Primary Use Case

DRat is designed for remote administration in environments where traditional centralized servers are not feasible or desired, providing a decentralized approach to command and control. It is suitable for system administrators or security professionals who need to manage endpoints remotely via Telegram groups and distribute configurations securely using ENS domains.

Key Features

Decentralized remote control via Telegram groups without a central server

Configuration file distribution through Ethereum Name Service (ENS)

Built-in proxy support to overcome Telegram access restrictions

Cross-platform support for Windows and Linux (Ubuntu 22.04 tested)

Remote command execution with automatic session management

System information retrieval and remote restart/shutdown capabilities

Insights & Recommendations

This tool requires registering an ENS domain on the Ethereum Goerli testnet and setting up a Telegram bot with group access. It includes proxy support due to Telegram access restrictions. Some advanced features like credential dumping and file transfer are currently not implemented. The project is intended strictly for educational and authorized use; misuse may lead to legal consequences.

Installation

git clone https://github.com/SpenserCai/DRat.git
Install MetaMask browser extension and create an Ethereum account
Obtain test Ether from Goerli Faucet for ENS domain registration
Switch MetaMask network to Goerli testnet
Register an 8-character ENS domain at https://app.ens.domains/
Create a configuration JSON file with Telegram bot token, chat ID, proxy settings, and ENS domain
Upload the encrypted configuration to the ENS domain description using encode_config.py or DRatConfig tool
Build the tool using python build.py <ENS配置> cli/windows or cli/linux depending on platform
Run the compiled DRat client and test commands via the configured Telegram group

Usage

/help

Displays help information about available commands

/rce start

Starts a remote command execution session

/rce stop

Stops the remote command execution session

/rce <command>

Executes a specified command remotely, auto-starting the session if not already active

/sysinfo

Retrieves system information from the endpoint

/restart_drat

Restarts the DRat client

/shutdown_drat

Shuts down the DRat client

Smart Usage Notes

Leverage DRat's decentralized C2 to simulate advanced persistent threats in red team exercises without relying on centralized infrastructure.Integrate DRat with existing SIEM tools to enhance detection of decentralized command and control channels.Use DRat's ENS-based configuration distribution to test resilience of endpoint configuration management processes.Deploy DRat in purple team scenarios to improve collaboration between offense and defense by demonstrating novel C2 techniques.Combine DRat with endpoint detection tools to develop automated response playbooks targeting decentralized remote control attempts.

OpenSec Atlas

DRat

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like