CollabVM Wikia/Bit's RAT

From Computernewb Wiki
Jump to navigation Jump to search

Bit was the second user to have a working RAT that he owned to work on the VM.

History of the RAT

Surprisingly, he wrote this RAT solely off of a greasemonkey script that was intended for having (minor) control over the user's browser (limited to just remote javascript execution). Somehow, either by having no life, or being a Fag, Bit managed (using a jscript compiler) to get the JavaScript RAT to not send JavaScript to the client machine, but instead, run commands. The RAT's control panel had two homes. In Bit's first iteration of his program, it was hosted at his own site, (some shitty free hosting service). His second, and more improved version was based in Cloud9. The last known link to the console is http://bitbyte-c9users.io/jsconsole . Currently it's white listed, and only the IP(s) of Bit, Ctrl (surprisingly) and CHOCOLATEMAN can send commands through the interface.

Execution of the RAT

Bit's RAT runs in conjunction with two other JS files, all of which depend on each other and make it a lot harder to remove. There is Startup.js, which adds the three scripts to startup. There is SelfRestoringFile.js file that makes sure the other two js files (and itself) never get deleted, and then there is the RAT, RemoteConsole.exe (or the original RemoteConsole.js) file. Inside the jsconsole.js, there's a token, which is used in his web-based jsconsole to send commands. It is currently set to vm-cmd whilst the web version was set to vm-chrome & vm-firefox respectively. To this very day, the RAT remains a crucial part to Bit's existence.