Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
Viralmaniar authored Mar 15, 2018
1 parent 23e8074 commit f6b29fc
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,24 @@ This RAT will help someone during red team engagements to backdoor any Windows m
- Modify the `$username` & `$password` variable for your account in the `Mail.ps1` Powershell file
- Modify `$msg.From` & `$msg.To.Add` with throwaway gmail address

# How do I use this?
- Press 1: This option sets the execution policy to unrestricted using `Set-ExecutionPolicy Unrestricted`. This is useful on administrator machine

- Press 2: This takes the screenshot of the current screen on the user machine using `Shoot.ps1` Powershell script

- Press 3: This option backdoors the user machine using `schtasks` and sets the task name to `MicrosoftAntiVirusCriticalUpdatesCore`

- Press 4: This option sends an email from the user machine using `Powershell`. These uses `Mail.ps1` file to send screenshot as attachment to exfiltrate data

- Press 5: This option backdoors the user machine using `schtasks` and sets the task name to `MicrosoftAntiVirusCriticalUpdatesUA`

- Press 6: This option deletes the screenshots from user machine to remain stealthy

- Press 7: This option backdoors the user machine using `schtasks` and sets the task name to `MicrosoftAntiVirusCriticalUpdatesDF`

- Press 8: This option performs all of the above with a single button `press 8` on a keyboard. Attacker will receive an email every `5 minutes` with screenshots as an email attachment. Screenshots will be deleted after `12 minutes`

- Press 9: Exit gracefully from the program or press `Contrl+C`

# To Do
- Get keyboard strokes

0 comments on commit f6b29fc

Please sign in to comment.