Lo4f

Lo4f is a sophistochated RAT (Remote Access Trojan), written entirely in python. THIS TOOL IS FOR EDUCATIONAL USES ONLY.

Documentation/Setup

Setting up Discord Server

1. Click on "Add Server" in Discord.

2. Select "Create my own".

3. This selection doesn't matter, just select anything you'd like.

4. Name this anything you'd like, it doesn't matter.

Your server is now created! Now we will set up your bot to create a control center.

Setting up Bot

1. Go to the discord developer website here

2. Select New Application. Name it whatever you'd like, it does not matter.

3. Select the "Bot" tab after creating the application. Give it any pfp or banner, it doesn't matter.

4. Scroll down and ensure that message content intent is selected "on".

5. Navigate to the OAuth2 tab on the left sidebar.

6. Scroll down and ensure "bot" is selected.

7. Scroll down again and select "Administrator."

8. Scroll down once more, ensure the link is set to "Guild Install", then copy the generated URL.

9. Enter the generated URL into your web browser, then add your bot to your server.

Setting up Bot Variables

1. Go back to the GitHub link and download both discord_boy.py and userclient.py. You will need to have Python installed and install the necessary pip libraries. You can see what you need to install by looking at the source code.

2. Navigate back to the Discord developer site and click "Bot".

3. Get your token and copy it. Remember to keep it in a safe place.

4. Go to the source code of both files and update the Discord token with the token you just copied.

5. Navigate to your Discord server, right-click your text channel, and click "Copy ID". You may need to enable developer options in Discord to get this option.

Deploying the RAT

For this portion, you will need Python and PyInstaller installed (pip install pyinstaller).

1. Open a terminal in the same directory as your files with the replaced Discord token and channel ID.

2. Run the following command:

   pyinstaller --onefile --noconsole userclient.py
   

3. Run the following command:

   pyinstaller --onefile discord_bot.py
   

Infecting Computers

DO NOT USE THIS MALICIOUSLY. USE THIS AS A PENTESTING TOOL OR FOR EDUCATIONAL PURPOSES ONLY.

• The most common method of deployment is embedding userclient.exe in a disguised installer file or poisoned exe file and setting it to autorun on startup. you can also change the exe to a dll and dll inject the disguise program.
• You can also create shortcuts that re-launch the executable if the original file is removed.
• Since userclient.exe requires admin privileges for full functionality, you can apply UAC bypass techniques. Read more here.

---

Using the discord interface.

When you launch discord_bot.py, you should be met with a welcome message on your server.

Once you have an infected computer, click start service. If there are no infected computers online, clicking the button will set up the server for controlling the pcs, but no channels will actually be created.

However, if an infected computer is online, pressing start service will create a channel for each computer online. in my case, i have infected my own computer to test this.

Navigating to the new channel, we are greeted with several options. I will go over them in detail now.

-Send Popup

This option, when clicked on, will prompt you asking what message to send. after typing in my message to the channel and hitting enter, a popup will appear. it will also notify you when the user dismisses the popup window, which can be used as an indicator to see if any antivirus software blocked the transmission of the message.

-Steal Passwords

This is a very useful tool that locates the password file for google chrome, and sends it as a message to the discord server. They are still encrypted, but there are numerous decryption tools on github. I will not link one here.

-Execute Commands

This module is by far the most dangerous command. It will open a shell in discord, where you input commands by sending messages. Tread very carefully when using this command as if you don't know what you are doing you can cause SERIOUS damage and also possibly make your identity known to a security buff who's pc might be infected as a sting.

-Screenshot

This command is painfully simple. When clicked, it will take a screenshot of all monitors and send it in the channel. This will later be improved upon by getting a live update or keylogger feature.

-Shutdown

This module just shuts down the users computer. this can be used as an emergency "stop" if you detect them taking removal measures of the malware.

-Commands

!clear - Clean up the interface back to the original state
!menu - Shows context menu with modules. use this if you want to not have to scroll up to execute modules.