by XSystem
Released in December 2004
Made in Russia
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Backdoor is written for education purposes only!
Author doesn't take any responsibilities for using "X-Rat".
if you dont agree with this message, please remove this backdoor right now!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1. Configuration
Use "X-Rat -setup" enter config mode, you can set:
* 1.Set listen mode (submenu)
1.Set listen port
2.Set access mask
9.View config information
11.Help
0.Back
* 2.Set reverse mode (submenu)
* 1.Set Direct reverse onnection
* 2.Set HTTP path for reverse connection
* 3.Set FTP path for reverse connection
9.View config information
11.Help
0.Back
3.Set passwords (submenu)
1.Set access password
2.Set edit server password
9.View config information
11.Help
0.Back
4.Set notifications (submenu)
1.Set mail notify adress
2.Set mail notify smtp host
3.Set mail notify smtp authentication
4.Set script notify path
5.Set sin notify host
6.Set icq notify uin(NOT IMPLEMENTED!, looking for working method)
9.View config information
11.Help
0.Back
5.Set login banner
6.Set service name
7.Set service display name
8.Set EXE filename
9.View config information
11.Help
0.Complete
ps: the option with "*" blackball each other, only 1 will active.
2. Starting
X-Rat -once - run without installation
X-Rat -install - install and run
X-Rat.exe - default install and run
X-Rat -remove / -debug / -update NOT WORKING RIGHT NOW....
X-Rat -connect ip [port] - connect to host.. if not using X-Rat as client then you will not be able to use File transfeer
X-Rat -listen [port] - listen on port, wait for reverse connection
use help command when connected to get list of commands
addon:
not included but working commands is
ftpserver/ftpd directory port | eg: ftpd c: 81
httpproxy port | eg: httpproxy 3333
redir localport remote_ip remote_port | eg redir 333 microsoft.com 80
lsvc [DRIVERS]
ADDED!
klog [file] - keylogger
ddos IP port delay times maxsockets (use random port 1 or 0) (send data 1 or 0) data
regedit - go to regedit mode..the use help there
socks [port] - start socks5 proxy
httpd port path - start http server
sniff - start sniffer
idle - show user idle hours
getbanner
find what where - finds files and folders
remove command now removes files (need checking under windows 9x)
cdtray OPEN / CLOSE letter - opens or closes specified drive (ex: cdtray open e:)
ident - start ident server
passwords - get ras passwords (beta), looking for source codes for grabbind another passwords from another storages
plugin load / unload / help / exec / list
log list / add / clear /// :)
chat start / msg (not completed... but something is working :))
hook unhook will enable or disable Termination prevention (testing needed) need to remove xHook.dll
remove command must now remove all files services regkeys dlls
FIXED!
port may display incorrectly if is is bigger than 32767
fixed garbage in mainstruct settings
socks5 proxy auth bug
http proxy crash
ftpd crash
tons of bugs :)
File:
MailNotifyText.exe - tool for testing notification with specified smtp server
README!!!.txt - no comments
Sin.exe - tool for notyfing user about notification from X-Rat using sin method (usage: Sin.exe [Port]) in x-rat notify settings define Sin Notify as host or host:port
xTest.zip - simple plugin + SDK
X-Rat.exe - Main exe
XSystem
dropped file:
c:\WINDOWS\system32\Rat.exe
size: 60,928 bytes
port: 20888 TCP
added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_X-RAT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X-Rat
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_X-RAT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\X-Rat
tested on Windows XP
January 05, 2005
MegaSecurity