Hacking Tools

Powershell-RAT | A Backdoor Tool to Extract Data via Gmail

Powershell-RAT is a Python and Powershell script tool that has been made to help a pen tester during red team engagements to backdoor Windows machines. It tracks user activity using screen capture and sends the information to an attacker as an e-mail attachment. The tool is FUD as of Black Hat 2019, you can find the presentation slides HERE.

Installation


This tool requires Python3 and a windows machine
1 – Go to Github Repository

2 – Download as ZIP
3 – Extract Here

4 – Content of the file

5 – Before running the script change those values with your newly created Gmail Account details in Mail.ps1
$username $password
and $msg.From and $msg.To.Add with throwaway Gmail addresses

Usage

1 – Open CMD with admin privileges and navigate the Powershell-RAT Folder
For me, it will look like this

2 – Execute the script

3 – Let’s try HailMary for a quick Backdoor option
Write: “8” to choose Hail Mary

4 – After Choosing "8" You will get something like this

5 – We can open task schedulers in Windows to check the task created

As we can see the backdoor is successfully executed in the victim machine

What Bunny Rating Does it Get?


Pros

– Stealthy
– Easy to Use
– Many useful options

– Requires “Allowing Gmail for a less secure app ” In order to work
– Needs more Features

Comments
To Top

Pin It on Pinterest

Share This