[Massive Guide] So you want to RAT? Let me help you mate! [Part - 1]

www.thefunomania.blogspot.com





What I ask of you
I believe my guide is finished but there is still room for improvement.
I might have missed something or posted some wrong information. (very unlikely)
Please leave your suggestions as comments below so I can possibly add them.

Aside from that, I spent A LOT of time on this guide. I kindly ask that you spread it around to people that want to learn about RAT's.
99% of the time this will hold more for them than your 1 - 5 line comment.



Thank you: 
- Eternal: for giving me a 1 month code to use for the tutorial. (143VPN)
- French crypter: for giving me a 10 days code to use for the tutorial. (Static Crypt)
- Cibor: for giving me a 1 day code to use for the tutorial. (Ozone)
- ShockWave: for giving me a lifetime code to use. (Imminent Monitor 4.3)
- no$fera$tu: for giving me a 24h code to use for the tutorial. (Data Protector V4)
- Revcode: For the 72h trial account on your site. (Revcode Webmonitor)


Introduction + Goal
Thanks for making it over to my thread. Are you tired of the same questions being explained over and over again? 10 billion links that you can find all over the place that lead to all over the place?
No more. I'm writing everything that's within my knowledge down in this massive thread. The goal here is to have 1 massive RAT hub that people can come to to find anything, let's see if we succeed.

I encourage you to leave anything I missed/suggestions in the comment since I plan on updating this A LOT!


Index
Since it's hard to have an index in a page filled with spoilers I'll have a color index.
This'll help you navigate at least a tiny bit.


- General --
-- Port Forwarding Related --
-- Crypting related --


Things you NEED to know about a RAT
- a RAT is legal software and is not meant to be used in any malicious way. If you do use it in a malicious way you are at constant risk of losing your license and going to jail.
- Your clients will not dissapear after you or them have restarted their computer. (providing you used startup which I explain later on in the guide)
- Most RATs are HWID locked meaning you can only use 1 computer per license. Don't try and share it with your friends. Orcus is an exception and allows 3 per license.
- You can have user or administrator permissions on your clients, changing the amount of things you can do drastically.
- Unless you are using a PHP RAT you will ALWAYS require port forwarding.
- Certain RATs have dependencies while others don't. Explained more in-depth later on.


Things you NEED to know about using a crypter
- A crypter is legal software and is not meant to crypt malware with. Doing this you always run the possibility of your license being banned.
- Crypters are not magic, it's not as simple as drop in a .exe and have it come out FUD.
- If you are getting 8+/35 detections don't go crying to the owner. They can be fixed by you if you follow the guide later on.
- Ticking every single option in your crypter is a good way to corrupt your RAT beyond using.
- There's a difference between scantime and runtime. Scantime is the result of your file being scanned without it being executed on a PC. Runtime is the result of it being scanned while it's running on your clients PC. (Making it much easier to detect and making scantime useless)
- Don't EVER double up on settings in both your RAT and crypter. Nothing good comes from that.
- THE CHEAPER THE CRYPTER THE BETTER THE QUALITY IS NOT THE RIGHT ATTITUDE.


Port forwarding
Port forwarding, most of you guys usually go DEAR GOD HELP ME when you are confronted with this. WELL NO MORE! After this guide everyone should be able to port forward with or without VPN. Why do you need to port forward? You need an open port for outside connections (your client) to connect to your internet. Well, let's get into the without VPN part first.

Understand the following BEFORE going onto this guide.
- Googling your router and how to port forward on it will NEVER hurt. They give information that is impossible for me to know in advance such as what you need to click on etc.
- There's a couple different router setups. I'm going to cover the ones I know which is a total of 3 ways. It's up to you to figure out which one of these is closes to yours.
- Even when you THINK your port forwarding is done, keep on reading and don't miss a SINGLE step!

Possible setup no. 1 - Regular portforwarding
This is the easiest to do and also the most common among routers.

Go over to your router page found by typing in your default gateway into your browser.
How do you find your default gateway? Open your cmd.exe and type in ipconfig which will show you your default gateway 2 lines below your IPv4.
In the picture below my default gateway is 192.168.0.1.

www.thefunomania.blogspot.com

Now that you are on your router page you will want to find the port forwarding tab.
Usually this can be found under the advanced tab and is straight up called 'port forwarding'.
Once you've found it, click on it and you should see something similar to this. 

www.thefunomania.blogspot.com
Now don't get scared by the different language shown here. Let me quickly explain in order what those words mean. What you're looking at is Internal IP-adress / Begin port / End port / Protocol / Activated.

Your internal IP adress is your IPv4 shown above your default gateway. Your begin port and end port should be the same and is the port you are trying to open. Protocol is either UDP or TCP or BOTH. You will want to choose BOTH!
Now that you know all this, this is what it should look like filled in. (In this picture I have opened port 30000)



www.thefunomania.blogspot.com

When you filled in yours and it looks like mine (with your IPv4 and desired port) hit save changes and that concludes port forwarding.! Read the 'testing your port' category on how to PROPERLY test your port. DON'T TEST IT ON YOUR OWN, 
Possible setup no. 2 - Service/Virtual Server
This one is a bit different from your usual port forwarding but is pratically still the same.
Port forwarding won't be called port forwarding on your router but it'll be called 'service/virtual server' honestly there's no difference here other than the name.

Let's start off with the usual.
Go over to your router page found by typing in your default gateway into your browser.
How do you find your default gateway? Open your cmd.exe and type in ipconfig which will show you your default gateway 2 lines below your IPv4.
In the picture below my default gateway is 192.168.0.1.



www.thefunomania.blogspot.com

Once you are on your router page navigate towards create a service/virtual server.
Something similar to this will show up.



thefunomania.blogspot.com

Now don't get scared by the different language shown here. Let me quickly explain in order what those words mean. What you're looking at is Internal IP-adress / Begin port / End port / Protocol / Activated.
Your internal IP adress is your IPv4 shown above your default gateway. Your begin port and end port should be the same and is the port you are trying to open. Protocol is either UDP or TCP or BOTH. You will want to choose BOTH! If it asks you for a service name you can type in whatever, just make sure that you remember it!
Now that you know all this, this is what it should look like filled in. (In this picture I have opened port 30000)



www.thefunomania.blogspot.com


Now that you've filled it in and everything is correct hit 'save changes'. Now this is where your port forwarding is different from the usual. Once you've hit save changes you will want to navigate over to your router's firewall. (Usually found somewhere in security/basic settings)
-----------------------------------ADD PICTURE -----------------------------------

Here it will give you the option of letting a service through the firewall. You will want to add the service you just created and let it through the firewall or your port will remain CLOSED.
Usually this is done by clicking add, choosing the name of the service and then defining if you want to let it through or not. You will want to allow it and that concludes your port forwarding. Read the 'testing your port' category on how to PROPERLY test your port. DON'T TEST IT ON YOUR OWN,
------------------------------- ADD PICTURE ---------------------------------------


Port forwarding (VPN)
Port forwarding through a VPN is way easier and simplified. 
It is also HIGHLY recommended that you use one regardless of your intentions. Due to it being way simpler I can just make steps instead of complicated and long explanations.

CrypticVPN
- Connect to the server you wish to use.
- Go to the crypticvpn.com website, log in and navigate to the VPN control panel and from there to the 'open port' section.

thefunomania.blogspot.com
- In port fill in the port you wish to open. (recommend any port between 10k and 60k)
- Internal IP is your IPv4 which should start with 10.8 if you are properly connected to the VPN. (Keep in mind you have multiple IPv4 make sure you get the right one!)
- Location will be the server you are currently connected to.
- In the picture below you will see me open port 12521 on the amsterdam servers.

thefunomania.blogspot.com

 That concludes port forwarding through crypticVPN. Read the 'testing your port' category on how to PROPERLY test your port. DON'T TEST IT ON YOUR Own.

Ra4wVPN
- Connect to the server you wish to use.
- Go over to the ra4wvpn.com website, login and navigate to where you open ports.

-------------------------------- ADD PICTURE ----------------------------------------
- In port fill in the port you wish to open. (recommend any port between 10k and 60k)
- Internal IP is your IPv4 which should start with 10.8 if you are properly connected to the VPN. (Keep in mind you have multiple IPv4 make sure you get the right one!)
- Location will be the server you are currently connected to.
- In the picture below you will see me open port 12521 on the XXXXX servers.

------------------------------- ADD PICTURE -----------------------------------------
- That concludes port forwarding through ra4wvpnRead the 'testing your port' category on how to PROPERLY test your port. DON'T TEST IT ON YOUR OWN,

143VPN
- Connect to the server you wish to port forward on.
- Go to 143vpn.com and click 'port forwarding' at the top right.
- Log in using your VPN info, not the login for the website itself!
- You should now be on this page.



www.thefunomania.blogspot.com

- Choose any port between 10 - 60k
- The internal IP adress is your IPv4 which you can find by opening your cmd.exe and typing in 'ipconfig' without the ''. It should start with 10.8.
- Keep in mind you have multiple IPv4 so make sure you get the right one!
- Choose the server you're connected to and hit 'submit'.
- If done correctly you should see this.



www.thefunomania.blogspot.com
- That concludes port forwarding through 143VPN. 

Testing your port
Open the spoiler of your RAT below for further instructions on how to check your port.


PAID

Luminositylink
- Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open Luminositylink
- Head over to settings --> Ports
- Right click and choose 'add port'
- Type in the number of the port you opened.
- At the bottom right click 'start listening'
- Right click on the port and click 'test port'
- If the following shows up and your total connections goes up by 1 your port is open!



thefunomania.blogspot.com


Orcus
- Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open orcus main administration and click on 'create a new server'.



www.thefunomania.blogspot.com

- IP-adress is your IPv4 and port is the port you opened. When you filled those in hit 'add'. Password can be whatever you choose.
- This is what the end result shoud look like. (using your own IPv4 and port).



www.thefunomania.blogspot.com

- When you've achieved that end result click 'build' and save that server somewhere.
- Open the server and you should see the following. (with your own IPv4 and port)




- Now the server is running go to canyouseeme.org and fill in the port you opened.
- It should say succes if done properly

RevCode Webmonitor
You don't have to port forward. Yeah you can enjoy that.

Imminent Monitor 4.3 (c# port)
- Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open Imminent Monitor.
- Click on settings.
- Right click in the open field and click on add port.

www.thefunomania.blogspot.com

- When you've added the port you opened at the bottom right click on 'start listening'.
- The status which previously showed as 'idle...' should now say 'listening!'.

www.thefunomania.blogspot.com
- Once you've done that go to canyouseeme.org fill in the port and if it says success your port is opened correctly!

Remcos v1.6.2 Professional
- Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open Remcos.
- Click on 'Local settings'
- Fill in your open port, password (which you will need inside the builder) and click add. 

- Click 'save settings'.
- Once you've done that go to canyouseeme.org fill in the port and if it says success your port is opened correctly!

FREE

njRAT  <-- CLICK TO DOWNLOAD! PW: Neos07

- Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open njRAT
- As soon as it opens you'll want to enter the port you opened and then hit 'start'.


- Once you've done that go to canyouseeme.org fill in the port and if it says success your port is opened correctly!

Babylon <-- CLICK TO DOWNLOAD! PW: #4k53mmkSDKM%l"&#¤&fsdkfmF44sdFGUMSDKFGk45t

- Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open babylon.
- At the top hit 'file' then hit 'settings'
- Right click and hit 'clear' the list will now be empty.
- Right click and hit 'add port'. Fill in the port, when it asks you for a network key fill in whatever you want but make SURE you remember it! The Adress Family is 2.
- This is what it should like if done correctly.




- Hit save and save the file in the same folder as babylon.
- Then hit load and load the file you just saved.
- Go back to the main babylon client hit 'file' and then hit 'start server'.
- You should see this (with the port you specified)




- If it shows that go to canyouseeme.org fill in the port and if it says success your port is opened correctly!

Quasar <-- CLICK TO DOWNLOAD

- Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open Quasar.
- At the top hit 'settings'
- It'll ask you for a 'port to listen too' fill in the port you opened there.




- Once you've done that hit 'start listening'
- Once you've done that go to canyouseeme.org fill in the port and if it says success your port is opened correctly!


Darktrack

-Connect to your VPN if you are using one. If not skip this step.
- Completely disable your firewall! (VERY IMPORTANT)
- Open Darktrack
- Click on client settings
- In port no fill in your open port, password can be whatever you please.
- Once you've done that click the little '+' next to where you filled in the port and you should see this



- Once you've done that go to canyouseeme.org fill in the port and if it says success your port is opened correctly!

What RAT should I buy/use?
I'm so tired of seeing these threads that I'm just going to implement a little review in this one. It'll be based on popularity and what I've personally read about that RAT.

PAID

LuminosityLink

Public opinion
+ User friendly
+ Easy to use
+ Stable
+ Excellent support
- Has a .NET dependency
- Has a region lock


Personal opinion
I feel like KFC has a nice program but it's simply out-matched by other RATs sold on the market currently. It does not help that he implemented a region block making blackhat use (looking at you reading this) pretty much impossible.

Which used to be my favorite RAT now scores at about 6.5/10.


Orcus

Public opinion+ Not so user friendly
+ Easy to use, hard to setup
+- Stable for some, less stable for others
+ Excellent support
- Has a .NET dependency


Personal opinion
I think Orcus is going in a straight line forward. Armada is doing his best managing the product and to my knowing Sorzus (the developer) is still working hard to improve it. If you like the feel that Orcus has then you're not making a mistake buying Orcus. Keep in mind more so than other RATs Orcus depends on .NET 3.5 which is not the same as 2.0.

I'll give Orcus a 8.5 for the really high customizability and Armada being a sausage.


Imminent Monitor 5

Public opinion
+ Very stable
+ Insanely good UI
+ Good customer support
+ User friendly
- Has a .NET dependency

Personal opinion
I think Imminent Monitor is currently the top RAT sold on HF. Shockwave is a highly experienced developer and has been working on Imminent Monitor for 5 years+.
Other than Shockwave sometimes getting a bit lazy (don't we all) I really can't say anything bad about this RAT.

Going to give Imminent Monitor a well deserved 9.5/10. Not a 10 remember when it comes to coding, nothing is perfect.

RevCode Webmonitor

Public opinion
+ No portforwarding
- No customizability for your client file (DNS/Hidden is missing)
+- More information pending

Personal opinion
There's 2 things I can see straight from the bat.

- User friendlyness is ridiculous. There is no setup, literally nothing.
- This software is straight whitehat. There will ALWAYS be a double installation dialouge.

Overall I think this software is great if you're dealing with a less technical person. This would be a perfect recommendation for a dad/mom for example.
I would like to make clear though that the remote desktop stream seemed quite slow, even on a local connection. If you're all about that sweet FPS this web RAT is not for you.

FREE

njRAT

Public opinion
+ Decently stable
+ Easy to use
- No support
- Password recovery is broken (there's a fix on HF tho)
- Has a .NET dependency


Personal opinionnjRAT is the first RAT I ever used and I don't really have many complaints about it. For a free RAT I'm honestly impressed with how stable it is. Using it back when I was a noob probably using all the wrongs settings I managed to hold clients for 1 - 2 weeks. The remote desktop is decently fast too, overall it's my favorite free RAT.

My overall rating for this RAT is 7/10

Darktrack

Public opinion
- Not so stable
+- Easy to use, little harder to setup (without a guide)
+- Support (touch and go)
+ No dependencies
- Early stages = bugs

Personal opinion
First time I set up this RAT I immediatly encoutered a bug. Being experienced I decided to ignore it and it did indeed turn out to just be a visual bug. Other non-experienced members might have spent 30 min - 1h trying to fix it even tho there was no real bug there. Aside from that I heard it's not stable yet, people are losing their clients when closing the program etc. It's got a couple of cool features like the skype monitor thingy but aside from that I'm not convinced yet. (don't release something that isn't ready)

My overall rating for this RAT is 4/10

Babylon

Public opinion
+- Sorta stable
+ Easy to use
- No support
- Webcam capture is not fully programmed although it works for most
+ Has no depedendencies

Personal opinion
Babylon is probably the most recommended free RAT currently available. (together with Darktrack) My friend used to use it a lot and watching him use it it seems like an OK program. I did see him loose clients every now & then so that's worth noting. Aside from that the program works as advertised and is not bad at all.

My overall rating for this RAT is 6/10

Continue...