Stealth & Control: Mastering Linux Post-Exploitation with the Eden-RAT GUI

Introduction

Eden-RAT is a lightweight remote access tool (RAT) designed for the initial stage of penetration testing.
It provides a graphical user interface (GUI) with multiple features for Linux systems, including a file manager and an interactive shell.

The interactive shell allows full command execution, enabling users to run commands such as ssh, nc, apt, pip install, vim, and other interactive programs.

Technical Overview

Eden-RAT supprots encrypted communication using either AES/RSA hybrid encryption or TLS.

The AES pure implementation is adapted from:
https://github.com/bozhu/AES-Python

Once a payload successfully connects to the Eden server, it dynamically loads additional modules delivered by the server. These modules are executed via exec() and their class instances are registered within an internal dictionary-based class registry.

The overall architecture is illustrated below:

Features

• Build Payload
• Multi Listener
• Encrypted Channels

• Information
• File Manager
  • Display Image
  • Edit, Copy, Move, Paste, Upload, Download, Rename, Datetime
  • WGET
  • Archive: Compress, Extract
  • New: Folder, Text File
• Process View
• Service View
• Connection: Disconnect, Reconnect

Use

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy