DarkComet Setup Manual v3.3

possibledisastrousSecurity

Dec 9, 2013 (3 years and 6 months ago)

93 views


DarkComet Setup Manual v3.3
“31337 Edition”
By D.
Introduction
This manual is written to help you get set up with DarkComet RAT, and was written

using version 3.3.
Getting started with your RAT you need to do the following things, which I will NOT

go into in this guide.
1.
You need to set up No-IP account and have the No-IP DUC. I may or may not

describe this in another manual in this collection, I do not know yet if it is

worth my time.
2.
You also need to know how to forward a port on your router, use guides from

www.portforwarding.com
to help you do this.
3.
Alternatively, you can use a VPN to “Forward Ports”, I suggest using

OpenVPN on a VPS and connecting via that, however people have also used

ProXPN. I plan to write basic guides for both of those products later.
4.
Download DarkComet ONLY from the official website! It can be found at

http://darkcomet-rat.com/
other version may be backdoored!
5.
You also require a brain.
Now that you have completed those steps, you can move on to the fun part – actually

starting to use this powerful Remote Administration Tool!
Distribute at will! I take no responsibility for use of this information.
Step One
First, open the DarkComet Client tool (execute it as administrator and allow it access

to networks) and look at it, then go to the “Edit Server” tab. If you want to change the

port used, I can get to that later. It is in “”Listen”. By default, it uses port 1604.
Select “Edit Server Module” and we can begin! It should look like this...
Distribute at will! I take no responsibility for use of this information.
Step Two
Now you can choose here to change password and select to use one

(RECOMMENDED), and also change the mutex to something unique. Once this is

done, click the “Network Settings” tab...
In here, in the IP/DNS box, insert the NO-IP DNS you have chosen and the port. I

just used 127.0.0.1 as this is a localhost test ONLY.
You can also change the port.
Once you input the correct DNS, click “Add this configuration”.
I normally add several different dynamic DNS's for it, because if one gets banned or

null-routed I want a backup!
Distribute at will! I take no responsibility for use of this information.
Step Three
Click the tab “Module Startup” and select the settings you want for your RAT's

Installation/Persistance.
Appdata is a good place for installation, and I normally select all the boxes, so that I

know all its “Getting stuck deep in their system” functions are enabled!
Here is a screenshot of my (fairly standard) configuration...
Distribute at will! I take no responsibility for use of this information.
Step Four
Select the “Install Message” tab if you want, I never bother. However a fake error is

sometimes good if you want to use the fake program ruse... I just ignore this – I

prefer SILENT installation :)
I wont screencap this, it is a waste of time. You will know how to work it...
Step Five
Select the “Module Shield” tab, and proceed to happily tick ALL the boxes. This

basically makes it harder to get rid of... It makes for greater persistence :)
Distribute at will! I take no responsibility for use of this information.
Step Six
Select “Keylogger” and input the settings you want. I do not have a FTP server set up

at the moment so I have not bothered with this step! It is pretty self explanitory

though... Maybe I write about it later on...
Step Seven
Hosts File: If you want to edit hosts file (perhaps to block AV sites?) use this. I did

not bother with this either here... Hence no screencap. But it is a VERY useful

setting :) Maybe I can write about it later on...
Step Eight
Choose Icon: Just choose an appropriate icon for your malware! I am not going into

this either... I just use whatever one suits the target I am testing on that particular day

of the week.
Step Nine
Add Plugins: No Plugins available yet... So I ignore...
Step Ten
File Binder: This is important if you are binding your server.exe to something. But I

am not (yet) so I will not bother either... Just good to know it is there!
Step Eleven
Build Server: Select preferred file extension and compression method and build it!
Again, waste of time to go into detail on this.
Step Twelve
Now you install it wherever you need it, spread it, etc. This is outside the scope of

this manual, so I leave it up to you to crypt it (make it FUD) and spread it or

whatever. AS-IS it IS detected by AV software. Now I am going to show you some

features this RAT has in the next few steps!
Distribute at will! I take no responsibility for use of this information.
Step Thirteen
Ok, so our RAT is running in the “target” system (in this I am running it on localhost)

and it shows up in the client like so... You get a popup in your taskbar telling you it is

running :)
At this point, we are ready to begin exploring the various functions of this RAT!
Step Fourteen
Right click on your victim and select “Open Control Centre” to gain access to a

whole bunch of fun stuff to play with... I will get into each of those in a moment :)
Here is what control center looks like...
By default it shows system info...
Step Fifteen
Now that we got System Info covered, lets explore the “Fun Menu” of this RAT...
This step will go through each of the things under “Fun” one at a time, so it may take

a while :) (Disregard that, if you cannot work it out you need to be shot!)
This is the “Fun Manager”
You get yourself some simple enough “fucking with victims” shit here, useful for

messing about but to me... Not so interesting maybe. I move on!
Now “System Functions” looks a LOT more fascinating!
Here you can edit their registry, uninstall shit, get a remote shell, etc. It is useful :)
Remote Msconfig is also interesting to experiment with, gives you some insight into

how much control you have over the box.
More interesting again is the remote scripting – you can write scripts and have the

remote computer execute them, in Batch, VBS or HTML, meaning you can do

ANYTHING!
Distribute at will! I take no responsibility for use of this information.
File manager: It allows you to look through and steal their shit, basically. In this

screenshot we are looking at some fun things in my hard drive :)
Distribute at will! I take no responsibility for use of this information.
Stored Passwords – Similar to a stealer I think, obviously my passwords are NOT in

there as I do not store any.
MSN Control: Essentially, hijack their MSN. As I dont really use IM, nothing here

either :P
Spy Functions: Remote Webcam Viewer: (I uninstalled webcam drivers, good luck!)
Spy Functions: Remote Desktop: It never works on my computer and I do not know

why... Oh yeah... My broken windows installation xD
Spy Function: Keylogger. Lets see does my anti-keylogging work?
Evidently it does!
Network Functions: AKA “Lets investigate the targets intranet...”
Useful tools in here, figure them out yourselves :)
The rest (here) is just funny shit that I leave for the user to explore. Now lets examine

other shit we can do...
Distributed Denial of Service and other tools...
(oh, I meant stress testing...)
ok, this concludes a BRIEF overview of the DarkComet Functionality... I may come

back and write more later!
Disclaimer: I do not accept any liability for damages caused by the use of the infodox

in this manual. It is merely a guide to using a remote administration tool which can

prove useful to the penetration tester in some situations.