Note: In this format, the RAT program will quite easily be detected by anti-virus software. In order to evade such detection you will have to crypto the DarkComet RAT. It must become undetectable in order to use stealthily. Or, the attacker might install such a program and add exceptions to the anti-virus.
The newest versions are always the most stable. Let’s say you use DarkComet 3.2. DarkComet 3.2 will be quite old by the writing of this blog. The system functions may have changed. DarkCoderSc has updated it to DarkComet 5.3.2 with the latest functions, it’s like buying a can of Pepsi then finding it has gone-off.
Here is the tutorial on how to setup DarkComet 5.3.1
- Go to the DarkComet website (http://darkcomet-rat.com). I would not get this RAT from anywhere else, lest it be crawling with gremlins.
At the top, you will see a list of items. Click Downloads.
- Next there will be a list of DarkComet-RAT product versions.
Click the top one.
- When you click Download, you will see three boxes. Tick them.
- Click Download.
- Open the DarkComet RAR (You need WinRAR)
It should look like this:
- Make a folder on your desktop. Name it anything you want.
- Drag the items from the WinRAR folder to the Tutorial folder at your Desktop.
Now, everything should be there like this:
- Open DarkComet.exe (Run as Administrator)
- A TOS should show up.
Tick the box saying ‘Do not display again the EULA‘ that is located at the bottom left.
Click ‘I accept‘
- At the bottom left, it will show up a Help Screen, tick ‘Do not show at startup‘ then click ‘Fine‘
- Click DarkComet-RAT at the top left.
- Click ‘Listen to new port (+Listen)‘
A new window should open, put in your Port then tick ‘Try to forward automaticaly (UPNP)‘
IN this case, I will do port 70 so I put that in, tick ‘Try to forward automatically (UpNP)‘ and click Listen.
- Move over to ‘Socket / Net‘ located at the very end of the top left border.
You should see something like this:
70 may not be your port, your port that you added in ‘Listen to new port‘ will be displayed, not specifically 70.
- Go to ‘www.canyouseeme.org‘
- Put in the port that you are listened on.
If all went well, it should look like this:
- Now, click DarkComet-RAT again and click Server Module, then click Full Editor (Expert)
- Name your Security Password anything you like, then click the Mutex a few times. We then have the Main Settings done.
Make sure you untick FWB (Firewall Bypass)
- Go to Network Settings.
Now, go to http://www.no-ip.com and register
Click Free DNS
- Put in whatever you want for it. Make sure the email is valid because we will need it to validate. (if you don’t want to give your email, get a temp email at 10minutemail.com)
Sign in now.
- Now, at the Body you will see a list of options, click ‘Add Host’
- Copy the settings:
Leave IP Address, as that will show as Default your IP address.
- Click Create Host.
- Go back to your DarkComet and put in the Ip/DNS and Port (DNS for the NO-IP you made a second ago and Port for the one you listened on!)
- Then click ‘Add‘ and go to Module Startup.
Tick the ‘Start the stub with windows (module startup)’
Then leave everything but ‘Persistance installation ( always come back )‘
Now, it should look like this:
- Now go to ‘Stub Finalization‘ at the end.
If you are going to get it crypted then don’t tick UPX (Ultimate Packer Executable) but if you are, I would leave it off and just have it on No compression.
- Now tick the ‘Save the profile when stub succesfully generated’ and Build the Stub.
Now there is one last thing.
- Go to the Client Settings in DarkComet-RAT and then Click NO-IP Updater
- Then put in the NO-IP host, Username and Password, then tick ‘Auto update your no-ip dns when your IP change‘
- Now, run the stub that you generated in a Sandbox to test, and you should show up!
Here now, we have run through the entire thorough setup for DarkComet. Even your kid brother could follow this tutorial. Now what you need to do is some research into how to encrypt the EXE, so it can be installed remotely without an antivirus putting up a fuss. I know Metasploit has some pretty good encryption in it’s framework. I would start there. Watch out for others telling you they will encrypt it for you. This is usually a trick to just pack their own RAT into your stuff!