CrunchRAT currently supports the following features:
It is currently single-threaded (only one task at a time), but multi-threading (or multi-tasking) is currently in the works. Additional features will be included at a later date.
The server-side of the RAT uses PHP and MySQL. The server-side of the RAT has been tested and works on the following:
Once the latest RAT code has been downloaded, there will be three directories:
Setupdirectory, there are two dependencies setup shell scripts. If you are using Ubuntu 15.10 run
sh 15_10_dependencies.sh, and if you're using Ubuntu 16.04 run
sh 16_04_dependencies.sh. Note: This needs to be run as root . Failure to run with root privileges will result in an error.
https_setup.shshell script with the
Setupdirectory to automate the HTTPS setup. Note: This needs to be run as root . Failure to run with root privileges will result in an error. When asked to fill out the certificate information (Country Name, etc), please fill out all information. Snort rules already exist to alert on the dummy OpenSSL certificates. Don't be that guy that gets flagged by not filling out this information.
database_setup.shshell script within the
Setupdirectory to setup the MySQL database.
admin:changemecredentials. Please log into the web end of the RAT and change the default password. Once logged into the web end of the RAT, go to
Change Passwordto successfully change the default password to something more complex. Additional RAT users can be provisioned using
Serverdirectory to the webroot.
downloadsdirectory as well. Note: It is absolutely critical that you don't put this folder in the webroot . I typically create this directory in the
/home/<USERNAME>directory. You will want to make sure that
www-datacan access this directory with the following command
sudo chown www-data:www-data downloads. This directory will store all of the files downloaded from the infected system(s).
config/config.phpfile. This is the main RAT configuration file. Make sure that you update all of the variables (downloadsPath, dbUser, dbPass, etc) to match your environment.
CrunchRAT is written in C# for simplicity. The C# binary does not have a persistence mechanism in place, but plans to write a C++ stager are currently in the works.
Targeted Framework: .NET Framework 3.5 (enabled by default on Windows 7 systems)
Clientdirectory and add it to the project.
Windows Application(this will hide the command window) (
.NET Framework 3.5.
c2- Change this variable to the IP address or domain name of the C2 server