It checks in to the Gh0st client on startup and awaits instructions. This service is the server component of the Gh0st toolkit. It is the Windows DLL that gets installed on a compromised host as a Windows service. Windows DLL (user level binary): The DLL is named SVCHOST.DLL. The two main functions this module serves is the management and control of Gh0st servers and the ability to create customized server install programs. Gh0st RAT has two main components: client and server.Ĭontroller Application: This is known as client, which is typically a Windows application that is used to track and manage Gh0st servers on remote compromised hosts. This section will throw light on both at user and kernel level binaries of the Gh0st RAT toolset. Clear all existing SSDT of all existing hooks.Provide a list of all the active processes.Enter into shell of remote infected host with full control.Disable infected computer remote pointer and keyboard input.Take control of remote shutdown and reboot of host.Download remote binaries on the infected remote host.Provide live feed of webcam, microphone of infected host.Provide real time as well as offline keystroke logging.Take full control of the remote screen on the infected bot.Below is a list of Gh0st RAT capabilities. I think that before I delve into more technical details of Gh0st RAT, let us take a brief look at the capabilities or reach of Gh0st RAT. Gh0st RAT (Remote Access Terminal) is a trojan "Remote Access Tool" used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |