Stealth & Control: Mastering Linux Post-Exploitation with the Eden-RAT GUI

Introduction

Eden-RAT is a lightweight remote access tool (RAT) designed for the initial stage of penetration testing.
It provides a graphical user interface (GUI) with multiple features for Linux systems, including a file manager and an interactive shell.

The interactive shell allows full command execution, enabling users to run commands such as sshncaptpip installvim, and other interactive programs.

Technical Overview

Eden-RAT supprots encrypted communication using either AES/RSA hybrid encryption or TLS.

The AES pure implementation is adapted from:
https://github.com/bozhu/AES-Python

Once a payload successfully connects to the Eden server, it dynamically loads additional modules delivered by the server. These modules are executed via exec() and their class instances are registered within an internal dictionary-based class registry.

The overall architecture is illustrated below:

Features

Eden (Operator)

  • Build Payload
  • Multi Listener
  • Encrypted Channels

Infected Machine

  • Information
  • File Manager
    • Display Image
    • Edit, Copy, Move, Paste, Upload, Download, Rename, Datetime
    • WGET
    • Archive: Compress, Extract
    • New: Folder, Text File
  • Process View
  • Service View
  • Connection: Disconnect, Reconnect

Use

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce