- 16
- 1
First download a rat tool that you want. (if you dont have any i will leave venom rat below)
we will be using venom rat
Before we get to build the trojan and use it first you need to port forward the port 1604 on your modem settings. If you dont know how to do that you can find bunch of tutorials on youtube its really easy. Once you forwarded the port 1604 on TCP open windows firewall and disable it. we can now build the trojan and use it. dont forget to disable all antivirus software.
First open the .exe file and you will see this screen:
![[Image: 44shddp.png]](https://i.hizliresim.com/44shddp.png "[Image: 44shddp.png]")
Delete the automatic port the program added and add the port 1604. dont change the HVNC port. after that click start
After that you will see this screen: just go ahead and click builder settings on right top of the program.
![[Image: fp5eq28.png]](https://i.hizliresim.com/fp5eq28.png "[Image: fp5eq28.png]")
now we will build the rat:
![[Image: tretzae.png]](https://i.hizliresim.com/tretzae.png "[Image: tretzae.png]")
Step 1: Delete the ip that was already written and add your ip to that box.
Step 2: Add your port to the box.
Step 3: Enable BSOD
Step 4: Enable startup (so that it runs again when client restarts their computer)
Step 5: Type the programs name that will show up in the startup folder. something like microsoft update
Optional: you can enable them or not its your choice.
After that hit the build button on the corner.
Now the build is done we send it to the client. when he downloads it and opens it its gonna take like 20 seconds to come to our program.
And then we go back our dashboard section. When the clients computer comes we can right click it to see what we can do.
Heres a list of what you can do to the client:
[*]Remote desktop control
[*]Mouse and keyboard control
[*]Remote shell / command execution
[*]System information gathering
[*]Process list and management
[*]Hidden VNC (HVNC)
[*]Reverse proxy
[*]UAC bypass
[*]Disable Windows Defender and security tools
[*]Anti-kill techniques
[*]Persistence via startup entries and scheduled tasks
[*]Change client name, icon, and metadata
[*]Encrypted C2 communication
[*]Advanced keylogger
[*]Webcam and microphone capture
[*]Browser data theft (cookies, passwords, history, bookmarks)
[*]Credit card data theft
[*]Clipboard monitoring and clipper
[*]File manager
[*]Task manager
[*]Registry editor
[*]Download and execute (disk or memory)
[*]Task scheduler
[*]“Fun” features: hide/show taskbar, clock, tray, mouse; disable Task Manager; hide Explorer
[*]AMSI and ETW bypass
[*]Anti-analysis and VM detection
[*]USB spreading
[*]File/folder hiding
[*]Export payload as shellcode
[*]Optional ransomware module (.Venom extension)
[*]Data exfiltration via multiple channels (ngrok, FTP, PowerShell, Pastebin
Thats it for today. any questions? reply to this post.
we will be using venom rat
Before we get to build the trojan and use it first you need to port forward the port 1604 on your modem settings. If you dont know how to do that you can find bunch of tutorials on youtube its really easy. Once you forwarded the port 1604 on TCP open windows firewall and disable it. we can now build the trojan and use it. dont forget to disable all antivirus software.
First open the .exe file and you will see this screen:
Delete the automatic port the program added and add the port 1604. dont change the HVNC port. after that click start
After that you will see this screen: just go ahead and click builder settings on right top of the program.
now we will build the rat:
Step 1: Delete the ip that was already written and add your ip to that box.
Step 2: Add your port to the box.
Step 3: Enable BSOD
Step 4: Enable startup (so that it runs again when client restarts their computer)
Step 5: Type the programs name that will show up in the startup folder. something like microsoft update
Optional: you can enable them or not its your choice.
After that hit the build button on the corner.
Now the build is done we send it to the client. when he downloads it and opens it its gonna take like 20 seconds to come to our program.
And then we go back our dashboard section. When the clients computer comes we can right click it to see what we can do.
Heres a list of what you can do to the client:
[*]Remote desktop control
[*]Mouse and keyboard control
[*]Remote shell / command execution
[*]System information gathering
[*]Process list and management
[*]Hidden VNC (HVNC)
[*]Reverse proxy
[*]UAC bypass
[*]Disable Windows Defender and security tools
[*]Anti-kill techniques
[*]Persistence via startup entries and scheduled tasks
[*]Change client name, icon, and metadata
[*]Encrypted C2 communication
[*]Advanced keylogger
[*]Webcam and microphone capture
[*]Browser data theft (cookies, passwords, history, bookmarks)
[*]Credit card data theft
[*]Clipboard monitoring and clipper
[*]File manager
[*]Task manager
[*]Registry editor
[*]Download and execute (disk or memory)
[*]Task scheduler
[*]“Fun” features: hide/show taskbar, clock, tray, mouse; disable Task Manager; hide Explorer
[*]AMSI and ETW bypass
[*]Anti-analysis and VM detection
[*]USB spreading
[*]File/folder hiding
[*]Export payload as shellcode
[*]Optional ransomware module (.Venom extension)
[*]Data exfiltration via multiple channels (ngrok, FTP, PowerShell, Pastebin
Thats it for today. any questions? reply to this post.