please Sign In or Sign Up b. Set hostname/computername -- "rcsmaster" c. Update hosts file -- C:\windows\system32\drivers\etc\hosts -- xxx.xxx.xxx.xx rcscollector (IP of collector node) .. restart windows Run RCS setup -- Install Master node - CN -- rcsmaster -- THIS IS IMPORTANT STEP CERTIFICATES WILL BE UNDER THIS HOSTNAME - LIC -- FULL_VER.lic - Password -- GalileoRCS1 c. Wait untill all files are extracted... When it says "removing old master node files.." d. Goto C:\RCS\DB\bin -- replace/overwrite rcs-license-check e. Wait for "Verify license.." f. Goto C:\RCS\DB\lib\rcs-db-release\ -- replace/overwrite dongle.rb g. Goto C:\RCS\DB\Console -- Install Adobe AIR then install console application h. Open console >> Username -- admin >> Password -- GalileoRCS1 >> server -- rcsmaster i. Wait for certificate import dialog...click yes! j. You will see RCS Dashboard k. Dont do anything, next install RCS collector 7. Configuration -- RCS collector a. Set time 01 April 2015 (Disable internet time sync + vmx) This is the hidden content, please Sign In or Sign Up b. Set hostname/computername -- "rcscollector" c. Update hosts file -- C:\windows\system32\drivers\etc\hosts -- xxx.xxx.xxx.xx rcsmaster (IP of master node) .. restart windows Run RCS setup -- Install Collector node -- Master node CN -- "rcsmaster" -- local hostname -- "rcscollector" -- Password -- GalileoRCS1 -- Verify connection to Master DB >> Finish 8. Configuration -- Anonymizer -- First goto Master node Dashboard -- System >> check collector connection (should be green) -- Create new anonymizer "anon1" | IP address: xxx.xxx.xxx.xx -- Drag anon1 over Collector -- Build Proxy installer script 9. Configuration Proxy (anon1) - CentOS -- become root -- Disable firewall >> systemctl disable firewalld >> systemctl stop firewalld -- chmod u+x install -- sh install -- Wait for install complete...! 10. Goto Master node Dashboard -- System >> Apply configuration 11. ALL Configuration should be green.. Done! Guide installation: [HIDE-THANKS] This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] Edited February 21, 2017 by HoRSe Add guide installation Link to comment Share on other sites More sharing options...
Diabl0 Posted July 13, 2016 Share Posted July 13, 2016 Re: Galileo RCS-Multiple Infection System Topic approved, but NOTE, The APPLICATION HAS NOT BEEN SCANNED (too big to be downloaded in my current location). So download it and only use it under VM or SB. If you experience any BACKDOOR connections, Please post here and I will personally make an effort of downloading and checking out. ============== Approved because it has been lying in wait for a while. ============== : Link to comment Share on other sites More sharing options...
rom3u Posted July 15, 2016 Share Posted July 15, 2016 Re: Galileo RCS-Multiple Infection System when trying to install Master node the error appears license invalid, even following all the tutorial steps Link to comment Share on other sites More sharing options...
J0k3rj0k3r Posted July 15, 2016 Author Share Posted July 15, 2016 Re: Galileo RCS-Multiple Infection System when trying to install Master node the error appears license invalid, even following all the tutorial steps If you go through all the steps correctly ... everything will be okay! I'm sure you wrong somewhere! Check it once again! Link to comment Share on other sites More sharing options...
rom3u Posted July 15, 2016 Share Posted July 15, 2016 Re: Galileo RCS-Multiple Infection System correct, I had not paid attention that should replace the files with the installation in progress. c. Wait untill all files are extracted... When it says "removing old master node files.." however now I am with the following error CreateDirectory: "C:\RCS" created CreateDirectory: "C:\RCS\setup" created created uninstaller: 228823, "C:\RCS\setup\RCS-uninstall.exe" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayName"="RCS" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayIcon"="C:\RCS\setup\RCS.ico" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayVersion"="2015032101" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "UninstallString"="C:\RCS\setup\RCS-uninstall.exe" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoModify"="0x00000001" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoRepair"="0x00000001" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "InstDir"="C:\RCS" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "Publisher"="HT S.r.l." Call: 2839 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1) RMDir: "C:\RCS\rgloader" RMDir: "C:\RCS\Ruby" Call: 2839 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1) Call: 2839 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1) WriteRegExpandStr: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" "C:\RCS\Ruby\bin\ruby.exe"="DisableNXShowUI" detailprint: Running installation scripts... Call: 2839 File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll" File: wrote 6656 to "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll" detailprint: 2015-04-01 14:29:57 -0300 [DEBUG]: invoke env:setup on localhost detailprint: Prepare environment Jump: 507 detailprint: [echo]Prepare environment detailprint: C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/client.rb:285:in `add_to_path': undefined method `include?' for nil:NilClass (NoMethodError) detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/env.nsh.rb:3:in `block in ' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `instance_eval' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `invoke' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:17:in `block in ' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `instance_eval' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `on' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:16:in `' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `RGLoader_load' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `' Call: 508 MessageBox: 16,"An error occurred. See the log file C:\RCS\install.log for more informations." Link to comment Share on other sites More sharing options...
J0k3rj0k3r Posted July 15, 2016 Author Share Posted July 15, 2016 Re: Galileo RCS-Multiple Infection System correct, I had not paid attention that should replace the files with the installation in progress. c. Wait untill all files are extracted... When it says "removing old master node files.." however now I am with the following error CreateDirectory: "C:\RCS" created CreateDirectory: "C:\RCS\setup" created created uninstaller: 228823, "C:\RCS\setup\RCS-uninstall.exe" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayName"="RCS" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayIcon"="C:\RCS\setup\RCS.ico" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayVersion"="2015032101" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "UninstallString"="C:\RCS\setup\RCS-uninstall.exe" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoModify"="0x00000001" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoRepair"="0x00000001" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "InstDir"="C:\RCS" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "Publisher"="HT S.r.l." Call: 2839 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1) RMDir: "C:\RCS\rgloader" RMDir: "C:\RCS\Ruby" Call: 2839 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1) Call: 2839 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1) WriteRegExpandStr: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" "C:\RCS\Ruby\bin\ruby.exe"="DisableNXShowUI" detailprint: Running installation scripts... Call: 2839 File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll" File: wrote 6656 to "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll" detailprint: 2015-04-01 14:29:57 -0300 [DEBUG]: invoke env:setup on localhost detailprint: Prepare environment Jump: 507 detailprint: [echo]Prepare environment detailprint: C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/client.rb:285:in `add_to_path': undefined method `include?' for nil:NilClass (NoMethodError) detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/env.nsh.rb:3:in `block in ' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `instance_eval' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `invoke' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:17:in `block in ' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `instance_eval' detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `on' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:16:in `' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `RGLoader_load' detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `' Call: 508 MessageBox: 16,"An error occurred. See the log file C:\RCS\install.log for more informations." Dude read install.log MessageBox: 16,"An error occurred. See the log file C:\RCS\install.log for more informations." Link to comment Share on other sites More sharing options...
rom3u Posted July 15, 2016 Share Posted July 15, 2016 Re: Galileo RCS-Multiple Infection System I formated the VM and did after the installation and it worked, however the RSC Console error "Rcs console" Can not connect to server " I checked the log file and I believe that is the license problem LOG: --------------------------- Reload --------------------------- C:\RCS\DB\log\rcs-db_2015-04-01.log 2015-04-01 19:11:54 -0300 [iNFO]: Loading license limits C:/RCS/DB/config/rcs.lic 2015-04-01 19:11:54 -0300 [FATAL]: Invalid License File: corrupted integrity check ================================ the date of the operating system this April 1, 2015 I changed the vm file as the post VM.vmx ============ tools.syncTime = "FALSE" time.synchronize.continue = "FALSE" time.synchronize.restore = "FALSE" time.synchronize.resume.disk = "FALSE" time.synchronize.shrink = "FALSE" time.synchronize.tools.startup = "FALSE" time.synchronize.tools.enable = "FALSE" time.synchronize.resume.host = "FALSE" Link to comment Share on other sites More sharing options...
.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
Recommended Posts