A major project report

on

Remote Access Trojan

(RAT)
Submitted in partial fulfillment of the
Requirement for the degree of
Bachelor of Engineering
In

Computer Science and Engineering

(Session 2015-2016)

Project Guide:
Mrs. Preeti Nagrath

Submitted by:
Kaushik Roy(00251202712)
Abhishek Kumar (00351202712)
Umesh Kumar (00751202712)

Department of Computer Engineering

BHARATI VIDYAPEETH COLLEGE OF ENGINEERING PASCHIM VIHAR, NEW DELHI
January 2016

CERTIFICATE

This is to certify that the project entitled Remote Access Trojan (RAT) using python language
is bonafide work carried out by Kaushik Roy(00251202712), Abhishek kumar(h), and Umesh
kumar (00751202712) for the award of degree B.TECH in computer science Engineering at
Bharati vidyapeeth college of engineering. Paschim vihar New Delhi is record of the candidate's
own work carried out by them under my supervision. The matter embodied in the project is
original and has not been submitted for award of any other.

ABSTRACT
The project title is Remote Access Trojan (RAT). Under this project I have developed a RAT
(Remote Access Trojan) .This enables us to access and monitor victim machine remotely without
user acknowledgement.
The project is divided in two parts namely:server and client applications.

Today computer may have been used in the commission of a crime, or it may be the target.
Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this
type of crime have become high-profile, particularly those surrounding cracking, copyright
infringement, child pornography, and child grooming.There are also problems of privacy when
confidential information is lost or intercepted, lawfully or otherwise. There is very much need of
some tools to monitor such criminals. So that we can trace their activity and hence stop them
before they perform some harmful activity to others. There are some cases when we knows that
who had done some criminal activity, but regards of this we are not able to punish them, because
of the lack of strong evidences. Therefore some tools are necessary to collect enough evidences
to punish such criminals.
Today everybody is using computers for many tasks even few aged kids are using computers
most of the time. So how can You ensure and control such kids from any illegal activity, like to
know whether they are accessing any harmful contents on computers such as porn sites. In fact ,
due to huge usage of computers there is also problem arises of how to control and monitor
activities that are going to do with the help of computers.The answer of this question is Some
tools ( computer programs) that enable us to make this possible.
I have tried my best to make the complicated process of monitoring victims computers as simple
as possible using Structured & Modular technique & Menu oriented interface. I have tried to
design the software in such a way that user may not have any difficulty in using this package &
further expansion is possible with much effort. Even though I cannot claim that this work to be
entirely exhaustive, the main purpose of my exercise is to gain unauthorized access to victim
computer online way rather than manually which is time consuming and some time impossible to
gain access physically.
Our RAT tools is a web-based tool for summarizing microbial growth curves using
mathematical modeling. The user interface requires no programming and calls on an R
package of the same name which processes input data files, models the curves,
calculates important growth parameters from the fits, and returns both graphical and
tabular output.

CHAPTER-1
INTRODUCTION
A remote access Trojan (RAT) is a malware program that includes a back door for administrative
control over the target computer. RATs are usually downloaded invisibly with a user-requested
program such as a game or sent as an email attachment. Remote Access Trojans (RATs) are
malicious pieces of code often fixed in rules of the programs through RAT-ification procedures.
They are secretly planted and help gain access to victim machines, through patches, games, E-

mail attachments. Once installed, RATs perform their unexpected or even unauthorized
operations and use an array of techniques to hide their traces to remain invisible and stay on
victim systems for the long haul. A typical RAT consists of a server component running on a
victim machine and a client program acting as the interface between the server and the attacker.
The client establishes communications with its corresponding server as soon as the IP address
and port of the latter become available through feedback channels such as Email, Instant
Messaging and Web access. While interacting with a RAT server, an attacker can record
keystrokes, intercept passwords, manipulate file systems, and usurp resources of victim systems.
By continually changing their name, location, size, and behavior, or employing information
encryption and message tunneling for its communications, RATs may avoid the detection of
security protection systems such as firewalls, anti-virus Systems, and intrusion
detection/prevention systems (IDSs/IPSs). Once bound to programs, RATs in execution inherit a
victims privileges and raise havoc; moreover, they launch attacks against other systems
appearing themselves to be superusers. RATs provide the ideal mechanism for propagating
malware including viruses, worms, backdoors, and spyware.
Remote administration refers to any method of controlling a computer from a remote location.
Remote administration is becoming increasingly common and is often used when it is difficult or
impractical to be physically near a system in order to use it, or in order to access web material
that is not available in one's location. Any computer with an Internet connection, TCP/IP or on a
Local Area Network (LAN) can be remotely administered. Remote administration can be used
for any cluster of activities and can span multiple categories of servers, such as database servers,
middleware servers, etc.
There are various types of remote access Trojans that are being distributed with legitimate exe
files like files for executing games and installing other types of softwares. Intruders normally
use a program called a binder to combine the legitimate executable files with remote access
Trojans and toolkits
1.2 WHY THIS PROJECT:
Today computer may have been used in the commission of a crime, or it may be the target.
Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this
type of crime have become high-profile, particularly those surrounding cracking, copyright
infringement, child pornography, and child grooming.There are also problems of privacy when
confidential information is lost or intercepted, lawfully or otherwise. There is very much need of
some tools to monitor such criminals. So that we can trace their activity and hence stop them
before they perform some harmful activity to others. There are some cases when we knows that
who had done some criminal activity, but regards of this we are not able to punish them, because
of the lack of strong evidences. Therefore some tools are necessary to collect enough evidences
to punish such criminals.

System DFD
Today everybody is using computers for many tasks even few aged kids are using computers
most of the time. So how can You ensure and control such kids from any illegal activity, like to
know whether they are accessing any harmful contents on computers such as porn sites. In fact ,
due to huge usage of computers there is also problem arises of how to control and monitor
activities that are going to do with the help of computers.The answer of this question is Some
tools ( computer programs) that enable us to make this possible.

1.3 ADVANTAGES
Unauthorized use of computers mainly stealing a username and password.
Accessing the victim's computer via the internet.
Releasing a malicious computer program that is virus.
Harassment and stalking in cyberspace.
E-mail Fraud.
Theft of company documents.
1.4 DISADVANTAGES
There is limited awareness of computer security among home as well as business users.
Inadequately protected computers can be easy targets for unauthorised users.
There are several technologies available to improve computer security but their effectiveness
may be limited without user awareness and education.
Computers are increasingly being targeted by criminals or used as tools to commit old and new
types of crime.
attempt to access information stored on a computer.Information may have a sale value (corporate
espionage), may be valuable to the owner (ransom opportunity) or may be useful for further
illegal activity such as fraud.
Try to impede or alter the functioning of the computer itself. Also, if a computer can be
controlled it can be used to send spam, host illegal content, or conduct further attacks.
writing a virus (a type of malicious software or malware,) to delete stored data.
Terrorists using electronic attacks to target computer systems and networks.
1.4 APPLICATION:

To security audit job less complex.

To spread general awareness to computer users in an efficient and easy manner
To enable user to check system security and vulnerability
To monitor criminals activity
To control cyber crimes.
To control terrorists activity by monitoring their activity
To collect enough proofs to punish criminals Evidence tracking can be based on examining and
observing the physical locations as well as based on thorough examination of data or
information.
To monitor kids activity on computers.
Provide remote access to the computer that is not physically accessible.

2.REVIEW OF LITERATURE
The basic aim of the problem analysis is to obtain a clear understanding of the needs of the
clients and the user, what exactly is desired from the software, and what the constraints on the
solution are. Analysis leads to actual specification. Analysis involved interviewing the clients and
end users. These people and the existing documents about the current mode of the operation are
the basic sources of information for the analysis. Typically, analysts search a problem by asking

questions to the clients and the users and by reading existing documents. The process of
obtaining answers to the questions that might arise in an analysts mind continues until the
analyst feels that all information has been obtained. I learnt about the various comuter security
threats on various websites.I got some details by examining some users. I gathered information
from the Remote Access Trojan (RAT) currently used. We conducted meetings with my friends,
classmates and teachers to know furthermore about the system. I also attended various seminar
on computer security and ethical hacking. This helped me in deeply understanding various cyber
attacks and hacking tools available currently. In short, the source of my Project depends upon the
seminar , workshops on computer security and interviews or meeting with the classmates, friends
and teachers.
Remote Access Trojans (RATs) provide cybercriminals with unlimited access to infected
endpoints. Using the victims access privileges, they can access and steal sensitive business
and personal data including intellectual property, personally identifiable information (PII and
patient health information (PHI). While automated cyber-attacks allow cybercriminals to attack
browser-based access to sensitive applications, RATs are used to steal information through
manual operation of the endpoint on behalf of the victim. Most Advanced Persistent Threat
(APT) attacks take advantage of RAT technology for reconnaissance, bypassing strong
authentication, spreading the infection, and accessing sensitive applications to exfiltrate data.
RATs are commercially available (e.g. Poison Ivy, Darkcomet) and can be maliciously installed
on endpoints using drive-by-download and spear-phishing tactics.
Organization should specifically address RATs in their enterprise defense strategy at the
endpoint layer. The risk is especially high when RAT infection occurs, as the detection of RATs
in run-time is extremely difficult to do.

2.1 GOAL OF THE PROJECT:

To security audit job less complex.

To spread general awareness to computer users in an efficient and easy manner.
To enable user to check system security and vulnerability.
To monitor criminals activity.
To control cyber crimes.
To control terrorists activity by monitoring their activity.

 To collect enough proofs to punish criminals Evidence tracking can be based on

examining and observing the physical locations as well as based on thorough
examination of data or information.
To monitor kids activity on computers.
Provide remote access to the computer that is not physically accessible.

2.2 PRESENT SYSTEM:

Almost every home, office, or school has a computer of some kind these days. It may seems at
first that having a computer brings only benefits, but further consideration shows that it also has
disadvantages. In todays technological advancements there are many online application
packages. Even the banking transactions take place online. OLTP On Line
Transaction Processing has emerged as a fundamental aspect in every bodys life. Hence the use
of facilities may also prove troublesome. Cybercrime is a hot topic these days. Hackers and
crackers are the people who gain unauthorized access to the system via internet or physically by
stealing in the premises. There are many laws and legislations for computer related issues. In
present, everyone is using computers for various reasons. Its 100% true that present computers
are not completely safe from various threats. They are widely used for various crimes. The major
reasons for criminal activity in computers are:
1.
Unauthorized use of computers mainly stealing a username and password
2.
Accessing the victims computer via the internet
3.
Releasing a malicious computer program that is virus
4.
Harassment and stalking in cyberspace
5.
E-mail Fraud
6.
Theft of company documents.
Moreover children might be using the internet to access pornographic material. Children are also
easy target for sexual offenders who chat online with them and then make plans to meet them or
slowly filter information about them. In fact there are very low control on these activities and
more and more system are vulnerable against security threats. An increasing number of domestic
and international criminal activities are using the Internet. Computers and other electronic
devices can be tools to commit crime or are targeted by criminals. A personal computer
connected to the Internet without protection may be infected with malicious software in under a
minute. This briefing discusses the scale and nature of computer crime, the technologies
available to protect computers, and highlights the key policy challenges. The increasing range of
programmable electronic devices, from set-top TV boxes to mobile phones, means that
computer crime can affect more than just personal computers (PCs). They and other electronic
devices are particularly vulnerable to attack because they are flexible, can be reprogrammed, and
are networked with other devices. Some attacks do not have a specific target. However, attacks
against specific computers or groups of computers are becoming more common. Home computer

users, organisations with large networks of computers, or entire infrastructures may be targeted.
Attackers using computers may also attempt to damage the functioning of the Critical National
Infrastructure (CNI) which includes emergency services, telecommunications, and finance, all of
which rely on IT. Many CNI systems which were once isolated are now connected to the
Internet, increasing their vulnerability. There has been speculation over the prospect of terrorists
using electronic attacks to target computer systems and networks. According to the National
Infrastructure Security Coordination Centre (NISCC) the probability of terrorists carrying out an
electronic attack against the CNI is currently low compared with other risks such as using
explosive devices, although the NISCC points out that threats can change quickly

3. SYSTEM ANALYSIS

4. SYSTEM DESIGN:

Objectives
We will code a RAT in python and may bind it with an executable file (legitimate file), so that it
can be executed easily in windows platform. Any normal user wont have any idea that the
executable file is infected with RAT. As the RAT executes in the computer it will run in
background and record screenshots, keystrokes etc. And it will look for the remote computer to
connect. We will make a listener which will run on the remote computer. The listener will receive
all the data sent by the RAT. Even we can execute cmd commands on the computer (on which the
RAT is present) with the help of the listener. We will be able to execute this RAT on multiple
computers and monitor them with a single listener on a remote computer.
It provides remote access to victim computer without their prior knowledge and runs in
the stealth mode, so that victim never knows that someone is spying on them.

Objectives Of The Proposed System: To spread general awareness to computer users in an efficient and easy
manner
To enable user to check system security and vulnerability
To monitor criminals activity

To control cyber crimes

To control terrorists activity by monitoring their activity
To collect enough proofs to punish criminals Evidence tracking can be
based on examining and observing the physical locations as well as
based on thorough examination of data or information.
To monitor kids activity on computers
Provide remote access to the computer that is not physically accessible.

Proposed system have the features: Can

get
victim
computer
platform, active directory etc.

information

like

their

username

,windows

Can download a file from a victims system

Can upload a file to a victims system
Can take screenshots of the victims system
Can capture and record the keystrokes of victim typed in his computer
Lock the victims screen
We will code both the RAT(actual backdoor) and the listener in Python. The RAT i.e. the server
will be executed in the victims computer.
Server:(RAT)
This opens a tcp/ip port on victim computer and listens for any incoming connections.On any
incoming connection for it accept the connections and provides a network stream for data
transfer. It has several functions which performs a particular task. On its intial execution it marks
its entry in the windows registry so that it can run every time user loges on to his account. It also
sends victim ip address to a particular e-mail id. It then receives commands from client , perform
tasks and then returns the result to client application.
Client:(Listener)
Client enables to connect to victim using his ip and port address. Once connection is established ,
it can perform following tasks:-

4.1 SYSTEM REQUIRED:

HARDWARE CONFIGURATION
PROCESSOR : P -IV
MEMORY : 512 MB
HD CAPACITY : 80 GB
NETWORK INTERFACE CARD: ANY
SOFTWARE CONFIGURATION
OPERATING SYSTEM : MICROSOFT WINDOWS
BACK END : Python
FRONT END : pycharm

 INTERNET CONNECTION IS REQUIRED