Darkcomet – setting up the Remote

Administration Tool.

Authored by: Coded32,

OpenFire Security

http://openfire-security.net

A whitepaper on setting up a popular remote administration tool known as darkcomet version 5 and creating a basic RAT setup to get slaves. Please visit the OpenFire Security Research section for more papers that interests you. All

papers are either for academic purposes or for an in-depth independent research. Any team members of OpenFire

Security aren't responsible for what this information applies to. So be responsible with what you do with the papers we release for a vivid security research work.

Gr33ts and Acknowledgements:

Evisceration, Null_V0id, Hell_Porter, Wingle, Xhunt, Mist,

Foxinious, Mafiab0y, h4x.r00t, Xception Code, 64, Phoenix, Codered,

Baadshah, t3es, g0tm1lk, and the crew members at *OpenFire.

Also, best regards to the Back|Track Linux Community, the developers

of OpenFire forum, the programmers on OpenFire like H4rdcOre,

bluedog, and Piranha.

This method are generally attempted by the beginners into the hacking scenario, although

there are several other different methods to RAT a user, this paper is the most basic to setup a RAT

server onto a user[s] machine. Have a look at other whitepapers which may had been appeared over http://openfire-security.net for the details onto RATTING with an advanced approach. Countermeasures are described at the end of this paper. Thanks.

What is the paper about?This paper will be summarizing you how to make a basic RAT server with DarkComet 5. RAT is Remote Administration Tool, used to generally steal login credentials, user data, user keystrokes and much more. We will only discuss here the setup of a well known RAT Darkcomet version 5.

Things you will need:

- DarkComet 5 which can be downloaded HERE

- DUC (which is needed to create your no-ip) can be downloaded HERE

Index:–

- Picking a port and port forwarding that port- Setting up a no-ip- Setting up DUC- Creating your server- Extras

Picking a port and port forwarding that port:–

–– - To begin open DarkComet 5 and check "Do not display

again the ELUA" and hit "I accept" if this is your first time.

- Once inside of the RAT go to the "Sockets/ Net" tab

- Right click in that tab and choose "Add port to listen" for this tutorial I will be using port 1604 you can use any port you wish to use! Then hit listen.. It should look like this:

– After selecting your port you will need to port forward. Everyone has a different router so I will link you to a tutorial I have made on how to port forward: To see the tutorial click HERE

–

–

–

–

– Setting up a no-ip:–

- Go to http://www.no-ip.com/ and hit create an account

– Log into your account and hit "Add a host"

- From there type in a hostname (this can be anything) and change the address to "no-ip.info"

–

Note: for test purposes I had used Back|Track as my Operating system to test the IP forwarding. I had also setup a Vmware Virtual Windows 7 system, where the RAT would be operating, the steps are the same over a Windows 7 System as that of Back|Track, the only difference lies is the RAT works under the windows OS environments only. On other papers, I will explain the working of a RAT under a Linux based Operating system too, but this is the basic.

-Then hit "create host"

HOSTNAME can be any name that has no been used by other users.

Setting up DUC:

– Select your operating system and installing this should be self explanatory

–

- ––– Open Duc it will ask you to log in

- –– Hit select host then click in the check box next to

the no-ip hostname you are using then hit save.

–– Now just hit refresh now and you are done

Creating your server:–

- Open DarkComet 5

- Click in the orange DarkComent-RAT and hit "Server module"

- In the main setting hit generate few time and leave everything else the same

- Next hit network settings in the "IP/DNS" type in your no-ip info and the same port you used to listen in. Then hit "Add this configuration"

– For Module Startup this is used to start your server

even if the slave turns off their computer. *Skip this if you have a crypter with startup*

- Go to Keylogger and check where it says "Active offline keylogger on server startup"

- Now go to "Build Module" and hit "Build Server" and name this whatever you want. You are done creating your basic server.

Extras:–

- Now to be successful with spreading you will need a crypter.

–––

–

For this tutorial you will need a few things:

– -A Yahoo account: ex: "missjordan12@yahoo.com" make it something that will appeal to guys.

–-Yahoo messenger: http://messenger.yahoo.com/-Basic knowledge of RATS-A crypter-Basic Social Engineering skills-An icon changer-A file binder

Changing your icon– -First you are going to want to change your icon

-Icon packs could be found with google.-Change your servers icon to the .jpg icon

––

–

Binding–

-*This is not required you can skip this part if you want*

–-Bind your server to a picture of a girl (most

preferably a girl, because most of the time, the victim would likely be a boy (a guy), this is where social engineering comes in. the more charm the girl has, the better is the chances of the victim to get traped. The image that is to be used should look real, for example the below:

–

-This picture can be used if wanted. Binding the picture is useful so when the slave opens the file he does not believe it is a virus, its more convincing!

-A file binder can be found with some googling around & extension changer too.

-After the the picture has been binded the the server and the icon is changed rename your server to something like "IMG_281" or "my_boobs". This will be done to make the victim convince that you are likely giving a sexual expression over the internet and you are likely to hang up

and provide a pleasure time with the guy.

Spreading-Open up Yahoo messenger and log in-In the top left it will say "messenger" *click*-Then find "Yahoo! Chat" --> "Join a room"-Find the romance tab -> "adult" -> "married but looking" I always have the best results on here :)-Let it connect then hit enter room

Social Engineering/Spreading-When you enter the room say something in the main chat like "23 f USA looking for a good time guys PM me". People will know what you are saying, because they are active there spending most of there normal days into a chat server. 'F' is for 'female', 'USA' is the country, '23' is the age. Most likely choose the age between 18 to 14 at most, because this is the teenage age, to the mature age where girls would like to get sex pleasure. This works well same the vice versa.

-You will begin to get flooded with PM do not panic.

-When the guys PM you do not simply send them your picture talk to them. Ex:

as you see, you would get many victim offers for you !

Advantages/Disadvantages

-Advantage: you will get many slaves 20-30 an hour just depends on the day, its a fun spreading method, and its easy.

-Disadvantages: Everyone is a pervert.

I'm sure a lot of you know this spreading method but for those who do not I hope this helped you on your way. There are other methods too, for this, visit the appropriate threads at http://openfire-security.net

Countermeasures→ Follow the principles of humanity and get a real life

sex partner and your love mate to make love to.

→ Even there are antiviruses which temporarily protects all the incoming and the outbound traffics, these protections can be easily bypassed by FUD (Fully

Undetectable) techniques

→ Install linux, or any other *nix variant Operating System [OS] which has a better environment. Linux is difficult to target because most of the application (malicious applications) doesn't work on it. It's

generally because there are more fools in planet earth chasing commercial OS with there fake promising security.

→ Be aware and keep yourself up to date about the latest technology releases and the best protecting, this is where

ethical hacking comes into effect.

____________________-: END of PAPER :-

CODED32OpenFire Security

_______________________