GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

GUJARAT TECHNOLOGICAL UNIVERSITY

CHANKHEDA, AHMEDABAD
AFFILIATED

SILVER OAK COLLEGE OF ENGINEERING AND TECHNOLOGY

A REPORT ON:-
Remote Access Tool / Trojan (RAT)

Under Subject Of
Design Engineering
BE Semester – IV
Computer Engineering
Submitted By
Group No. – 41920
Sr. No. Name Enrolment Number
1 Ravi Vaghela 160770107242
2 Arjun Gharti Chhetri 160770107253
3 Raj Bhimani 160770107254

MRS. SNEHAL RAJPUT

(INTERNAL GUIDE)

ACADEMIC YEAR
(2017-2018)
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

SILVER OAK COLLEGE OF ENGINEERING AND TECHNOLOGY

COMPUTER ENGINEERING

CERTIFICATE

Date: -

This is to certify that the project entitled “Remote Access Tool / Trojan
(RAT)” has been carried out by “Ravi Vaghela (1607707242)”, “Arjun Gharti
Chhetri (1607707253)” ,“Raj Bhimani (160770107254)” under my guidance
in fulfillment of the Degree of Bachelor of Engineering in Computer
Engineering – 4th Semester of Gujarat Technological University ,
Ahmedabad during the academic year 2017-2018.

INTERNAL GUIDE HEAD OF DEPARTMENT

(Computer Engineering) (Computer Engineering)
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

CANDIDATE’S DECLARATION

We have finished our project report entitled “Remote Access Tool / Trojan”
and submitted to our respective guide. We are in 4th semester and we have
tried to give our best. We have done our work honestly and in a good way.

First Candidate Name - Ravi Vaghela

Branch - CE
Enrolment Number - 160770107242

Second Candidate Name - Arjun Gharti Chherti

Branch - CE
Enrolment Number - 160770107253

Third Candidate Name - Raj Bhimani

Branch - CE
Enrolment Number - 160770101254

Submitted to: - SILVER OAK COLLEGE OF ENGINEERING AND

TECHNOLOGY
Affiliated to: - GUJARAT TECHNOLOGICAL UNIVERSITY
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

ACKNOWLEDGEMENT

We would like to extend our heartily thanks with a deep sense of gratitude and
respect to all those who has provided us immense help and guidance during
our project.
We would like to express our sincere thanks to our internal guide Mrs.
RAJPUT SNEHAL RAMCHAL SINGH for providing a vision about the
system and for giving us an opportunity to undertake such a great challenging
and innovative work. We are grateful for the guidance, encouragement,
understanding and insightful support given in the development process.
We would like to extend my gratitude to Head of Computer Engineering
Department, Silver Oak college of Engineering and Technology, Ahmedabad,
for his continuous encouragement and motivation.
Last but not the least we would like to mention here that we are greatly
indebted to each and everybody who has been associated with our project at
any stage but whose name does not find a place in this acknowledgement.

Yours Sincerely,

Ravi Vaghela (160770107242)

Arjun Gharti Chhetri (160770107253)
Raj Bhimani (160770107254)
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

Abstract

Remote Administration Tool (RAT) allowing a potentially malicious user to

remotely control the system. A Remote Administration Tool is remote control
software that when installed on a computer it allows a remote computer to take
control of it. A Remote Administration Trojan (RAT) allows an attacker to
remotely control a computing system and typically consists of a server
invisibly running and listening to specific TCP/UDP ports on a victim machine
as well as a client acting as the interface between the server and the attacker.
The most common means of infection is through email attachments. The
developer of the virus usually uses various spamming techniques in order to
distribute the virus to unsuspecting users. Malware developers use chat
software as another method to spread their Trojan horse viruses such as Yahoo
Messenger and Skype. Remote Administration Trojans (RATs) are malicious
pieces of code often Embedded in lawful programs through RAT-sanction
procedures. They are stealthily planted and help gain access of victim
machines, through patches, games, E-mail attachments, or even in legitimate-
looking binaries. Once installed, RATs perform their unexpected or even
unauthorized operations and use an array of techniques to hide their traces to
remain invisible and stay on victim systems for the long haul.

Keywords- Remote Administration Tool; Trojan; email attachments;

malicious; Compromised System
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

TABLE OF CONTENTS

Title
Acknowledgement
Abstract
1. INTRODUCTION
2. PHASE 1: REVERSE ENGINEERING
AEIOU & Mind mapping
Empathy Mapping Canvas
Ideation Canvas
Product Development Canvas
Design Thinking
3. PHASE 2: PRE-DESIGN :LEARNING NEED MATRIX
LNM canvas
4. PHASE 3: ROUGH PROTOTYPE MODEL
Snapshot & description
5. CONCLUSION & FUTURE WORK
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

CHAPTER – 1
INTRODUCTION
Remote administration refers to any method of controlling a computer from a
remote location. Remote administration is becoming increasingly common
and is often used when it is difficult or impractical to be physically near a
system in order to use it, or in order to access web material that is not available
in one's location. Any computer with an Internet connection, TCP/IP or on a
Local Area Network (LAN) can be remotely administered. Remote
administration can be used for any cluster of activities and can span multiple
categories of servers, such as database servers, middleware servers, etc. Today,
providing remote and mobile workers with secure remote access to corporate
networks is no longer luxury; it has become a business necessity. Letting
employees tap into the office local area network “LAN” from customer sites,
hotels, internet cafe and airport kiosks can greatly increase business efficiency,
productivity and job satisfaction. But mobile empowerment has a price,
measured in IT administration and network security. As more Information
Technology departments centralize and consolidate to reduce cost, many
remote sites are left with no on-site IT support.
Remote administration of computers is common because of the significant
cost benefits; many tasks can be automated, and the administrator does not
have to physically visit each computer. Remote control software provides
businesses the ability to login and access computers remotely. Utilizing remote
control software enables personnel to transfer files or folders quickly and
easily, and communicate by instant message, text chat, or voice intercom from
any PC, cell phone, wireless PDA. This fast, reliable, easy-to-use pc remote
control software saves you hours of running up and down stairs between
computers. The remote administrator software allows you to take control of
another PC on a LAN, WAN or dial-up connection so you see the remote
computer's screen on your monitor and all your mouse movements and
keystrokes are directly transferred to the remote machine. These software’s
provide fast secure access to remote PC’s on Windows platforms. Many
remote administrator tools exist in the market and it is difficult to choose what
you need. As you are an IT support, you need to choose the software which
leads your IT skills. After you determine how much you want to manage
remotely, the next step is to select the tools and supporting components you
need to accomplish your remote management tasks.
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

REMOTE ADMINISTRATION PROGRAMS (TOOL)

It is used to remotely connect and manage a single or multiple computers with
a variety of tools, such as:
1. Screen/camera capture or control
2. File management (download/upload/execute/etc.)
3. Computer control (power off/on/log off)
4. Registry management (query/add/delete/modify)
5. Shell control (usually piped from command prompt)

We have two kind of connection:

1. Direct Connection
A direct-connect RAT is a simple set-up where the client connects to a single
or multiple servers directly. Stable servers are multithreaded,
Allowing for multiple clients to be connected, along with increased reliability.
2. Reverse Connection
A few advantages of a reverse-connection:
1. No problems with routers blocking incoming data, because the connection
is started outgoing for a server
2. Allows for mass-updating of servers by broadcasting commands, because
many servers can easily connect to a single client

CHARACTERISTICS OF RATS
As RATs can essentially capture every screen and keystroke, intruders may
obtain account information, passwords, and sensitive computing system data.
RATs can also spawn arbitrary numbers of processes on specific TCP/UDP
ports, impersonate victims, redirect traffic for specific services to other
systems, and launch distributed denial of service (Dodos) attacks.
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

RAT Trojans can generally do the following:

1. Download, upload, delete, and rename Files.
2. Format drives
3. Open CD-ROM tray
4. Drop viruses and worms
5. Log keystrokes
6. Hack passwords, credit card no.
7. View, kill, and start tasks in task Manager.
8. Print text, Play sounds
9. Randomly move and click mouse
Some RAT Trojans are pranks that are most likely being controlled by a
friend. RATS are generally not harmful.
FUNCTIONALITIES OF RATS
RATs typically provide attackers with comprehensive command repertoires
for file management, process scheduling, and system configuration
manipulation. File management features include potentially destructive
operations such as delete/move a file or directory on victim systems. The
process scheduling component in a RAT permits intruders to create, view,
and/or terminate running processes at will. The configuration manipulation
element allows RATs to alter the behaviour of the victim system by for
instance disabling its security features after modifying the Windows Registry.
RATs can often operate as device controllers being able to open/close CD-
ROMs, disable the mouse and network cards, intercept keystrokes and/or
screen snapshots, flip the victim’s screen or change its resolution, monitor
password dialog boxes and clipboards, capture audio/video of the victim’s
environment, and finally, crash the victim. The re-direct feature of RATs
allows an attacker to chain various services together and ultimately forward
the results to a specified destination, making it trivial for intruders to hijack
network connections, intercept private data, and inject fake messages. By
functioning as packet sniffers, RATs can also monitor a victim’s network
activities and determine its topology. Furthermore, by scanning the entire
system of the victim machine, including its garbage bin, a number of RATs
can collect personal information such as user accounts, passwords, credit
cards, and Email addresses.
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

DIFFERENT TECHNIQUES USED IN REMOTE ADMINISTRATION

TOOLS

The purpose of this section is to present the different methods and tools
frequently used to administer remote Windows systems, and which let you
able to access a command prompt and perform basic system administration,
such as view and/or start/kill processes or services, reboot machines and view
system logs, observe what is happening on the display, and even run GUI
based programs all remotely, that depends on each features of these remote
administrator software’s.
A. MSRPC “Win32 legacy management APIs”
B. WMI “Windows Management Instrumentation”
C. GUI-oriented tools build in windows
D. CLI-oriented tools
E. Web based tools
CONCLUSION
Using remote administrator tools for remote administration of computers
running can greatly reduce the administrative overhead. Administrators can
access the servers from anywhere, be it inside the computer room. They can
start time-consuming administrative jobs, disconnect, a later time to check the
progress. Server application and operating system upgrades can be completed
remotely, as well tasks that are not usually possible unless the administrator is
sitting at the console. Server file system tasks such as copying large files and
virus scanning are much more efficient when performed within a remote tools
session, rather than using utilities that are executed on a PC client. Remote
administrator tool is an affordable tool that any small business owner can
purchase without having to consult his accountant. Companies offer very
flexible licensing policies for Remote administrator tool that cover multiple
computers at minimal expense. Remote administrator tool has no special
hardware requirements. Even if your old home computer is what you use for
running your business, it’s fast enough for Remote administrator tool. If the
computer runs Windows, Remote administrator tool will run on it, and it will
run faster than any other remote control software you can buy. An evaluation
is being built on existing remote administrator tools of the availability of
features and is expected to be one of the important evaluations used by major
high-energy research. This evaluation let customers choose their need of
remote administrator tools carefully.
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

CHAPTER -2(PHASE-1)
 AEIOU CANVAS
ENVIRONMENT
 General impression / observation
 Floor plan
 Element features and special notes
 Scenes
 Data Access
 Trojan
 Email Attachment
 Access to system without permission
 Screen & Camera capture

Fig:-1.1
INTERACTION
 General impression / observation
 Scenes of interaction
 Element features and special notes
 Key logging
 File access
 Registry management
 Code execution
 Web cams feed
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

Fig:-1.2
OBJECTS
 General impression / observation
 Inventory of key objects
 Element features and special notes
 Anti-hacking
 Cyber security
 Two factor authentication
 Direct connection
 Secure system

Fig:-1.3
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

ACTIVITIES
 General impression / observation
 Sketch / photo summary of activities
 Elements features and special notes
 Back orifice
 Net bus
 CLI – oriented tools
 Easy connection to system
 Firewall penetration
 Remote administration tool

Fig:-1.4

USER
 General impression / observation
 Scene of user in context
 Elements features and special notes
 Shell control
 File management
 Cracked games
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Email access
 Computer control
 Remote network access
 Audio footage

Fig:-1.5
 USER CANVAS
Basically there are four section in user canvas.
 User

Fig:-2.1
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Stakeholder

Fig:-2.2
 Activities

Fig:-2.3
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Story boarding

Fig:-2.4
 IDEATION CANVAS
Ideation canvas also contain four section.
 People

Fig:-3.1
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Activities

Fig:-3.2
 Situation/Context/Location

Fig:-3.3
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Possible solutions

Fig:-3.4
If we talk about Ideation Canvas, then it is something near to our main problem
which we want to find finally. Basically here also people part is available same
as the user canvas but in this canvas in people part only those people mention
which is only related to our problem only.
Next Activities means during which you are facing problem.
In location/Situation means in which situation and location problem become
in picture that things must be maintained.
 PRODUCT & DEVELOPMENT CANVAS
 Purpose
 People
 Product experience
 Product function
 Product features
 Components
 Customer revalidation
 Reject, redesign & retain
Now, when we are discussing about the product development canvas now we
have defined the main problem after completion of user canvas and Ideation
Canvas. Finally, in product development canvas as per the section like.
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Purpose: - Means main purpose that for which problem you are finding
the solution.

Fig:-4.1
 People: - Here people are mentioned who are closely related to define
the problem and its uses.

Fig:-4.2
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Product experience
 Product function
 Product features

Fig:-4.3
 Components: - the components used for making this products are
personal computer, hacking tools, internet access, knowledge of various
programming languages, code execution.

Fig:-4.4
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 Customers revalidation

Fig:-4.5
 Reject redesign & retain

Fig:-4.6
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 DESIGN THINKING
Design thinking contains
1. People
2. Identity (Multiple Problem)
3. Key Problem
4. Key solution
5. Identity (Multiple Solution)
6. Prototype
7. Redesign
8. Customer revalidation
9. Final Solution

Now Finally After completion of this canvas final problem with the perfect
solution is easily found.
As per all part of this canvas
1. People: - this people part is totally different from all other canvas people
this people part contains only product related people. Like in our case we have
mentioned only drivers which is related to product.
2. Identify Multiple problems: - after all the canvases discussion which are the
problems we find those all problem is mentioned here.
3. Key Problem: -out of all multiple problem only one key problem is
mentioned like we have mention key problem is unwanted bugs in the code.
4. Identify multiple solution: - Multiple solutions discussed in this part for your
key problem.
5. Key solution: - Only one key solution from all possible solution so in this
only optimum solution we can use easy code that can be executed easily and
maximum bugging problem doesn’t occur.
6. Prototype: - this is the combination of product features, product function
and components. Sketch can also draw of your product in this prototype
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

7. Customer Validation: - as per the requirement of customer product is being

designed so it can easily design.
8. Redesign: - as per the requirement of the customer product can be redesign
for better performance

CHAPTER-3(PHASE-2 PREDESIGN)
 LNM MATRIX
Learning Need Matrix (LNM) Every group of students, with the guidance of
their Faculty Guide, are required to identify at this stage, the need for generic
learning, which may be required while they develop their idea.

Fig:-5.1
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

CHAPTER-3(PHASE-3 ROUGH PROTOTYPE AND MODEL)

 MIND MAPPING

Fig:-6.1
 PROTOTYPE

Fig:-7.1
GROUP ID-41920 REMOTE ACCESS TOOL/TROJAN

 CONCLUSION
Using remote administrator tools for remote administration of computers
running can greatly reduce the administrative overhead. Administrators can
access the servers from anywhere, be it inside the computer room. They
can start time-consuming administrative jobs, disconnect, a later time to
check the progress. Server application and operating system upgrades can
be completed remotely, as well tasks that are not usually possible unless
the administrator is sitting at the console. Server file system tasks such as
copying large files and virus scanning are much more efficient when
performed within a remote tools session, rather than using utilities that are
executed on a PC client. Remote administrator tool is an affordable tool
that any small business owner can purchase without