by wildCoyote
Written in Delphi
Released in February 2000
wCRAT v1.2b coded by wildCoyote
(aka wC Remote Administration Tool)
Released in 30 Dec 1999 (version 1.0b)
(one day before the world ended...)
And still coding on the 1st January 2000
(what can i say...the world didn't end! :/)
Oh k! This is a simple wIn/LiNuX admining tool
You can compile the client source on linux...or
you can simply use the cgywin compiled source =)
Either way...enjoy! =)
Here are some of the available commands:
wClient v1.2b help Command:
connect/open <host>
disconnect
exec <remote file with full path>
del/delete <remote file with full path>
type <remote file with full path>
get <remote file with full path>
getkeylog
winopen <open win program associated with file>
setwallpaper/wallpaper <path to bmp file on remote machine
remoteprint <path to file on remote machine>
saveclipboard/saveclip <path to remote file>
serial <drive>
maxcolours
username
screenresolution/screenres
ask <question>
reboot
shutdown
These are the available commands for now...
Enjoy them and...try to dont phuck ppl much =)
caus'e..couf couf...that's lame!
Bugs'r'us:
-The compiled version of the client...doenst connect by ip
it just does it by the remote machine's host...
-If..the remote computer as no printer...the server crashes
on a "remoteprint" request (until next reboot)
-Couf couf...after i tested a little bit further..i discovered
that not only the host/ip error happened when compiling with
cgywin! So...dont BUG me with that stuff! =)
I tried all the commands thru linux..and...it worked out pretty
kewl! =)
In fact, some of the commands won't even work 'correctly' due to
the cgywin compiler'"problems"...remember, this was mainly coded
*for* Linux. I just compiled the client with cgywin so you could
try out at least a little bit of the program.
I have also coded a version wich enables you to get a keylog from
the remote machine and a PWL scan...but...the server starts flip-
ing out...so i choosed not to include it on this distribution.
After testing it a little bit further...i saw a "problem" on one
of the machines! :/
Windows was installed on c:\win95\ :P this phucked me up...cause,
the server would install itself onto c:\windows\sysexplor.exe heh
The way to solve thiz at the time..was to create a dir called:
c:\windows\ This is NOT a good thing :P the server was supposed to
be "hidden" not into a directory with nothing on iT! ;P
Next Distribution Stuff...
I'm thinking of adding a option to play the cdrom and to open it
I don't actually see the point of doing thiz cdrom opening shit :P
But...i'm still gona do it =)
After testing it on several computers...i "found" some bugz that
should not exist! I do not know why but...the get/type file option
is not working properly! :/ I will emend it on the next dist...
I will had a option to copy/move files on the remote computer, put
filez onto the remote machine, change date and...some "upgrades"
to some of the existing functions like:
wallpaper <path to remote file> <0-centered/1-tiled>
exec <command on remote machine> [if last parameter=1,
then execute even if
file is not found...]
This last function enables you to use filez that are on the path
of the system and...command.com built'in functions like:
dir, copy, echo....and so on..and so on :P
And, why not do a program/option that removes the server from
the remote machine? :)
Changes/ADD's:
Added a keylogging option...but...not sure if it is workin'correctly
what i mean is...it logs to c:\windows\key.log, BUT, when receiving
the file, it doesnt receive...not on my box it doesnt :/
I'm gettin'more..and more'trouble with functions i dont mess with
for some time now...WEIRD..and i can't understand why :/
the problem functions are the one's that involve getting'a file
from the remote host! Maybe it's because of the keymap on the box'es
not sure...either way...try it out :]
This version includes a extra program to search ip's where the
server is running...this enables you to search for the last field
of a ip...
something like:
lookitup <from ip> <to ip> [0 - Fork into background (default)]
ex.: lookitup 10.0.0.1 10.0.0.256 1
This would search from 10.0.0.1 to 10.0.0.256....
Oh k! Added the server src code :]
The server now hide's itself...
Files included on Release Pack 1.1b.zip...
This distrubtion as included stuff like...
wCServer.exe --> server program! =)
wClientSRC.c --> Source to the wCRAT's client...
LookItUp.c --> LookThemUp program :D
ReadMe.txt --> This File! :P
Server directory --> Server source =)
Components DiR --> Delphi (needed) components
Removal:
Erase c:\windows\sysexplor.exe and...at regedit:
HKEY_LOCAL_MACHINE\Software\Microsoft\Current_version\Run\
delete the sysexplor.exe tag =)
You should 1st remove sysexplor.exe (by DoS) cause, the
server is allways installing itself ;P
Example: You delete the regedit's tag...and...it will add
itself again to it =)
*Important Note*
- This administration tool is on development!
- Ignore any compiling (c) warnings..(if any) =)
- Cgywin's compiled src's...may not work correctly! :[
This is *mainly* *nix'software...so..compile it in a
*nix environment...
Where can i be reached?
Well...i go to irc, every phuckin'day :]
I log on to PtNET (irc.ptnet.org) and usually stick around
#security and #coders
Oh...almost forgot, my nick is wildCoyote :P
Ask for me down at #coders! When you read something like...
<*******> Oh..that fag!
<*******> wC? The phuckin'bx!
<*******> Humph...you mean the phucked'up whore?
Then you'll know you're on the right place! ;D heh
* Warnings *
I'm sorry for those of you who downloaded wCRAT1.1b
at the 1st 2 weeks of FEB at hackers-pt.org :/
I'm sorry but, the compiled progs had a virus...CIH! :|
I didn't have a AV installed...so, i just realised that
pretty L8T! :|
Here's the virus free version =) (tested by NORTON :P)
Btw, i didnt include 3 exec's in this pack...cause...
they wouldnt work correctly :/
I'm talkin'about wClient.exe, LookItUp.exe and..(UPX.exe)
wClient and LookItUp were compiled with cgywin..and..have
some problems...i suggest you compile the SRC's on a *nix
box...and..use them from there! :/
Main problem: They Dont connect by IP just by host...wich
phuckin'SUX for a program wich look's ip's UP ;P
JUST USE IT ON *NIX! =)
Thank you....wC
Server:
c:\WINDOWS\Sysexplor.exe
size: 263.168 bytes
port: 5343 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "MS Windows System Explorer"
MegaSecurity