Writing a RAT and other things infosec

Progress report: enum onions

Progress has not been as fast as I hoped lately. There are several reasons for this, but most of it is probably due to a lack of planning. When I finally started programming RustRAT I had a very specific idea of what I wanted to start with. After I finished that specific, little part of RustRAT, progressed seemed to halt to a grind. While I have slowed down some, progress seems slower than it is because my plan is less detailed for this part of the development.

Playing with async

When deciding on the architecture for RustRAT’s C2 server, I went for something asynchronous. There are no very good reasons for this, but I have never really written anything major in an asynchronous manner before. Besides, a lot of nice looking Rust crates are also written using asynchronous code, so this lets me play with them. As I am doing something I have never done before, progress is slow as I play with tokio, figure out what to put in my .

(Almost) a RAT

The libffi bindings are now working, which means that RustRAT is now able to execute WebAssembly binaries, and those binaries can call arbitrary functions from dlls. I have also uploaded the code to github, so it is possible to follow the progress at https://github.com/rustrat/rustrat. In this post I will briefly mention what has been done so far, the next step on the way to a full-fledged RAT, and finally a little guide on how to call MessageBoxA from a WebAssembly binary.

Error handling errors

RustRAT uses libffi (more specifically the libffi-rs bindings) to call arbitrary functions at run-time. This works by putting the function’s argument and return types into a struct and providing libffi with a function pointer. Libffi then makes sure that all the arguments are placed in the correct registers or on the stack and calls the function pointer. I am not that proficient with Rust yet, but if anything is unsafe, I am pretty sure this is it.

January 2021 update

It has been three weeks since my last post, and progress has been slow. I will be trying to write small status updates semi-regularly both to keep myself motivated and try to document the development of RustRAT. Since last time, I have written code for running WebAssembly programs and for calling arbitrary functions from DLLs at run-time using libffi, more specifically with the libffi-rs bindings. Currently, I am working on trying to put these two parts together using a lot of ugly and unsafe Rust.

RustRAT is not dead

It has been more than six months since I wrote the first blog post about RustRAT. During these months, the closest I have come to actually doing something has been to build myself a new computer with many cores in order to compile code faster or something like that. However, rather than develop RustRAT I have been busy playing all the games I have been unable to play the last ten years due to lack of a computer able to play recent games.

Introducing RustRAT

I am writing this blog as I started developing a RAT during the spring of 2020 and wanted a place to document my ideas and progress with this project. This is something I have been planning on doing for a couple of years, but I did not get around to actually writing any code until this spring. RustRAT is as its name suggests, a Remote Access Trojan written in rust, and even though it is not included in the name, lua.