A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients.
How to use the ToRat Docker Image
git clone https://github.com/lu4p/ToRat.git
cd ./ToRatsudo docker build . -t toratsudo docker run -it -v “$(pwd)”/dist:/dist_ext torat
Prerequisite’s
Install Docker on Linux
- ubuntu https://docs.docker.com/install/linux/docker-ce/ubuntu/
- debian https://docs.docker.com/install/linux/docker-ce/debian/
- fedora https://docs.docker.com/install/linux/docker-ce/fedora/
- centos https://docs.docker.com/install/linux/docker-ce/centos/
- arch sudo pacman -s docker
How to install?
Clone this repo via git
git clone https://github.com/lu4p/ToRat.git
Change Directory to ToRat
cd ./ToRat
Build the ToRat Docker Container
you need to build a part of the container yourself to get a own onion address and certificate all prerequisites are met by the prebuilt torat-pre image in other to make quick build times possible
sudo docker build . -t torat
Run the container
- will drop directly into the ToRat Server shell
- the -v flag copies the compiled binaries to the host file system
- to connect a machine to the server shell just run one of the client binaries on another system
sudo docker run -it -v “$(pwd)”/dist:/dist_ext torat
In another shell run the client.
sudo chown $USER dist/ -R cd dist/dist/client/ ./client_linux
See the client connect
In your Server shell you should now see something like [+] New Client H9H2FHFuvUs9Jz8U connected! You can now select this client by running select in the Server Shell which will give you a nice interactive chooser for the client you want to connect to. After you choose a client you drop in an interactive shell on the client system.
Current feature
- RPC (Remote procedure Call) based communication for easy addition of new functionallity
- Automatic upx leads to client binaries of ~6MB with embedded Tor
- the ToRAT_client communicates over TLS encrypted RPC proxied through Tor with the ToRat_server (hidden service)
- anonymity of client and server
- end-to-end encryption
- Cross Platform reverse shell (Windows, Linux, Mac OS)
- Windows:
- Multiple User Account Control Bypasses (Privilege escalation)
- Multiple Persistence methods (User, Admin)
- Linux:
- Multiple Persistence methods (User, Admin)
- optional transport without Tor e.g. Use Tor2Web, a DNS Hostname or public/ local IP
- smaller binary ~7MB upx’ed
- anonymity of client and server
- embedded Tor
- Unique persistent ID for every client
- give a client an Alias
- all Downloads from client get saved to ./$ID/$filename
- sqlite via gorm for storing information about the clients
- client is obfuscated via garble
Server shell
- Supports multiple connections
- Welcome Banner
- Colored Output
- Tab-Completion of:
- Commands
- Files/ Directories in the working directory of the server
Command Info
select Select client to interact with
list list all connected clients
alias Select client to give an alias
cd change the working directory of the server
help lists possible commands with usage info
exit exit the server
Upcoming feature
- Privilege escalation for Linux
- Persistence and privilege escalation for Mac OS
- Support for Android and iOS needs fix of https://github.com/ipsn/go-libtor/issues/12
- File-less Persistence on Windows
Credits
- Tor
- Tor controller libary
- Python Uacbypass and Persistence Techniques
- Modern Cli
- Colored Prints
- Screenshot libary
- TLS Certificate generator
- Shred library
- Extract Text from Documents
- RPC
- UPX
- gorm
- Obfuscation
Post a Comment