Originally Posted by Plan9
You don't need a RAT to do most of that stuff (in fact a lot of it is already built into Windows):
- browsing files: SMB \\machinename\c$
- taking screenshots of the desktop: VNC
- logging keys: I can't think of any good reason why you should need a keylogger on an employees workstation
- controlling keyboard and mouse: RDP or VNC
- user to user chat: e-mail, phone, or just walk round to their desk. I mean you work with them for gods sake
- packet sniffing: you don't even need access to their machine to do that. Just have a machine on a promiscuous port with wireshark (or similar) installed
- complete file exploring with delete, add modify functions as well as file download/upload: you'd already said this. And if you're a domain admin then you can just mount their HDDs over SMB without needing to install anything locally.
And rightly so. There's a fine line between protecting your IT infrastructure from abuse, and abusing it yourselves to snoop on your employees. Installing a RAT crosses that line in my opinion. VNC should be the only think you'd need to install on your employees desktops (aside an AV). And the rest should be part of the
- company firewall (stop unwanted protocols going out as well as coming in,
- internet proxy (ban sites)
- and -if completely necessary- intrusion detection system (packet sniffing - but I really dont think it should be necessary to snoop on your employees with that)
That's just my 2c worth though
fair points although vnc isnt built into windows
i was just offering a all in one solution. any competent admin could do all the things listed for sure, but if the author was asking about this i would assume they did not know about these services or dont know how to use them.
as i mentioned i did say i wouldnt use these in an actual buisness seeing how there are other workable solutions out there. was just throwing it into the air.
edit:: on a side note just for the sake of including information, company firewalls are not as secure as one may think. they do a good job at filtering traffic going in and out, but there are really simple ways to get back into a network from the outside if exploitation happens. a while back i co-developed a linux shellcode (used in the exploitation process) that if used over a socket, it would hijack the socket it was sent over and use that socket to spawn a remote shell. this essentially bypasses firewalls as well as IDS systems seeing how no new outside sockets are being opened. although this was written as a proof of concept and using it in an actual remote buffer overflow attack would be rare seeing how you would imagine most companies thoroughly inspecting theyre software before deployment.Edited by abduct - 7/19/13 at 4:09pm