Remote Administration Tool Beginners Tutorial

Remote Administration Tool Beginners
  • What is a Remote Administration Tool?
  • How do Remote administration Tools work?
  • Port Forwarding on your Router
  • Legal & Illegal RATs
What is a Remote Administration Tool?

A RAT is the Abbreviation/Shortcut of Remote Administration Tool. It is mostly used for malicious purposes, such as controlling PC’s, stealing victims data, deleting or editing some files. You can only infect someone by sending him the Executable file you have created with your RAT, or either use a Java drive-by to make your slave activate the virus by running a Java applet.

How do Remote Administration Tools work?

A remote administration tool has a Executable file and client technology. The Executable file runs on a controlled host computer and receives commands from the client, which is installed on other remote host. A remote administration tool works in background and will hide for users. You can monitor user’s activity, manage files, install additional software, control the entire system including any present application or hardware device, modify essential system settings, turn off or restart a computer and fun abilities such as turning on Webcams/Changing wallpapers and much more.

Remote administration tools are divided into malicious and legitimate applications. Illegal RATs, also known as remote administration trojans, are analogous to Backdoors and have very similar functionality. However, they aren't viral, do not propagate by themselves and usually do not have additional destructive functions or other dangerous payload. These Malware containing files do not work on their own and must be controlled by the client.

This is how you create your Executable file on a RAT:

BlackShades RAT

Darkcomet RAT

NetWire RAT

CyberGate RAT

Port Forwarding on your Router

First of all you have to find your Router's IP Address information.
To view your IP address information do these two steps:
Start > Run then type CMD then press Enter.
Than you have to type in your Command Prompt: IPconfig/all

If you see your network interface with a list of IP addresses (should not be all's addresses). If you got an IP starting with 192.168... or 10.0. That's very good! Find the Gateway IP Address. This is the router's IP address.
It may be one of the following that are appearing in your CMD. If you have no clue try one of the following:
Once you have find your Router's IP address, type that in your Internet Web browser, You will see a Administrator Login page. When this is the first time accessing the router. It will be most likely Default Passwords of:
admin - No Password
No Username - admin
admin - password

Alternatively, you can search Google with your Router Model number and there are enough people on different forums that will have the right default password that you need to use for your router.
Whenever you're logged in on your Router, You first go to UpnP (Universal Plug & Play) and start Enabling that. For security You may disable your Firewall on your Router but also on your Windows Computer, this is to prevent your Ports being closed whenever you have Port Forwarded it for your RAT.
Port Forwarding is the process that is needed to forward different types of Internet connections into your Network. Understand that the Router is protecting your networking by segmenting it; so it's doing its job. Port Forwarding is one way to allow traffic into your network (manually), but now most routers and devices allow UPnP. Despite some possible security risks, it has been very popular and useful in Peer-to-Peer applications like uTorrent. Port forwarding is necessary because your router is designed to automatically reject any inbound connections that you didn't initiate. 

So if you want to RAT or play a Online Game you need to set your Ports First, you will be able to connect to them and conversely they need to connect to you. If you have the router toggled on a "game" mode or similar, it will create a lag in the beginning as it attempts to learn what you are doing. This isn't ideal. 

You can use any Common Ports if you'd like to Port Forward for a RAT.
This can be many many ports, a Recommendation would be over 1000+
Some examples of ports here:
  • 2000
  • 2001
  • 3080
  • 3081
  • 1604
  • 1337

For Ratting you have to make sure you use TCP+UDP as your Protocols, Because RATs use a lot of features and some of the features require UDP instead of TCP that is needed for the connections. And you also have to make sure that you'll be using the IPV4 Address of your Host computer.
Different Computer accounts will not have the same IPV4 Address!

If you do not have the same Router as that i have, Search for your Router Model Number and go to Most of the used Routers that you need to PortForward on can be found on; That website will provide a good Tutorial on how to Port Forward for your Router. It's noob-friendly and almost all Routers on there.

Legal & Illegal RATs

There are Illegal RATs but also Legal RATs, You might be thinking what?
Illegal RATs since when are there Legal RATs? I will list here The RATs that are Legal and created by Members of HackForums and other Hack Forums and the RATs that are Illegal and coded by Official Companies or HackForum Members:

Illegal RATs:
  • Cerberus Rat
  • ProRat
  • Poison Ivy
  • NetWire RAT
  • BlackShades
  • Darkcomet RAT

Legal RATs:
  • Teamviewer
  • Darkcomet 5.4 Legacy
  • Ultra VNC
  • Ammyy Admin
  • Mikogo


Post a Comment