Become King Of Hell

POWERSHELL-RAT [Receive Data Via Email] [No PortForwarding]

P

PacMan

New member
#1
Joined
Jan 16, 2022
Messages
7
Location
egypt
Hellcoins
♆111
QUOTE:
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used as a Windows backdoor to send screenshots or other data as an e-mail attachment
Click to expand...


Powershell-RAT - Gmail Exfiltration RAT





This RAT will help you during the red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.


It claims to not need Administrator access and is not currently detected by Anti-virus software.
How to setup Powershell-RAT Gmail Exfiltration RAT

  1. You need a throwaway Gmail email address
  2. Then enable “Allow less secure apps” by going to https://myaccount.google.com/lesssecureapps
  3. Modify the $username & $password variable for your account in the Mail.ps1 Powershell file
  4. Modify $msg.From & $msg.To.Add with the throwaway Gmail address
How I do use Powershell-RAT Gmail Backdoor?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine
  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script
  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore
  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send a screenshot as an attachment to exfiltrate data
  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA
  • Press 6: This option deletes the screenshots from a user machine to remain stealthy
  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF
  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. An attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes
  • Press 9: Exit gracefully from the program or press Control+C
You must reply before you can see the hidden data contained here.
 
B

bsrppp

Member
#6
Joined
Jun 8, 2023
Messages
56
Hellcoins
♆91
DR-FARFAR said:
Powershell-RAT - Gmail Exfiltration RAT





This RAT will help you during the red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.


It claims to not need Administrator access and is not currently detected by Anti-virus software.
How to setup Powershell-RAT Gmail Exfiltration RAT

  1. You need a throwaway Gmail email address
  2. Then enable “Allow less secure apps” by going to https://myaccount.google.com/lesssecureapps
  3. Modify the $username & $password variable for your account in the Mail.ps1 Powershell file
  4. Modify $msg.From & $msg.To.Add with the throwaway Gmail address
How I do use Powershell-RAT Gmail Backdoor?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine
  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script
  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore
  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send a screenshot as an attachment to exfiltrate data
  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA
  • Press 6: This option deletes the screenshots from a user machine to remain stealthy
  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF
  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. An attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes
  • Press 9: Exit gracefully from the program or press Control+C
[Hidden content]
Click to expand...
Okkkkkkk
 
E

enes0121

Member
#7
Joined
Sep 10, 2023
Messages
33
Hellcoins
♆42
DR-FARFAR said:
Powershell-RAT - Gmail Sızma RAT'ı





Bu RAT, kırmızı ekibin herhangi bir Windows makinesine arka kapı açması sırasında size yardımcı olacaktır. Ekran görüntüsünü kullanarak kullanıcı etkinliğini izler ve bilgileri saldırgana e-posta eki olarak gönderir.


Yönetici erişimine ihtiyaç duymadığını iddia ediyor ve şu anda Anti-virüs yazılımı tarafından algılanmıyor.
Powershell-RAT Gmail Exfiltrasyon RAT nasıl kurulur

  1. Tek kullanımlık bir Gmail e-posta adresine ihtiyacınız var
  2. Daha sonra https://myaccount.google.com/lesssecureapps adresine giderek "Daha az güvenli uygulamalara izin ver" seçeneğini etkinleştirin
  3. Mail.ps1 Powershell dosyasında hesabınız için $username & $password değişkenini değiştirin
  4. $msg.From & $msg.To.Add öğelerini tek kullanımlık Gmail adresiyle değiştirin
Powershell-RAT Gmail Arka Kapısını nasıl kullanırım?

  • 1'e basın: Bu seçenek, Set-ExecutionPolicy Unrestricted kullanılarak yürütme politikasını sınırsız olarak ayarlar. Bu, yönetici makinesinde faydalıdır
  • 2'ye basın: Bu, Shoot.ps1 Powershell betiğini kullanarak kullanıcı makinesindeki mevcut ekranın ekran görüntüsünü alır.
  • 3'e basın: Bu seçenek, schtasks kullanarak kullanıcı makinesinin arka kapısını açar ve görev adını MicrosoftAntiVirusCriticalUpdatesCore olarak ayarlar.
  • 4'e basın: Bu seçenek, Powershell kullanarak kullanıcı makinesinden bir e-posta gönderir. Bunlar, verileri dışarı çıkarmak amacıyla ekran görüntüsünü ek olarak göndermek için Mail.ps1 dosyasını kullanır
  • 5'e basın: Bu seçenek, schtasks kullanarak kullanıcı makinesinin arka kapısını açar ve görev adını MicrosoftAntiVirusCriticalUpdatesUA olarak ayarlar.
  • 6'ya basın: Bu seçenek, gizli kalmak için ekran görüntülerini kullanıcı makinesinden siler
  • 7'ye basın: Bu seçenek, schtasks kullanarak kullanıcı makinesinin arka kapısını açar ve görev adını MicrosoftAntiVirusCriticalUpdatesDF olarak ayarlar.
  • 8 tuşuna basın: Bu seçenek, yukarıdakilerin tümünü klavyedeki 8 tuşuna tek bir tuşla basarak gerçekleştirir. Saldırgan her 5 dakikada bir e-posta eki olarak ekran görüntüleri içeren bir e-posta alacaktır . Ekran görüntüleri 12 dakika sonra silinecek
  • 9'a basın: Programdan zarif bir şekilde çıkın veya Control+C tuşlarına basın
[Gizli İçerik]
Click to expand...
DA
 
R

Rhydla

Member
#9
Joined
Sep 9, 2023
Messages
69
Hellcoins
♆129
DR-FARFAR said:
Powershell-RAT - Gmail Exfiltration RAT





This RAT will help you during the red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.


It claims to not need Administrator access and is not currently detected by Anti-virus software.
How to setup Powershell-RAT Gmail Exfiltration RAT

  1. You need a throwaway Gmail email address
  2. Then enable “Allow less secure apps” by going to https://myaccount.google.com/lesssecureapps
  3. Modify the $username & $password variable for your account in the Mail.ps1 Powershell file
  4. Modify $msg.From & $msg.To.Add with the throwaway Gmail address
How I do use Powershell-RAT Gmail Backdoor?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine
  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script
  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore
  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send a screenshot as an attachment to exfiltrate data
  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA
  • Press 6: This option deletes the screenshots from a user machine to remain stealthy
  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF
  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. An attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes
  • Press 9: Exit gracefully from the program or press Control+C
[Hidden content]
Click to expand...
p
 
A

alav

Member
#12
Joined
Oct 11, 2023
Messages
64
Hellcoins
♆87
DR-FARFAR said:
Powershell-RAT - Gmail Exfiltration RAT





This RAT will help you during the red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.


It claims to not need Administrator access and is not currently detected by Anti-virus software.
How to setup Powershell-RAT Gmail Exfiltration RAT

  1. You need a throwaway Gmail email address
  2. Then enable “Allow less secure apps” by going to https://myaccount.google.com/lesssecureapps
  3. Modify the $username & $password variable for your account in the Mail.ps1 Powershell file
  4. Modify $msg.From & $msg.To.Add with the throwaway Gmail address
How I do use Powershell-RAT Gmail Backdoor?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine
  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script
  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore
  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send a screenshot as an attachment to exfiltrate data
  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA
  • Press 6: This option deletes the screenshots from a user machine to remain stealthy
  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF
  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. An attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes
  • Press 9: Exit gracefully from the program or press Control+C
[Hidden content]
Click to expand...
xz
 
You must log in or register to reply here.
Top