HaxRat : cloud based remote android management suite

HaxRat is a cloud based remote android management suite in simple word it is a Android RAT, powered by NodeJS. It works in Linux and Termux (Android).

haxrat github tool made by hax4us control android remotely


Installing HaxRat on Kali Linux

The installation process is the same as we did in our L3MON tutorial. We have detailed discussion on our that post So we are not going to explain the commands.

First we install JRE in Kali by using following command:

sudo apt-get install openjdk-8-jre

Then we download NodeJs in our system by applying following command:

curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -

Now we install NodeJs by preceding following command:

sudo apt-get install -y nodejs

Now we need pm2 process manager to install this we use following command:

sudo npm install pm2 -g

Now we clone haxRat from it’s GitHub repository by using following command:

git clone https://github.com/Hax4us/haxRat

Then we navigate to server directory under haxRat by using cd command:

cd /haxRat/server

Then we need to install dependencies by using following command:

npm install

Then we start the server by using following command:

node index.js

Now we can see our server in our browser http://localhost:22533 there will be a login page as following screenshot:

haxrat login panel

Now we stop this server by using CTRL+C command. Now what to do ? Login ? But where are the credentials?  We have talked before how to create a custom credential on our older L3MON tutorial. Otherwise check the haxRat GitHub repository for default credentials.

After login we can see the main page as shown in the following screenshot:

haxrat dashboard termux

Now we go to the APK Builder page and give our local IP address and click on build.

If got  error like “Wrong java Version installed…..” this when building APK then try following command:

sudo update-alternatives --config java

Then Then we type 2 and enter.

Then we stop our running haxRat server by CTRL+C and start it again this problem will be solved.

Now we can build Spy APK and send it to victim, whenever victim install it and grant the permission. Or if we got victim’s phone in hand then we can implement this.

We got the victim in our haxRat dashboard like following screenshot:

haxrat dashboard

Now in the manage section we can manage the Android device totally. Magics will start from here.

Installed Android Apps
File Manager
Recording from front Camera

Installing HaxRat on Android (using Termux)

This is easy to installed in Termux. We try following commands one after another to install and configure haxRat.

apt install nodejs
git clone https://github.com/hax4us/haxRat.git
cd haxRat/server
npm install
mkdir ~/haxrat 
node index.js

In our browser we navigate to http://<Local IP>:22533 and we will be the login screen of haxRat

Leave a Comment

Your email address will not be published. Required fields are marked *