Archive for April, 2009
Podcast: Play in new window | Download
Show notes:
- We aren’t actually pauldotcom.com
- We talk about Collegiate Cyber Defense Competition
- There’s technical difficulty in this episode which we are hoping to have worked out for the next episode.
- Enjoy. That’s an order. 
(Click on the pictures to see them bigger)
So here we have the first demo in the GRM N00bs blog of awesomeness.
I don’t mean the sort of rats that magically appear when one doesn’t do the dishes for an extended period of time.
RAT = Remote Administration Tool = Like Remote Desktop but way more funner.
Today we will be tooling with Nuclear Rat developed by Nuclear Winter Crew.
First we need to download Nuclear Rat. For this demo we will be using a fresh install of Windows 2003 Server as the attacker and a fresh install of Windows XP as the victim.
Once we’ve got Nuclear Rat, we unzip it with the password NWC. There’s a few things in there such as a Readme that might be useful. However, let’s get right into it and run client.exe
It will tell us some things about needing to port forward if we are behind a NAT etc, but since we are doing this to ourselves for fun and educational purposes, we should be able to ignore this for now.
A thing to note about RATs. They consist of a client and a server (sound familiar to any software engineering students out there?) The client goes on our machine, and we hand the server to the victim machine.
When we open up the client we see on the Log that Nuclear RAT has initialized and is listening on port 12345 for a connection from a server. We can change that and some other stuff in Connection Manager, but for now lets just stick with default settings.
Now we need to create a server to connect back to us. It took me about 10 minutes to figure out how to do this. Click “Create Server.” Are you laughing at me yet?
There are plenty of options to play around with here, but to get a basic Nuclear Rat running we just need to fill in our IP address (the one we need the servers to connect back to) in the “IP or DNS to connect” field in the connections tab.
Then scroll on over to the build tab and save the server. We might want to name it something a little less obvious than nuclearrat.exe and make it a nice icon. We will cover that in a later demo.
Now we need to get the server over to the client. I plan on writing another post soon with a lot of interesting ways to do this. For now let’s use hfs.exe which is like going through all the nonsense of using IIS but not. All we need to do is download it, click on it, and add our file.
Then we get our victim to download our file. I will do a demo on that later as well.
Back on our server we know we’ve got them. HFS tells us the file was successfully downloaded, and the Nuclear Rat icon informs us a server has connected.
Time to play!
Now we can control some things:
For instance, we can move the victim’s mouse to wherever we want, over and over again.
We can also get a remote shell. Check the log tab occasionally to see what’s up.
If control isn’t really your thing, how about management?
There’s the good old registry manager.
How about a clipboard manager? We type our text in the box. Then right click and choose set.
When our victim pastes our text magically appears. How embarrassing!
If that’s still not awesome enough to seal the deal, then there are some extras.
The message box made a guest appearance on day 3 of the Mid Atlantic Collegiate Cyber Defense Competition.
Alot.
We can even find out our victim’s opinions on issues that are very important to the future of this realm.
It’s also enjoyable to chat with our victim.
So that’s a few of the things Nuclear Rat can do. Try it out on your own systems to learn more.
Georgia
Next time on GRM N00bs: Famous people sightings, Georgia falls in a dumpster multiple times, and Micheal fights with a printer.
As the purpose of this blog or blob as I inadvertently dubbed it one evening/morning is to help others get their feet wet in hacking, penetration testing, foolery with the computer, technical deviance, insert your semantics of choice here, it is inevitable that some the things my comrades and I post delve into the realm of techniques that could be used for more nefarious purposes than getting Micheal a date. I’ve seen some pretty eloquent blog posts and such on the ethics of putting hacking demonstrations right there on the internet as opposed to making a poor unfortunate want to be go to school for far too long like I did to learn a modicum of mediocre Linux jargon. Hence I’ll just link you there if you are interested, or doing some research paper for school, or whatnot. Anyway, the bottom line is what we do here is for educational purposes only. These proofs of concept are here so our readers can gain some basic insight into penetration testing techniques as they embark on the great journey towards becoming the next generation of famous people. If you use these techniques to attack systems without permission, you may very well land yourself in trouble. Nothing you will see here is sophisticated enough that a moderately decent security officer hasn’t seen it all before. That being said, set up some virtual machines, try all this out locally, impress your friends, pick up girls, and have fun.
Georgia
(And please always comment loudly that my grammar sucks. Like most aspiring novelists I am prone to excessively employ the phrase “I’ll leave that for the editors to figure out.”)