Windows Remote Administration Tool via Telegram (now in Python 3.7!) | Originally created by Ritiek
The current Remote Administration Tools in the market face 2 major problems:
This RAT overcomes both these issues by using the Telegram bot API.
fileto the Telegram bot
& More coming soon!
chat_idfrom the console and replace it in the script and comment out the line
return True. Don't worry, you'll know when you read the comments in the script.
RATAttackwill be created in your working directory containing
keylogs.txtand any files you upload to the bot.
When using the below commands; use
/ as a prefix. For example:
arp - display arp table capture_pc - screenshot PC cmd_exec - execute shell command cp - copy files cd - change current directory delete - delete a file/folder download - download file from target decode_all - decode ALL encoded local files dns - display DNS Cache encode_all - encode ALL local files freeze_keyboard - enable keyboard freeze unfreeze_keyboard - disable keyboard freeze get_chrome - Get Google Chrome's login/passwords hear - record microphone ip_info - via ipinfo.io keylogs - get keylogs ls - list contents of current or specified directory msg_box - display message box with text mv - move files pc_info - PC information ping - makes sure target is up play - plays a youtube video proxy - opens a proxy server pwd - show current directory python_exec - interpret python reboot - reboot computer run - run a file schedule - schedule a command to run at specific time self_destruct - destroy all traces shutdown - shutdown computer tasklist - display services and processes running to - select targets by it's name update - update executable wallpaper - change wallpaper
You can copy the above to update your command list via
BotFather so you don't have to type them manually.
compile.py. You can also pass
--icon=<path/to/icon.ico>to use a custom icon. If you want to use UPX for compression, you can add
--upx-dir [upx-3.95-win64 | upx-3.96-win32], depending on your architecture. You can skip this last option if you have UPX in your
C:/Python37/Scripts/dist/or the current directory, depending on where you called it from.
.exe, the script will move itself to startup and start with your PC to run at startup. You can return to normal by using the
/self_destructoption or manually removing
.exefile and location and name of the folder where the hidden
.exewill hide itself. To do this; modify
master. You must work in an alternate branch (e.g.
dev) and make a PR. This is to ensure that master has a working and approved version of RvT.
A markdown file with credits: Credit file
People with PRs:
Dependency owners: A load of people who turn coffee to code
This tool is supposed to be used only on authorized systems. Any unauthorized use of this tool without explicit permission is illegal.
The MIT License