10/02/2012

LOVELY PROFESSIONA L UNIVERSITY

CASE STUDY

Remote Access Trojan(RAT) | Jatinder Kumar

CAP- 612 Modren programming Tools And Technique-II TOPIC:-Remote Access Trojan(RAT)

COURSE INSTRUCTOR:-Avinish Kumar Kumar COURSE CODE:-CAP-612 A10 SECTION NO:-D1803

COURSE TUITOR:- Avinish STUDENT ROLL-NO.:-

DECLARATION:I declare that this TERM PAPER is my individual work. I have not copied from any other students work or from any other source except where you acknowledgement is made explicitly in the text nor has any part being written for me by another person.

EVALUATORS COMMENT:STUDENTS SIGNATURE: Jatinder Kumar

MARKS:-

OUT OF:-

Index
1. Project Name and Description

2.

Abstract
3. Present System Drawbacks of present system Proposed system Objective of the proposed system Advantage of proposed system Sources of information Goals of the project 4. Problem definition Function to be provided Processing environment Solution strategy Feasibility Analysis

Programming language and development tools Project Plan 5. Software requirement Analysis Programming language and development tools System requirements Hardware requirements Software requirements 6. Design System Design System DFDS 7. Testing Code testing Integrated testing Functional testing Performance testing 8. Implementation Implementation of the project Conversion Plan 9. Current status of project Remaining area of concern 10.Source code 11.Bibliography

ABSTRACT

The project title is Remote Access Trojan (RAT). Under this project I have developed a RAT(Remote Access Trojan) .This enables us to access and monitor victim machine remotely without user acknowledgement. The project is divided in two parts namely:server and client applications.

Today computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding cracking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise. There is very much need of some tools to monitor such criminals. So that we can trace their activity and hence stop them before they perform some harmful activity to

others. There are some cases when we knows that who had done some criminal activity, but regards of this we are not able to punish them, because of the lack of strong evidences. Therefore some tools are necessary to collect enough evidences to punish such criminals. Today everybody is using computers for many tasks even few aged kids are using computers most of the time. So how can You ensure and control such kids from any illegal activity, like to know whether they are accessing any harmful contents on computers such as porn sites. In fact , due to huge usage of computers there is also problem arises of how to control and monitor activities that are going to do with the help of computers.The answer of this question is Some tools ( computer programs) that enable us to make this possible. I have tried my best to make the complicated process of monitoring victims computersas simple as possible using Structured & Modular technique & Menu oriented interface. I have tried to design the software in such a way that user may not have any difficulty in using this package & further expansion is possible with much effort. Even though I cannot claim that this work to be entirely exhaustive, the main purpose of my exercise is to gain unauthorized access to victim computer online way rather than manually which is time consuming and some time impossible to gain access physically.

PRESENT SYSTEM
Almost every home, office, or school has a computer of some kind these days. It may seems at first that having a computer brings only benefits, but further consideration shows that it also has disadvantages. In todays technological advancements there are many online application packages. Even the banking transactions take place online. OLTP On Line

Transaction Processing has emerged as a fundamental aspect in every bodys life. Hence the use of facilities may also prove troublesome. Cyber crime is a hot topic these days. Hackers and crackers are the people who gain unauthorized access to the system via internet or physically by stealing in the premises. There are many laws and legislations for computer related issues. In present , everyone is using computers for various reasons. Its 100% true that present computers are not completely safe from various threats.They are widely used for various crimes. The major reasons for criminal activity in computers are: 1. Unauthorized use of computers mainly stealing a username and password 2. Accessing the victims computer via the internet 3. Releasing a malicious computer program that is virus 4. Harassment and stalking in cyberspace 5. E-mail Fraud 6. Theft of company documents. Moreover children might be using the internet to access pornographic material. Children are also easy target for sexual offenders who chat online with them and then make plans to meet them or slowly filter information about them. In fact there are very low control on these activities and more and more system are vulnerable against security threats. An increasing number of domestic and international criminal activities are using the Internet. Computers and other electronic devices can be tools to commit crime or are targeted by criminals. A personal computer connected to the Internet without protection may be infected with malicious software in under a minute. This briefing discusses the scale and nature of computer crime, the technologies available to protect computers, and highlights the key policy challenges. The increasing range of programmable electronic devices,from set-top TV boxes to mobile phones, means that computer crime can affect more than just personal computers (PCs). They and other electronic devices are particularly

vulnerable to attack because they are flexible, can be reprogrammed, and are networked with other devices. Some attacks do not have a specific target. However, attacks against specific computers or groups of computers are becoming more common. Home computer users, organisations with large networks of computers, or entire infrastructures may be targeted. Attackers using computers may also attempt to damage the functioning of the Critical National Infrastructure (CNI) which includes emergency services, telecommunications, and finance, all of which rely on IT. Many CNI systems which were once isolated are now connected to the Internet, increasing their vulnerability. There has been speculation over the prospect of terrorists using electronic attacks to target computer systems and networks. According to the National Infrastructure Security Coordination Centre (NISCC) the probability of terrorists carrying out an electronic attack against the CNI is currently low compared with other risks such as using explosive devices, although the NISCC points out that threats can change quickly.

Drawbacks Of Existing System

There is limited awareness of computer security among home as well as business users. Inadequately protected computers can be easy targets for unauthorised users. There are several technologies available to improve computer security but their effectiveness may be limited without user awareness and education. Computers are increasingly being targeted by criminalsor used as tools to commit old and new types of crime. attempt to access information stored on a computer.Information may have a sale value (corporate espionage), may be valuable to the owner (ransom opportunity) or may be useful for further illegal activity such as fraud. Try to impede or alter the functioning of the computer itself. Also, if a computer can be controlled it can be used to send spam, host illegal content, or conduct further attacks. writing a virus (a type of malicious software or malware,) to delete stored data. Terrorists using electronic attacks to target computer systems and networks. Fraud artists have used letters and newspapers to trick victims into giving away money for nothing; naturally, todays confidence tricksters use e-mail and the World Wide Web for similar purposes.

PROPOSED SYSTEM
The proposed system is developed mainly to monitor any computer remotely over a network. The proposed system is very useful in monitoring victim computers to detect and collect enough proof against victim to punish him. It provides remote access to victim computer without their prior knowledge and runs in the stealth mode, so that victim never knows that someone is spying on them. In order to develop the software for System Hacking Tools we have used the structural and modular programming approach. Structural programming means dividing the main procedure into number of small procedures. The main use of this programming is that, if there are errors in one program, we do not need to change the whole program.

Proposed system has simple to use graphical user interface , so that anyone can use it without much difficulty and confusion, even if they do not have much knowledge about computers and networking etc.

Proposed system opens an entery point on victim computer through which we can gain access to that computer.

Proposed system have the features:-

Can detect victim ip and send it to e-mail id , so that we can connect to them using that ip address. There is no need to get victim ip address physically gaining access to victim computer.

Can get victim computer information like their username ,windows platform, active directory etc.

Can capture and record the keystrokes of victim typed in his computer Can handle victim process remotely Can capture victim screenshots of victim computer and send it remotely Can ping the victim computers

OBJECTIVES OF THE PROPOSED SYSTEM

The new system has the basic objective of being efficient and user friendly. The main areas, which should be considered while setting objectives, are budget, schedule and performance standards.

Following are the objectives of the new system: To security audit job less complex.
To spread general awareness to computer users in an efficient and easy

manner To enable user to check system security and vulnerability To monitor criminals activity To control cyber crimes To control terrorists activity by monitoring their activity
To collect enough proofs to punish criminals Evidence tracking can be

based on examining and observing the physical locations as well as based on thorough examination of data or information. To monitor kids activity on computers Provide remote access to the computer that is not physically accessible.

ADVANTAGES OF THE PROPOSED SYSTEM:

Proposed system have following advantages: -

TIME SAVING: It saves a lot of time. Its GUI is very simple and attractive

that can be handled easily. EASY TO CHANGE: This program can make the changes easily. There are no complications in our project. EASY TO UNDERSTAND: Language used is easy to understand for a layman. EASY TO HANDLE: It is easy to handle. It gives all the messages on the screen, which are to be followed.
a) CHANCE OF ERRORS: Exception handling is available in every

modules.
b) SECURITY: Fully undetectable by all of the major antivirus

SOURCES OF INFORMATION

The basic aim of the problem analysis is to obtain a clear understanding of the needs of the clients and the user, what exactly is desired from the software, and what the constraints on the solution are. Analysis leads to actual specification.

Analysis involved interviewing the clients and end users. These people and the exiting documents about the current mode of the operation are the basic sources of information for the analysis. Typically, analysts search a problem by asking questions to the clients and the users and by reading existing documents. The process of obtaining answers to the questions that might arise in an analysts mind continues until the analyst feels that all information has been obtained.

I learnt about the various comuter security threats on various websites.I got some details by examining some users. I gathered information from the Remote Access Trojan (RAT) currently used. We conducted meetings with my friends, classmates and teachers to know furthermore about the system. I also attended various seminar on computer security and ethical hacking. This helped me in deeply understanding various cyber attacks and hacking tools available currently.

In short, the source of my Project depends upon the seminar , workshops on computer security and interviews or meeting with the classmates, friends and teachers.

GOALS OF THE PROJECT

To security audit job less complex. To spread general awareness to computer users in an efficient and easy manner To enable user to check system security and vulnerability To monitor criminals activity To control cyber crimes To control terrorists activity by monitoring their activity To collect enough proofs to punish criminals Evidence tracking can be based on examining and observing the physical locations as well as based on thorough examination of data or information. To monitor kids activity on computers Provide remote access to the computer that is not physically accessible.

SYSTEM REQUIREMENTS

PROBLEM DEFINATION
In todays technological advancements there are many online application packages. Even the banking transactions take place online. OLTP On Line Transaction Processing has emerged as a fundamental aspect in every bodys life. Hence the use of facilities may also prove troublesome. Cyber crime is a hot topic these days. Hackers and crackers are the people who gain unauthorized access to the system via internet or physically by stealing in the premises. There are many laws and legislations for computer related issues. In present , everyone is using computers for various reasons. Its 100% true that present computers are not completely safe from various threats.They are widely used for various crimes. The major reasons for criminal activity in computers are: 1. Unauthorized use of computers mainly stealing a username and password 2. Accessing the victims computer via the internet 3. Releasing a malicious computer program that is virus 4. Harassment and stalking in cyberspace 5. E-mail Fraud 6. Theft of company documents. Moreover children might be using the internet to access pornographic material. Children are also easy target for sexual offenders who chat online with them and then make plans to meet them or slowly filter information about them.

FUNCTIONS TO BE PROVIDED
The project on Remote Access Trojan (RAT) is divided into two parts:1. Server: This opens a tcp/ip port on victim computer and listens for any incoming connections.On any incoming connection for it accept the connections and provides a network stream for data transfer. It has several functions which performs a particular task. On its intial execution it marks its entry in the windows registry so that it can run every time user loges on to his account. It also sends victim ip address to a particular e-mail id. It then receives commands from client , perform tasks and then returns the result to client application. 2. Client: Client enables to connect to victim using his ip and port address. Once connection is established , it can perform following tasks: Can detect victim ip and send it to e-mail id , so that we can connect to them using that ip address. There is no need to get victim ip address physically gaining access to victim computer. Can get victim computer information like their username ,windows platform, active directory etc. Can capture and record the keystrokes of victim typed in his computer Can handle victim process remotely Can capture victim screenshots of victim computer and send it remotely Can ping the victim computers

PROCESSING ENVIRONMENT

HARDWARE & SOFTWARE PROFILE:

HARDWARE CONFIGURATION

PROCESSOR

P -IV

MEMORY

512 MB

HD CAPACITY

80 GB

NETWORK INTERFACE CARD:

ANY

SOFTWARE CONFIGURATION

OPERATING SYSTEM

MICROSOFT WINDOWS

BACK END

NOTHING

FRONT END Framework

VISUAL STUDIO 2010 : .net 2.0

INTERNET CONNECTION IS REQUIRED

SOLUTION STRATEGY

The problem of monitoring and collecting crime proofs against victim is solved in proposed system. proposed system provides various tools to meet these objective.

Monitoring and crime proofs collecting using below tools:

Proposed system provides process handling tool using which we can see what task is performing victim. we can run new task and kill process of victim. Disk drive tool allow us to view information stored on victim computer. we can upload download, delete information from victim computer Kelogger tools allows us to log keystroke of victim Screen capture tool allow us to view real time computer screen of victim computer Info tool allow us view victim computer name,windows version, avtive partition etc

FEASIBILITY STUDY

A Feasibility study is a test of a system proposal according to its work ability, impact on the organization, ability to need users and effective use of resources. Its objective is not to solve a problem but to acquire a sense of its scope. This type of study clearly specifies that the project should be taken up or not. It focuses on three main questions: 1. What are the users requirements and how does the system meet them? 2. What resources are available for system? 3. What will be the impact of this system on the organization? How well the system will do according to its workability?

The result of the feasibility study is the formal proposal, which is the report with the detail of the problem. It includes three major steps: -

1. OPERATIONAL FEASIBILTY:

People are inherently resistant to change and computer has been known to facilitate change. An estimate should be made of hoe strong a reaction the user staff is likely to have toward the development of computerized system. It is common knowledge that a computer installation has something to do with turnover, transfers, retraining and changes in employee job status. Therefore, it is understandable that the introduction of a proposed system requires special effort to educate and train the staff in new ways.

The proposed system have easy to use graphical interface ,so that anyone can use it without much effort and training.it is included with built in help file,so it is fully operationally feasible.

2. TECHINACAL FEASIBILTY:

It is defined as availability of suitable technology to support the solution and adequate expertise to develop the solution. Also it must be possible to implement the solution within a reasonable time. The variables used in different programs make system quite flexible because they can change as when required. The proposed system works on tcp/ip protocol which is widely used in networking and is a international standered.it is sure that this protocol is going to use for a long time. proposed system requires very low hardware and software configuration . therefore proposed system is completely technically feasible. 3. ECONOMIC FEASIBILITY:

Economic feasibility is the most frequently used method for evaluation the effectiveness of a proposed system. More commonly known as Cost/Benefit analysis, the procedure is to determine the benefits and savings that are expected from a candidate system and compare them with costs. If benefits outweigh cost, then the decision is made to design and implement the system. The proposed system required hardware and software are very common in use today. so It is quite cost effective because limited resources are required to run.

PROGRAMMING LANGUAGE AND DEVELOPMENT TOOLS

In developing this project, we have used Microsoft Visual studio as the Front End.The dot net framework is essential things to run the proposed system.

We used Visual studio 2010,because it is very easy to use and is effective graphical user interface. The programmer can easily understand the working of this programming language. C# programming language is somewhat easy and provides complete set of classes to develop good application mainly for windows.it also includes a help file , using which we can understand various programming concept easily with examples.

SYSTEM REQUIREMENT SPECIFICATIONS

In a situation where we have to gain remote access many of the concept and needs can be understood by observing the current practices. For such systems the requirements of the problem is complicated by the fact that the need and the requirements of the system may be known even to the users. They have to be visualized and created. Hence identifying requirements necessarily involves specifying what some people have in their mind. The requirements phase translates idea in the mind of the clients into a formal document. The requirement phase includes two types of requirements namely:

the

Hardware Requirements: It helps us in analyzing the H/W configuration of proposed system such as CPU, Mother Board, HDD, RAM, and MONITOR.

SOFTWARE REQUIREMENT: After assembling the system will require S/W to turn on, which would include operating systems/W

package, supporting S/W, anti-virus.

SYSTEM REQUIREMENTS

The software package requires the following configuration on which it is to be inserted: MICROPROCESSOR : Dual Core

RAM

: 512 MB

DISPLAY TYPE

: SVGA

MOUSE

: Optical

HARD DISK DRIVE

80 GB

HARDWARE REQUIREMENTS The requirements for the new proposed system are as follows: Central Processing Unit (CPU): The CPU is normally identified by the three things namely; Mother Board: Hard Disk: Three things are considered while looking for hard disk namely: Fast Speed Tons of storage space Low price Clock Speed The Brand Manufacturer Name For e.g. Dual Core 2.0 Ghz

The choice of hard disk will depend on the size we require, the budget and the factors that affect its performance. Monitor: Our option is standard 17 color HD- SVGA Monitor.

Keyboard: Soft keys keyboard are selected so that the dust doesnt get into keys and make them loss effective and plastic cover is opted for and coffee spills id is also selected. Mouse: Samsung Optical mouse is preferred because it has got a heavy ball and long cord which are our requirements. Cabinet and UPS: Microtel ATX Cabinet is selected a UPS with 30 minutes backup time .

SOFTWARE REQUIREMENTS Software Requirements for the Remote Access Trojan (RAT) requires the following: Operating SystemWindows XP is the most widely used operating system. Software Packages Supporting software Anti-virus .net framework 2.0 or higher

System DFD

State machine diagram:-

CFD Level- 0

CURRENT STATUS OF THE PROJECT

The

project

in

Remote

Access

Trojan

(RAT)

perfects

the

requirements of the computer security and in ethical hacking. It reduces the chances of cyber crime. It speeds up the processing work. It is very beneficial in collecting proofs against victims. It incorporates to charging needs of users.

It is user friendly in nature. It applies checks in modules is the data consist in nature and reliable.

REMAINING AREAS OF CONCERN

In Remote Access Trojan (RAT) many of features like webcam control,advance disk handling, binders, cryptors etc have not been taken into consideration so they can be looked open .

FUTURE RECOMMENDATION

The project lacks the inclusion of various tools like control,advance disk handling, binders, cryptors. These tools must be taken into consideration for a full fledge project.