Windows Remote Administration Tool via Telegram (now in Python 3.7!) | Originally created by Ritiek
The current Remote Administration Tools in the market face 2 major problems:
This RAT overcomes both these issues by using the Telegram bot API.
file
to the Telegram bot[TODO] Name server lookup (/nslookup - #19)
Thanks Dviros:
& More coming soon!
BotFather
.compile.py
python RATAttack.py
.chat_id
from the console and replace it in the script and comment out the line return True
. Don't worry, you'll know when you read the comments in the script.RATAttack
will be created in your working directory containing keylogs.txt
and any files you upload to the bot.When using the below commands; use /
as a prefix. For example: /pc_info
.
arp - display arp table
capture_pc - screenshot PC
cmd_exec - execute shell command
cp - copy files
cd - change current directory
delete - delete a file/folder
download - download file from target
decode_all - decode ALL encoded local files
dns - display DNS Cache
encode_all - encode ALL local files
freeze_keyboard - enable keyboard freeze
unfreeze_keyboard - disable keyboard freeze
get_chrome - Get Google Chrome's login/passwords
hear - record microphone
ip_info - via ipinfo.io
keylogs - get keylogs
ls - list contents of current or specified directory
msg_box - display message box with text
mv - move files
pc_info - PC information
ping - makes sure target is up
play - plays a youtube video
proxy - opens a proxy server
pwd - show current directory
python_exec - interpret python
reboot - reboot computer
run - run a file
schedule - schedule a command to run at specific time
self_destruct - destroy all traces
shutdown - shutdown computer
tasklist - display services and processes running
to - select targets by it's name
update - update executable
wallpaper - change wallpaper
You can copy the above to update your command list via BotFather
so you don't have to type them manually.
compile.py
. You can also pass --icon=<path/to/icon.ico>
to use a custom icon. If you want to use UPX for compression, you can add --upx-dir [upx-3.95-win64 | upx-3.96-win32]
, depending on your architecture. You can skip this last option if you have UPX in your PATH
environment variable..exe
file in C:/Python37/Scripts/dist/
or the current directory, depending on where you called it from..exe
, the script will move itself to startup and start with your PC to run at startup. You can return to normal by using the /self_destruct
option or manually removing %APPDATA%/Portal
directory and %APPDATA%/Microsoft/Windows/Start Menu/Programs/Startup/portal.lnk
..exe
file and location and name of the folder where the hidden .exe
will hide itself. To do this; modify compiled_name
and hide_folder
respectively.master
. You must work in an alternate branch (e.g. dev
) and make a PR. This is to ensure that master has a working and approved version of RvT.A markdown file with credits: Credit file
People with PRs:
Dependency owners: A load of people who turn coffee to code
Original creator:
This tool is supposed to be used only on authorized systems. Any unauthorized use of this tool without explicit permission is illegal.
The MIT License