How to RAT Someone’s Computer
RAT stands for Remote Access Trojan or Remote Administration Tool. It is one of the most dangerous forms of malware on the internet. Hackers can use a RAT to get complete control of your computer. Once achieved, they can do basically anything with your operating system. Using a RAT, a hacker can install keyloggers and other malicious malware remotely to your computer, infect files on your system and more. Today, I shall show you how to successfully RAT a computer.
Disclaimer: I’ve seen quite a few questions regarding how to use or setup RATs properly (Remote Access/Administration Tool). Before I go over the steps to do this I’d like to note that gaining remote access to someone’s computer without their permission is illegal in the United States and most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or someone’s who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular RAT developers (DarkComet) have either been or currently are in Federal prison or have closed down their projects in fear of their inevitable arrest. In regards to scambaiting, the hobby where one attempts to annoy, waste time, and possibly take down scammers, RAT-ing is in the grey area. If ever brought to legal circumstances, the decision could go either way, in favor of the scammer hacker or the scammers. Worst case scenario, you could both go to prison, especially if you don’t cover your tracks correctly. Nor I or dizzie.org shall be responsible for your actions. So after reading this, if you would still like to proceed I have conveniently listed 12 steps that need to be done in order to successfully rat someone’s computer.
The first thing you need to do is set up ports on your router. You will need to Google how to login to your router (Different for each one and ISP) and then the proper steps to add ports. If you have to login then usually the default username is “admin” and default password is “password”. You’ll need to create a TCP and UDP port, or 2-in-1 if your router supports it. Set your port names to whatever you want. Use Global port range 1604-1605 or really any except for 80 or any you are currently using. Set base port to 1604 or whichever port you used for global, save and your done…
To make sure your port is open you will need to go to CanYouSeeMe to check if the port you setup (In this case, 1604) is actually open. If it’s green you are okay. If not, we shall fix this in the next step.
Assuming you’ve followed all step required by your router, there may be a bug or hardware or other unknown issue preventing your port from opening. It may even be blocked (To check, just try several different ports). In this case, you will need a port utility that will temporarily open your ports you want. I recommend Port Forward Wizard. The steps are pretty easy to set up the ports. You will notice that this is not free but is actually trial software. Once downloaded you will be allowed 15 minute sessions of which the ports will then close. However, you can simply restart them to get another 15 minutes and do this virtually forever. If you don’t want to wait, you can try other utilities you find on the net or purchase their paid version.
After using this utility your ports should now work. Also keep in mind, if you are using a Virtual environment, you should not use this wizard on it, but on your main OS as there can be issues.
Now that you have your ports ready, you need to set up a dynamic IP so that you will not have to update your connection with your Ports and RAT. ISP’s generally change your IP address periodically for performance and security reasons. This can help keep your network from being hacked or targeted. I recommend going to NoIP.
Once there, click the sign up link and create an account. Don’t worry about Hostname at the moment. If you want you can pick it now. After making it to your home page, look at your new IP and select modify. There you can give it a Hostname and whatever info you want. Look to the left and click on the tab that says Dynamic Update Client. This is the utility that will take your IP address you have on your VM (Virtual Machine) or main machine and automatically sync it with your dynamic IP. When you think about it, this makes your life so much easier…
After downloading and running the tool you’ll see a little box with a basic interface that should have at least two check marks (One might be a red x). Click on the button that says “edit” and make sure your host is there and has the checkbox next to it selected. Now save, go back and click the refresh button, and if there was an x it should now be a green check mark.
Alright, it’s time to download the RAT. You are welcome to find your own but the sheer amount of malware and backdoors that are installed in these downloads alone makes many people give up on this kind of stuff. So much, some even start to doubt their existence. So I would recommend using one of two (Or both) powerful and popular RATs called DarkComet or njRAT. You can download DarkComet here and njRAT here. Keep in mind, that these RAT’s are considered malware as they frankly are. They are backdoor utilities that can be used to extract vast amounts of information without the users knowledge. They can also be used to control these systems and spread across entire networks. So if you think your Antivirus, firewall, or even Windows Defender likes them… guess again. This can make it even harder to detect extra hidden malware not intended by the dev. Especially if it is crypted. NEVER DOWNLOAD CRYPTED MALWARE. YOU HAVE BEEN WARNED!
As I was saying about how much security programs “love” RAT’s, you will need to disable all of yours. Yes, all, including Windows Defender or you will most likely never be able to launch or use the RAT correctly. Hell, it will probably be removed instantly and you will receive some “severe” warning about it from your Antivirus.
After disabling your security you need to create firewall exceptions. I don’t have time at the moment to explain how to do this on all types of OS’s so just Google it for now, and set one for your UDP and TCP connections. Same port info.
After extracting and running either DarkComet or njRAT you will need to set up your server (backdoor). This is what people will click on that runs and gives you access to their system. The setup is pretty similar in both DC and nj however I really love DarkComet’s advanced settings and also their huge array of tools. I mean they really did go above and beyond with features. Usually setting this up involves naming your file, its attributes, the server name, creating and icon (recommended) and setting up which IP to respond to. If you want to test it on your own machine, use IP 127.0.1 . If you want to use this on a friend or scammer, then set it to your dynamic IP you set up earlier.
Okay, you are all ready to go take down a scammer. You may also want to use a crypter like Aegis to help mask your backdoor. This really makes it almost impossible to be found by the targets AV or be deleted without a complete re-format of the hard drive (This is why I warned you earlier). Always use a VPN for your virtual machine and remember that the easiest way to hack someone is human error. These tools at a hacker’s disposal are useless unless they can convince their target to download it and click it. There is no software that can do this but the human brain. Good luck on your adventures, and stay secure.