An introduction to RAT (Remote Access Trojan) & Netcat
We have all heard about viruses. This is a common term used to any malicious program, but in real there are some differences and all the malicious programs that might sneak into your system are not viruses. Among them, one of the most interesting and powerful one is a Trojan.
The name of this kind of program came from the infamous battle of Troy, as most of us are aware the Spartans won the battle by introducing threat inside a gift which was taken home by the Trojans with whole heart.
This is how the Trojan also works. It comes to your system in the disguise of a useful program but indeed it is a backdoor that allows the creator to access your system resources to get keystrokes etc.
So what exactly is a remote access Trojan?
Remote access Trojan is a small program that normally comes hided within some useful or bogus application which gives the intender access to your system normally through an open port which can be connected from a remote system but this puts a problem to the developer of the RAT as most of the times the affected device would be behind a router and the port might not be directly accessible from a remote system.
To solve this issue the idea of reverse connection was born in this scenario the Trojan connects to the server setup by the developer so the router is bypassed as the request is made from inside. The server issues command to the client for what is to be done.
A popular example of this is the Netcat tool which is known as the Swiss army knife for network/hacking. Here Netcat can act as a Trojan itself and a command centre.
The command to configure net cat to connect to a remote host on a particular port is somewhat like this:
nc remote_host <port>
This will connect to a remote host but that is it. It doesn’t serve any particular purpose. Let us modify it a little so we can utilize this great tool to its extent
The above command will present you the particular shell mentioned so in windows think you are given the command prompt! You can literally manipulate anything from thereon, like creating a new user connect to the system using remote connection using the new username password install a more powerful RAT.
Note: Netcat is not a RAT it’s just networking tool but creativity can change anything to our desire.
One of my most preferred RAT is PoisonIvy. PoisonIvy is freely downloadable but most of the antiviruses would detect it. How about changing the signature by encrypting it little bit. This will just make the particular Trojan from getting detected by popular antivirus software.
So this was a short explanation on what a RAT is. All malicious programs are not viruses it might be custom created to serve a particular purpose. There are other malicious programs like worms, malware etc. All serve a definite purpose, more on that later.