Yeah. I know the feeling.
Well, when I was learning these things, I struggled every day to create an undetectable payload but I used to fail each time. At that time after some search, somehow I managed to bypass Antivirus protection.
But the Antiviruses were not so strong as they are now and that’s why bypassing those is not easy these days. But nothing can stop a hacker for a lifetime. Many developers are working around the world to make some advanced clever scripts to manage these things.
Here, in this tutorial, I am going to demonstrate the best script called TheFatRat, which we can use in this business.
Let’s go ahead.
What is TheFatRat?
This tool compiles a malware with payloads and then the payloads can be executed in the platforms mentioned above. The special advantage of this tool is it can create powerful malware who has the ability to bypass most antivirus software protection.
You can generate backdoors, payloads for all these platforms in one tool. Isn’t it a good thing?
Features of TheFatRat:
Let’s go ahead and see how it can be configured in Kali Linux.
Step 1: Install FatRat in Kali Linux:
Change the directory to Desktop or wherever you want. Here I am using the following commands to clone the tool.
git clone https://github.com/Screetsec/TheFatRat.git
This command will clone the tool on the Desktop. The file is a little big around 200 MB so it will take some time to finish the download. The download speed depends upon your internet speed. Now, change the directory to the TheFatRat folder. In my case, I am using the command-
Now, you have to take root permission for the setup.sh script. Here the script is showing in green color(depends on the terminal text color) which means I already have the permission. If you don’t have, run the command chmod +x setup.sh and it will grant root permission for the script.
In the next step, run the script by the command-
The script will start and it will check the required packages if they are installed or not. If not it will install them automatically. After completing the checking, a question will appear asking whether you want to create a path for FatRat or not.
If you are not sure about it click on ‘No’, or if you want to create a path so that you can open it from wherever you want then click on ‘Yes’. I recommend you to click on ‘Yes’ so that you can open it from the terminal.
Now your setup is completed successfully.
In the next step, exit the terminal and open a new terminal and run FatRat by the command-
This command will start the tool. At starting the tool will check for the internet connection, the required packages are properly installed or not. After checking all, TheFatRat will launch the options menu to create backdoors.
Let’s go ahead and see how can we generate an undetectable payload using TheFatRat.
Step 2: Generate an Undetectable(100% FUD) Payload Using The FatRat:
 Create Fud 100% Backdoor with Fudwin 1.0
This option is to generate payload for a Windows machine. After selecting the option, new options will come up. Here I am using the latest version of Fatrat. I got here a new option called Powerstager 0.2.5.
I’ve tried the No.1 option but it failed to create a payload and showed an error while creating the payload. Maybe the tool is in developing mode right now. Don’t worry, try the first option after some months. Now proceed with the work with the No.2 option.
Old is Gold! I’ve selected the second option, which says Slow But powerful.
After entering the second option, the tool will show the local IPV4, IPV6 address, public IP address, and the hostname.
Here I will apply the payload on my other PC which is connected to my local network. So I am using local IP here. If you want it to work over the WAN then take your public IP address.
(N.B: If you want to take the public IP so that the payload can work over WAN, the IP must be static. If you have a dynamic public IP then you can deal with no-ip website. It will give you a hostname for free which you can use as a static IP instead of dynamic IP. Our tutorial on no-ip website is coming soon! Stay tuned till then.)
Now, set the local IP and set any local port number and hit enter.
In this screen, the tool will ask you to choose your Windows architecture to generate the payload according to it. Here, my Windows is 64bit and that’s why I am selecting the 64bit FUD payload.
Now the tool will start generating the payload. It might show you several errors during the generating process but don’t worry. Stay with patience until it finishes the process.
Here I’ve generated the payload successfully which is saved to the output folder of TheFatrat.
I’ve uploaded the generated payload on VirusTotal. Only 3 Antivirus software detected it virus out of 69 but it is not recommended to upload it on VirusTotal. Do upload and scan it on NoDistribute to make sure you have created an undetectable payload.
Now send the payload to the victim and set a listener so that you can control the system.
Let’s go ahead and see how to set a listener.
Step 3: Set a listener against the payload(Meterpreter reverse TCP):
Common meterpreter commands:
screenshot– To get a screenshot
webcam_snap– To take a snapshot from a running webcam
record_mic– To record voice from a running mic
reboot– To reboot the system
shutdown– To shut down the system
suspend– To suspend the system
To know more commands, type ‘?‘ and hit enter. You will get all the commands you can use against the victim to control his system.
Authored By: Manas Lahon