Professional Documents
Culture Documents
on
Project Guide:
Mrs. Preeti Nagrath
Submitted by:
Kaushik Roy(00251202712)
Abhishek Kumar (00351202712)
Umesh Kumar (00751202712)
CERTIFICATE
This is to certify that the project entitled Remote Access Trojan (RAT) using python language
is bonafide work carried out by Kaushik Roy(00251202712), Abhishek kumar(h), and Umesh
kumar (00751202712) for the award of degree B.TECH in computer science Engineering at
Bharati vidyapeeth college of engineering. Paschim vihar New Delhi is record of the candidate's
own work carried out by them under my supervision. The matter embodied in the project is
original and has not been submitted for award of any other.
ABSTRACT
The project title is Remote Access Trojan (RAT). Under this project I have developed a RAT
(Remote Access Trojan) .This enables us to access and monitor victim machine remotely without
user acknowledgement.
The project is divided in two parts namely:server and client applications.
Today computer may have been used in the commission of a crime, or it may be the target.
Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this
type of crime have become high-profile, particularly those surrounding cracking, copyright
infringement, child pornography, and child grooming.There are also problems of privacy when
confidential information is lost or intercepted, lawfully or otherwise. There is very much need of
some tools to monitor such criminals. So that we can trace their activity and hence stop them
before they perform some harmful activity to others. There are some cases when we knows that
who had done some criminal activity, but regards of this we are not able to punish them, because
of the lack of strong evidences. Therefore some tools are necessary to collect enough evidences
to punish such criminals.
Today everybody is using computers for many tasks even few aged kids are using computers
most of the time. So how can You ensure and control such kids from any illegal activity, like to
know whether they are accessing any harmful contents on computers such as porn sites. In fact ,
due to huge usage of computers there is also problem arises of how to control and monitor
activities that are going to do with the help of computers.The answer of this question is Some
tools ( computer programs) that enable us to make this possible.
I have tried my best to make the complicated process of monitoring victims computers as simple
as possible using Structured & Modular technique & Menu oriented interface. I have tried to
design the software in such a way that user may not have any difficulty in using this package &
further expansion is possible with much effort. Even though I cannot claim that this work to be
entirely exhaustive, the main purpose of my exercise is to gain unauthorized access to victim
computer online way rather than manually which is time consuming and some time impossible to
gain access physically.
Our RAT tools is a web-based tool for summarizing microbial growth curves using
mathematical modeling. The user interface requires no programming and calls on an R
package of the same name which processes input data files, models the curves,
calculates important growth parameters from the fits, and returns both graphical and
tabular output.
CHAPTER-1
INTRODUCTION
A remote access Trojan (RAT) is a malware program that includes a back door for administrative
control over the target computer. RATs are usually downloaded invisibly with a user-requested
program such as a game or sent as an email attachment. Remote Access Trojans (RATs) are
malicious pieces of code often fixed in rules of the programs through RAT-ification procedures.
They are secretly planted and help gain access to victim machines, through patches, games, E-
mail attachments. Once installed, RATs perform their unexpected or even unauthorized
operations and use an array of techniques to hide their traces to remain invisible and stay on
victim systems for the long haul. A typical RAT consists of a server component running on a
victim machine and a client program acting as the interface between the server and the attacker.
The client establishes communications with its corresponding server as soon as the IP address
and port of the latter become available through feedback channels such as Email, Instant
Messaging and Web access. While interacting with a RAT server, an attacker can record
keystrokes, intercept passwords, manipulate file systems, and usurp resources of victim systems.
By continually changing their name, location, size, and behavior, or employing information
encryption and message tunneling for its communications, RATs may avoid the detection of
security protection systems such as firewalls, anti-virus Systems, and intrusion
detection/prevention systems (IDSs/IPSs). Once bound to programs, RATs in execution inherit a
victims privileges and raise havoc; moreover, they launch attacks against other systems
appearing themselves to be superusers. RATs provide the ideal mechanism for propagating
malware including viruses, worms, backdoors, and spyware.
Remote administration refers to any method of controlling a computer from a remote location.
Remote administration is becoming increasingly common and is often used when it is difficult or
impractical to be physically near a system in order to use it, or in order to access web material
that is not available in one's location. Any computer with an Internet connection, TCP/IP or on a
Local Area Network (LAN) can be remotely administered. Remote administration can be used
for any cluster of activities and can span multiple categories of servers, such as database servers,
middleware servers, etc.
There are various types of remote access Trojans that are being distributed with legitimate exe
files like files for executing games and installing other types of softwares. Intruders normally
use a program called a binder to combine the legitimate executable files with remote access
Trojans and toolkits
1.2 WHY THIS PROJECT:
Today computer may have been used in the commission of a crime, or it may be the target.
Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this
type of crime have become high-profile, particularly those surrounding cracking, copyright
infringement, child pornography, and child grooming.There are also problems of privacy when
confidential information is lost or intercepted, lawfully or otherwise. There is very much need of
some tools to monitor such criminals. So that we can trace their activity and hence stop them
before they perform some harmful activity to others. There are some cases when we knows that
who had done some criminal activity, but regards of this we are not able to punish them, because
of the lack of strong evidences. Therefore some tools are necessary to collect enough evidences
to punish such criminals.
System DFD
Today everybody is using computers for many tasks even few aged kids are using computers
most of the time. So how can You ensure and control such kids from any illegal activity, like to
know whether they are accessing any harmful contents on computers such as porn sites. In fact ,
due to huge usage of computers there is also problem arises of how to control and monitor
activities that are going to do with the help of computers.The answer of this question is Some
tools ( computer programs) that enable us to make this possible.
1.3 ADVANTAGES
Unauthorized use of computers mainly stealing a username and password.
Accessing the victim's computer via the internet.
Releasing a malicious computer program that is virus.
Harassment and stalking in cyberspace.
E-mail Fraud.
Theft of company documents.
1.4 DISADVANTAGES
There is limited awareness of computer security among home as well as business users.
Inadequately protected computers can be easy targets for unauthorised users.
There are several technologies available to improve computer security but their effectiveness
may be limited without user awareness and education.
Computers are increasingly being targeted by criminals or used as tools to commit old and new
types of crime.
attempt to access information stored on a computer.Information may have a sale value (corporate
espionage), may be valuable to the owner (ransom opportunity) or may be useful for further
illegal activity such as fraud.
Try to impede or alter the functioning of the computer itself. Also, if a computer can be
controlled it can be used to send spam, host illegal content, or conduct further attacks.
writing a virus (a type of malicious software or malware,) to delete stored data.
Terrorists using electronic attacks to target computer systems and networks.
1.4 APPLICATION:
2.REVIEW OF LITERATURE
The basic aim of the problem analysis is to obtain a clear understanding of the needs of the
clients and the user, what exactly is desired from the software, and what the constraints on the
solution are. Analysis leads to actual specification. Analysis involved interviewing the clients and
end users. These people and the existing documents about the current mode of the operation are
the basic sources of information for the analysis. Typically, analysts search a problem by asking
questions to the clients and the users and by reading existing documents. The process of
obtaining answers to the questions that might arise in an analysts mind continues until the
analyst feels that all information has been obtained. I learnt about the various comuter security
threats on various websites.I got some details by examining some users. I gathered information
from the Remote Access Trojan (RAT) currently used. We conducted meetings with my friends,
classmates and teachers to know furthermore about the system. I also attended various seminar
on computer security and ethical hacking. This helped me in deeply understanding various cyber
attacks and hacking tools available currently. In short, the source of my Project depends upon the
seminar , workshops on computer security and interviews or meeting with the classmates, friends
and teachers.
Remote Access Trojans (RATs) provide cybercriminals with unlimited access to infected
endpoints. Using the victims access privileges, they can access and steal sensitive business
and personal data including intellectual property, personally identifiable information (PII and
patient health information (PHI). While automated cyber-attacks allow cybercriminals to attack
browser-based access to sensitive applications, RATs are used to steal information through
manual operation of the endpoint on behalf of the victim. Most Advanced Persistent Threat
(APT) attacks take advantage of RAT technology for reconnaissance, bypassing strong
authentication, spreading the infection, and accessing sensitive applications to exfiltrate data.
RATs are commercially available (e.g. Poison Ivy, Darkcomet) and can be maliciously installed
on endpoints using drive-by-download and spear-phishing tactics.
Organization should specifically address RATs in their enterprise defense strategy at the
endpoint layer. The risk is especially high when RAT infection occurs, as the detection of RATs
in run-time is extremely difficult to do.
users, organisations with large networks of computers, or entire infrastructures may be targeted.
Attackers using computers may also attempt to damage the functioning of the Critical National
Infrastructure (CNI) which includes emergency services, telecommunications, and finance, all of
which rely on IT. Many CNI systems which were once isolated are now connected to the
Internet, increasing their vulnerability. There has been speculation over the prospect of terrorists
using electronic attacks to target computer systems and networks. According to the National
Infrastructure Security Coordination Centre (NISCC) the probability of terrorists carrying out an
electronic attack against the CNI is currently low compared with other risks such as using
explosive devices, although the NISCC points out that threats can change quickly
3. SYSTEM ANALYSIS
4. SYSTEM DESIGN:
Objectives
We will code a RAT in python and may bind it with an executable file (legitimate file), so that it
can be executed easily in windows platform. Any normal user wont have any idea that the
executable file is infected with RAT. As the RAT executes in the computer it will run in
background and record screenshots, keystrokes etc. And it will look for the remote computer to
connect. We will make a listener which will run on the remote computer. The listener will receive
all the data sent by the RAT. Even we can execute cmd commands on the computer (on which the
RAT is present) with the help of the listener. We will be able to execute this RAT on multiple
computers and monitor them with a single listener on a remote computer.
It provides remote access to victim computer without their prior knowledge and runs in
the stealth mode, so that victim never knows that someone is spying on them.
Objectives Of The Proposed System: To spread general awareness to computer users in an efficient and easy
manner
To enable user to check system security and vulnerability
To monitor criminals activity
information
like
their
username
,windows
HARDWARE CONFIGURATION
PROCESSOR : P -IV
MEMORY : 512 MB
HD CAPACITY : 80 GB
NETWORK INTERFACE CARD: ANY
SOFTWARE CONFIGURATION
OPERATING SYSTEM : MICROSOFT WINDOWS
BACK END : Python
FRONT END : pycharm