The Remote Hacker Probe: A Threat Emulation and Red Teaming Framework
Introduction
The Remote Hacker Probe is a powerful and versatile framework designed for threat emulation and red teaming purposes. It offers a range of features, including keystroke logging, reflective DLL injection, reverse shell, password recovery, and more. The framework is built to be user-friendly, making it accessible to both beginners and experienced penetration testers.
Open Source and Continuous Improvement
The core of the Remote Hacker Probe is open source, allowing developers to contribute to its improvement over time. This collaborative approach ensures that the framework stays up-to-date with the latest security trends and techniques.
Fast and Lightweight
Remote Hacker Probe is implemented in Java, making it fast and lightweight. It can run on any system with a Java Runtime Environment (JRE). The client component is written in C++ specifically for native Windows environments, further enhancing its performance and compatibility.
Unified Version and Source Code Availability
Previously, the Remote Hacker Probe had two versions: the open source version and the professional version. However, these two versions have now been merged into a single unified version. Additionally, the source code of the professional version is also open source, allowing users to examine and customize it according to their needs. For more detailed information, please refer to the provided link.
Note: It is essential to use the Remote Hacker Probe responsibly and strictly for authorized penetration testing, demonstrations, and research purposes. The author explicitly disclaims any responsibility for any misuse or damage caused by the program.
Installation & Usage
To install and use the Remote Hacker Probe, follow these steps:
- Download Java 11+ or preferably Java 15.
- Download the ZIP file attached in the latest release.
- Run the “run-on-linux.desktop” file for Linux or the “run-on-windows.bat” file for Windows.
- To get started with Remote Hacker Probe, refer to the provided video or documentation.
Server Features
The Remote Hacker Probe server offers the following features:
- Visually appealing and themeable graphical user interface with Dark, Light, Solarized Dark, and Solarized Light themes.
- Designed for ease of use and setup, making it extremely user-friendly.
- Cross-platform compatibility due to being coded in Java, allowing it to run on any system with a Java Runtime Environment (JRE).
- Event logging capabilities for tracking and analyzing activities.
- High-speed file upload and download functionality.
Main Features
The main features of the Remote Hacker Probe include:
Probe Client
The Probe Client is a standalone executable file that contains the necessary malicious code to gain remote control over a targeted computer. It provides the following capabilities:
- Reflective DLL injection with custom options, allowing for reading output and passing parameters to the DLL.
- Download, upload, delete, and browse the entire file system of the remote computer.
- Reverse shell access, providing full command line control.
- Scanning the remote network for hosts.
- Port scanning hosts within the target network.
- Scanning the remote network for hosts vulnerable to Eternal Blue.
- Retrieving process information based on process names.
- Geolocating the client using the IP address.
- Remote PC shutdown and restart functionality.
- Screen capturing of the remote PC.
- Recording microphone input.
- Adding to startup persistence on command.
- Displaying message boxes on the remote PC.
- Opening URLs in the default browser of the remote PC.
- USB infection capabilities.
- Logging active windows.
- Displaying UAC (User Account Control) status in the main table.
- Showing the client path in the main table.
- Keylogging functionality.
- Password recovery capabilities.
- Support for Pidgin, FileZilla, Vault & IE, WinSCP, WiFi, Credential Manager, and Task Manager.
Reflective Loader Client
The Reflective Loader Client is a stripped-down version of the Probe Client, focusing primarily on reflective DLL injection. It establishes a connection with the server and runs payloads in memory. The Reflective Loader Client offers the following features:
- Reflective Probe Payload: Runs the Probe Client in memory.
- Message Box Payload: Displays a message box as the process it was injected into.
- Open URL Payload: Opens a URL as the process it was injected into.
- Elevation Payload: Triggers a User Account Control (UAC) prompt for the process it was injected into, masquerading as “WindowsDefender.exe”.
- Add/View Windows Defender Exclusions.
- Reverse Shell.
- Task Manager.
- Reflective DLL Injection with custom options, allowing for reading output and passing parameters to the DLL.
Tutorials and Posts
For more information on using the Remote Hacker Probe, refer to the following tutorials and posts:
- Getting Started with Remote Hacker Probe
- Getting Started with Remote Hacker Probe (Video)
- Running Completely in Memory using Remote Hacker Probe’s new DLL Loader Payload
- Beginner’s Guide to Reflective DLL Injection for writing your own DLLs
Version 2 Changelogs
For details on the changes introduced in Version 2 of the Remote Hacker Probe, please refer to the provided changelogs.
Conclusion
The Remote Hacker Probe offers a comprehensive set of tools and functionalities for authorized penetration testing, demonstrations, and research purposes. Its user-friendly nature, open source core, and continuous improvement make it a valuable framework for professionals in the field of cybersecurity.
Disclaimer: It is crucial to use the Remote Hacker Probe and similar software responsibly, strictly adhering to ethical guidelines. The author bears no responsibility for any misuse or damage caused by the program.