Running out of ideas for features

[mvrozanti]

Any suggestion is appreciated

[Dviros]

Hi!

1. I'm struggling to integrate the v2 of the telegram bot (change the v1 commands to the v2 keyboard) but I can't seem to handle it.

2. I've added an ARP table and tasklist features, and internal IP inside of ip_info.

[mvrozanti]

@Dviros Hey

Can you elaborate on the first problem? Do create a pull request for those changes! Would be a very nice add.

[Dviros]

Hi! Telegram bot API v2 allows to create a custom made keyboard instead of typing commands. I did manage to find my way from it, it would be awesome for you to check it (I've forked it and committed the changes) https://github.com/Dviros/RAT-via-Telegram/

Tell me what you think :) TODO: with these new button, the functionality of some input based functions won't work. I need help actually "asking" the user for input after the button click. Can you help?

[mvrozanti]

Just read it and looks good! Except functions that need arguments need to hold some kind of phase-keeping. Maybe the function could call itself after changing a global variable phase to process the query_data and act accordingly.

If you can get that going while still being user-friendly as is, I'll merge right up. Thank you!

[Dviros]

Hey dude, Only options for me is to use While loop. However, I don't know hot to implement an input (from the telegram message) inside the while loop. Can you help? Thanks!

[mvrozanti]

I've been thinking about the markup keyboard but I just don't think it's very usable if they would be the only way to interact. Keeping this application terminal-like is a goal I'd like to keep. While buttons are faster for some times, they lack the argument part. It would probably get too messy.

But the ARP table and pc_info changes are well written already so I'm adding them and updating README.

Sounds good?

[Dviros]

Hey dude, sure. Also found a solution for the tasklist

[mvrozanti]

Looks good, I'm adding it as well then.

[X3eRo0]

Change Wallpaper on Victim's PC like in BrainDamage RAT

[mvrozanti]

@PulkitSingh256 thank you, just added on 23043c1a1c7719a216f510de50c44df52c257398

[X3eRo0]

currently /wallpaper requires a image already on the victim. if possible make it like changing wallpaper with a URL /wallpaper please

[mvrozanti]

@PulkitSingh256 check commit 2b5621129de42931f3c86fb7a39eab4dd52b876e

[X3eRo0]

Thanks a lot

[X3eRo0]

Update Compile.bat @echo off echo ****RAT-via-Telegram COMPILER**** set /p id1 = Enter The Path of folder in which RAT_Attack.py is placed : rem --specpath id1 --distpath "id1\dist" --workpath "id1\build" pyinstaller --clean --upx-dir "upx393w" --noconsole --onefile "RAT_Attack.py"

[Dviros]

Hi dude, please implement it: https://github.com/hackIL/reveal-passwords-from-chrome-password-manager-/blob/master/getPass.py

It's for the chrome password gathering. I'm not sure it will work on the latest version, please test it. Cheers.

[X3eRo0]

New Feature idea. Running Audio in background to work as a Panic Attack.

[Dviros]

Hey man, Take a look in here: https://github.com/graniet/gshark-framework

[X3eRo0]

Gshark is great tool

[mvrozanti]

@Dviros getPass.py does retrieve the password but does not retrieve username for me.

EDIT: Didn't work on one site but worked on hotmail. Go figure. I'm adding it even though it looks a little buggy.

[Dviros]

Found something that works! https://github.com/hassaanaliw/chromepass/blob/master/chromepass.py

1. Needs to close chrome processes
2. python chromepass.py -d >> passwords.txt >> send.file(passwords.txt)

Cheers!

[X3eRo0]

Add features from this Script. https://github.com/arbazkiraak/hackbot

[Elite]

@PulkitSingh256 This needs to be a serious RAT and all your ideas are related to PRANK. Pls. keep this a serious RATing tool not a prank.

[mvrozanti]

@PulkitSingh256 I agree with @Elite. The application you linked while not prank-related per se it's not useful for controlling a Windows environment remotely either. We need data extraction/management about the system in various forms.

[X3eRo0]

It was just a suggestion which got rejected. But if you can add a option to format any drive with just a command. That would be useful

[mvrozanti]

PulkitSingh256 i will include recursive deletion

[X3eRo0]

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---Chrome-Password-Stealer

It's a Rubber Ducky Payload but it does capture Passwords by WIN+R and then typing commands as a kyeboard. We can also create a python file for capturing that passwords.txt and sending them to Gmail or telegram

[mvrozanti]

Aren't we doing this already?

[X3eRo0]

But someone reported that it was not working so I just thought. Sorry

[X3eRo0]

keystrokes injection

how do i run this cmd command on victim PC "C:\Program Files\Internet Explorer\iexplore.exe" -k http://fakeupdate.net/win10u/index.html

[X3eRo0]

New Idea. And option like /pwn (lhost,lport) And this option automatically generated a powershell alfanumeric undetectable batch file and executes it on victim which gives a meterpreter session to us. How about that. I am working on a python script which does exactly that but without telegram after it gets completed I want you to include the code in RAT-via-Telegram and make it trigger with telegram.

[mvrozanti]

I like the idea of extensions but there are problems with implementing a meterpreter session:

A) it gives up anonimity because a direct connection has to be made

B) msfconsole is there for just that.

Now a bigger ambition would be implementing a telegram C&C and making a pull request to Rapid7’s git page. Great idea; I just think it’s not for this project

[X3eRo0]

This idea hit me when I was in toilet, lol