Saturday, June 17, 2017

NODERAT.IO

By   on   in ,  

Hi ax0ners,

First... my previous thread was removed by error and we lost my last tutorial, all your comments and suggestions but don't worry i'll remake it better soon and i'll make different thread to manage the project faster =]

Description:
Noderat.io is full coded in nodejs (web server and client), it use socket.io to exchange data between server and client, ha yes... and it's OPENSOURCE ;)

Noderat.io is not detectable because it's signed with nodejs process recognized as legit application and it can run on all OS without modifications of source code because nodejs is multi platform (Windows all version, Mac OS, linux, Android, etc).

Philosophy:
I wan't to proof how some new technology like nodejs and other frameworks engine like enclose.js, NW.js, cordova, electron, etc create some new problems of security often ignored by OS and AV at this time (These technology are very powerfull, fast and easy to deploy and i think it's a good thing for developer but not enough controled for moment by OS and AV).

Everyone use these new technoly and the community grow fast, the problem is all of this apps are signed legit by all antivirus so i'll write on this more deeper when the project will be more mature.

At the beginning i just wan't to make a remote admin tool as powerfull as possible with a real-time web interface using socket, scalable, clouded and easy movable to controle all my server, raspberry, windows, android, etc from one point, i'm lazy of teamviewer :) ..... but .... when i realized what is possible to do  while i created my project of remote administration tools, i was not able to ignore the security aspect  so i wan't to know the opinion of the community about this new king of security risk. So don't forget ,it's for educational purposes only ;)

To be sure that everyone has understood -> I don't want to make a malware for script kiddies that's why i'll don't help anyone to install, edit, or use this for illegal activity :|

Advantages:
- Code once run on all OS (cloud and client).
- Easy to code (its only javascript).
- Easy to get help and code in team with git.
- Easy to edit and test.
- No need encryption its FUD.
- No need compilation.
- No need Apache or PHP to run the cloud.
- Lot of module exist on nodejs, we can manage them with npm and take benefit from all this repository in a few second:
- Imagine we need to get controle on webcam, just search "nodejs wecam" on google and we often get module of high quality like this.

- Imagine we need to get controle on webcam, just search "nodejs wecam" on google and we often get module of high quality like this.
- Need a file manager ? or an exemple to make your own ? https://www.npmjs.com/package/node-file-manager
- A remote desktop ? https://github.com/citronneur/node-rdpjs
- etc... We take advantage of one of the bigest comunity of javascript developer to add new functionality easier.

Disadvantages:
- Code of client is readable (not compiled) so anyone can reverse your client to get information on you: ip, general password, etc. in clear with notepad ^^, so it will be harder to use it for illegal activity and its better like this, it will discourage lamers to spread this as malware :)
- Size of client (when is compiled) is big (from 12mb with Enclosejs to 80mb with NWjs).
- Need mysql server to run the cloud.
- Need nodejs environment to run the client.

GitHub repository (last version : v1.0.1):
https://github.com/mwesto/nodeRat.Io

Screenshot Last version:







Share:

Related Posts: