CollabVM Wikia/Bit's RAT: Difference between revisions
Another one |
computernewb>Chinigan2 No edit summary |
||
Line 1: | Line 1: | ||
Bit was the second user to have a working RAT that he owned to work on the VM. Surprisingly, he wrote this RAT solely off of a grease monkey script that was intended for having (minor) control over the user's browser (limited to just remote js execution). Somehow, either by having no life, or being a faggot, Bit managed to get the JavaScript RAT to not send JavaScript to the client machine, but instead, start exes. The RAT's control panel had two homes. In Bit's first iteration of his program, it was hosted at his own site, (some shitty free hosting service, I'll find it later). His second, and more improved version was based in Cloud9. The last known link to the console is http://bitbyte-c9users.io/jsconsole . Currently it's white listed, and only the IP of Bit and Ctrl(surprisingly) can send commands through the interface. Bit's RAT runs in conjunction with two other JS files, all of which depend on each other and make it a lot harder to remove. There is Startup.js, which adds the three scripts to startup. There is another js file that makes sure the other two js files (and itself) never get deleted, then, there is the RAT js itself. Inside the jsconsole.js, there's a token, which is used in his web-based jsconsole to send commands | Bit was the second user to have a working RAT that he owned to work on the VM. Surprisingly, he wrote this RAT solely off of a grease monkey script that was intended for having (minor) control over the user's browser (limited to just remote js execution). Somehow, either by having no life, or being a faggot, Bit managed to get the JavaScript RAT to not send JavaScript to the client machine, but instead, start exes. The RAT's control panel had two homes. In Bit's first iteration of his program, it was hosted at his own site, (some shitty free hosting service, I'll find it later). His second, and more improved version was based in Cloud9. The last known link to the console is http://bitbyte-c9users.io/jsconsole . Currently it's white listed, and only the IP of Bit and Ctrl(surprisingly) can send commands through the interface. Bit's RAT runs in conjunction with two other JS files, all of which depend on each other and make it a lot harder to remove. There is Startup.js, which adds the three scripts to startup. There is another js file that makes sure the other two js files (and itself) never get deleted, then, there is the RAT js itself. Inside the jsconsole.js, there's a token, which is used in his web-based jsconsole to send commands. | ||
Revision as of 02:26, 21 March 2016
Bit was the second user to have a working RAT that he owned to work on the VM. Surprisingly, he wrote this RAT solely off of a grease monkey script that was intended for having (minor) control over the user's browser (limited to just remote js execution). Somehow, either by having no life, or being a faggot, Bit managed to get the JavaScript RAT to not send JavaScript to the client machine, but instead, start exes. The RAT's control panel had two homes. In Bit's first iteration of his program, it was hosted at his own site, (some shitty free hosting service, I'll find it later). His second, and more improved version was based in Cloud9. The last known link to the console is http://bitbyte-c9users.io/jsconsole . Currently it's white listed, and only the IP of Bit and Ctrl(surprisingly) can send commands through the interface. Bit's RAT runs in conjunction with two other JS files, all of which depend on each other and make it a lot harder to remove. There is Startup.js, which adds the three scripts to startup. There is another js file that makes sure the other two js files (and itself) never get deleted, then, there is the RAT js itself. Inside the jsconsole.js, there's a token, which is used in his web-based jsconsole to send commands.