X RAT (d)
(Backdoor.Win32.XRat.d)

by XSystem

Released in October 2004

Made in Russia

more versions 


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Backdoor is written for education purposes only!
Author doesn't take any responsibilities for using "X-Rat".

if you dont agree with this message, please remove this backdoor right now!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

1. Configuration

  Use "X-Rat -setup" enter config mode, you can set:
  
* 1.Set listen port
  2.Set access password
  3.Set edit server password
  4.Set login banner
  5.Set service name
  6.Set service display name
  7.Set EXE filename
* 8.Set Direct reverse onnection
* 9.Set HTTP path for reverse connection
  10.View config information

  11.Help
  0.Complete

  ps: the option with "*" blackball each other, only 1 will active.

2. Starting

X-Rat -once - run without installation
X-Rat -install - install and run
X-Rat.exe - default install and run
X-Rat -remove / -debug / -update NOT WORKING RIGHT NOW....
X-Rat -connect ip [port] - connect to host.. if not using X-Rat as client then you will not be able to use File transfeer
X-Rat -listen [port] - listen on port, wait for reverse connection

use help command when connected to get list of commands

addon:
not included but working commands is

ftpserver/ftpd directory port | eg: ftpd c: 81
httpproxy port | eg: httpproxy 3333
redir localport remote_ip remote_port | eg redir 333 microsoft.com 80

XSystem  


dropped file:
c:\WINDOWS\system32\Rat.exe
size: 35,063 bytes 

port: 20888 TCP

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_X-RAT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X-Rat
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_X-RAT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\X-Rat



tested on Windows XP
January 05, 2005
MegaSecurity