HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

RAT Galileo RCS-Multiple Infection System

Status
Not open for further replies.
J

J0k3rj0k3r

Master-Staff
User
Joined
Jul 2, 2012
Messages
697
Reputation
0
Reaction score
10,069
Points
493
Credits
0
‎13 Years of Service‎
100%
Please note, if you want to make a deal with this user, that it is blocked.
I believe many of us know about this rat "Galileo RCS", this is not one of the popular HF craps but most advance rat at the moment selling for $21,000 from company, and funny part seller sells to agencies and government bodies, only with a lot of verification/authorization from government.Here it is for you to study and defend!!

2uf1Uco.jpg


1. Credits -- LookaPW and 4armed Security

 


2. Download lic/dongle patch and license[HIDE-THANKS]

This link is hidden for visitors. Please Log in or register now.


3. Download RCS setup complete files [HIDE-THANKS]

This link is hidden for visitors. Please Log in or register now.
[/HIDE-THANKS]

Setup MD5 - 80D9F6C1D803A2321AC5B21615ADCAD8

[VERDE]Size: 1.05 GB[/VERDE]

PASS RAR
To see this hidden content, you must like this content.
4. Install VMs

-- RCS MASTER ( Windows 7 x64 | 5 GB RAM )

-- RCS Collector ( Windows 7 x64 | 2 GB RAM)

-- Anonymizer ( CentOS 7 x64 | 2 GB RAM)

5. Configuration - Port forwarding

-- RCS MASTER -- 442 / 443 / 444

-- RCS collector -- 80

6. Configuration - RCS MASTER Installation

a. Set time 01 April 2015 (Disable internet time sync + vmx)

Look here:
This link is hidden for visitors. Please Log in or register now.


b. Set hostname/computername -- "rcsmaster"

c. Update hosts file -- C:\windows\system32\drivers\etc\hosts

-- xxx.xxx.xxx.xx rcscollector (IP of collector node) .. restart windows

Run RCS setup

-- Install Master node

- CN -- rcsmaster -- THIS IS IMPORTANT STEP CERTIFICATES WILL BE UNDER THIS HOSTNAME

- LIC -- FULL_VER.lic

- Password -- GalileoRCS1

c. Wait untill all files are extracted... When it says "removing old master node files.."

d. Goto C:\RCS\DB\bin -- replace/overwrite rcs-license-check

e. Wait for "Verify license.."

f. Goto C:\RCS\DB\lib\rcs-db-release\ -- replace/overwrite dongle.rb

g. Goto C:\RCS\DB\Console -- Install Adobe AIR then install console application

h. Open console

>> Username -- admin

>> Password -- GalileoRCS1

>> server -- rcsmaster

i. Wait for certificate import dialog...click yes!

j. You will see RCS Dashboard

k. Dont do anything, next install RCS collector

7. Configuration -- RCS collector

a. Set time 01 April 2015 (Disable internet time sync + vmx)

This link is hidden for visitors. Please Log in or register now.


b. Set hostname/computername -- "rcscollector"

c. Update hosts file -- C:\windows\system32\drivers\etc\hosts

-- xxx.xxx.xxx.xx rcsmaster (IP of master node) .. restart windows

Run RCS setup

-- Install Collector node

-- Master node CN -- "rcsmaster"

-- local hostname -- "rcscollector"

-- Password -- GalileoRCS1

-- Verify connection to Master DB >> Finish

8. Configuration -- Anonymizer

-- First goto Master node Dashboard

-- System >> check collector connection (should be green)

-- Create new anonymizer "anon1" | IP address: xxx.xxx.xxx.xx

-- Drag anon1 over Collector

-- Build Proxy installer script

9. Configuration Proxy (anon1) - CentOS

-- become root

-- Disable firewall

>> systemctl disable firewalld

>> systemctl stop firewalld

-- chmod u+x install

-- sh install

-- Wait for install complete...!

10. Goto Master node Dashboard

-- System >> Apply configuration

11. ALL Configuration should be green.. Done!

Guide installation: [HIDE-THANKS]
This link is hidden for visitors. Please Log in or register now.
[/HIDE-THANKS]

 
Last edited by a moderator:
Re: Galileo RCS-Multiple Infection System

Topic approved, but NOTE, The APPLICATION HAS NOT BEEN SCANNED (too big to be downloaded in my current location).


So download it and only use it under VM or SB.


If you experience any BACKDOOR connections, Please post here and I will personally make an effort of downloading and checking out.

 


==============


Approved because it has been lying in wait for a while.


==============


:

 
Re: Galileo RCS-Multiple Infection System

when trying to install Master node the error appears license invalid, even following all the tutorial steps

 
Please note, if you want to make a deal with this user, that it is blocked.
Re: Galileo RCS-Multiple Infection System

when trying to install Master node the error appears license invalid, even following all the tutorial steps
Click to expand...
If you go through all the steps correctly ... everything will be okay! I'm sure you wrong somewhere! Check it once again!

 
Re: Galileo RCS-Multiple Infection System

correct, I had not paid attention that should replace the files with the installation in progress.

c. Wait untill all files are extracted... When it says "removing old master node files.."

however now I am with the following error

CreateDirectory: "C:\RCS" created

CreateDirectory: "C:\RCS\setup" created

created uninstaller: 228823, "C:\RCS\setup\RCS-uninstall.exe"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayName"="RCS"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayIcon"="C:\RCS\setup\RCS.ico"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayVersion"="2015032101"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "UninstallString"="C:\RCS\setup\RCS-uninstall.exe"

WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoModify"="0x00000001"

WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoRepair"="0x00000001"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "InstDir"="C:\RCS"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "Publisher"="HT S.r.l."

Call: 2839

File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll"

File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1)

RMDir: "C:\RCS\rgloader"

RMDir: "C:\RCS\Ruby"

Call: 2839

File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll"

File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1)

Call: 2839

File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll"

File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1)

WriteRegExpandStr: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" "C:\RCS\Ruby\bin\ruby.exe"="DisableNXShowUI"

detailprint: Running installation scripts...

Call: 2839

File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll"

File: wrote 6656 to "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll"

detailprint: 2015-04-01 14:29:57 -0300 [DEBUG]: invoke env:setup on localhost

detailprint: Prepare environment

Jump: 507

detailprint: [echo]Prepare environment

detailprint: C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/client.rb:285:in `add_to_path': undefined method `include?' for nil:NilClass (NoMethodError)

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/env.nsh.rb:3:in `block in '

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `instance_eval'

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `invoke'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:17:in `block in '

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `instance_eval'

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `on'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:16:in `'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `RGLoader_load'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `'

Call: 508

MessageBox: 16,"An error occurred. See the log file C:\RCS\install.log for more informations."

 
Please note, if you want to make a deal with this user, that it is blocked.
Re: Galileo RCS-Multiple Infection System

correct, I had not paid attention that should replace the files with the installation in progress.
c. Wait untill all files are extracted... When it says "removing old master node files.."

however now I am with the following error

CreateDirectory: "C:\RCS" created

CreateDirectory: "C:\RCS\setup" created

created uninstaller: 228823, "C:\RCS\setup\RCS-uninstall.exe"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayName"="RCS"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayIcon"="C:\RCS\setup\RCS.ico"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "DisplayVersion"="2015032101"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "UninstallString"="C:\RCS\setup\RCS-uninstall.exe"

WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoModify"="0x00000001"

WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "NoRepair"="0x00000001"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "InstDir"="C:\RCS"

WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCS" "Publisher"="HT S.r.l."

Call: 2839

File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll"

File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1)

RMDir: "C:\RCS\rgloader"

RMDir: "C:\RCS\Ruby"

Call: 2839

File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll"

File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1)

Call: 2839

File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll"

File: skipped: "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\nsExec.dll" (overwriteflag=1)

WriteRegExpandStr: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" "C:\RCS\Ruby\bin\ruby.exe"="DisableNXShowUI"

detailprint: Running installation scripts...

Call: 2839

File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll"

File: wrote 6656 to "C:\Users\user\AppData\Local\Temp\nsvEE42.tmp\ExecDos.dll"

detailprint: 2015-04-01 14:29:57 -0300 [DEBUG]: invoke env:setup on localhost

detailprint: Prepare environment

Jump: 507

detailprint: [echo]Prepare environment

detailprint: C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/client.rb:285:in `add_to_path': undefined method `include?' for nil:NilClass (NoMethodError)

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/env.nsh.rb:3:in `block in '

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `instance_eval'

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:96:in `invoke'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:17:in `block in '

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `instance_eval'

detailprint: from C:/RCS/Ruby/lib/ruby/gems/2.0.0/gems/rcs-common-9.6.0/lib/rcs-common/updater/dsl.rb:110:in `on'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:16:in `'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `RGLoader_load'

detailprint: from C:/Users/user/AppData/Local/Temp/nsvEE42.tmp/rcs-setup.temp/main.nsh.rb:2:in `'

Call: 508

MessageBox: 16,"An error occurred. See the log file C:\RCS\install.log for more informations."
Click to expand...
Dude read install.log

MessageBox: 16,"An error occurred. See the log file C:\RCS\install.log for more informations."

 
Re: Galileo RCS-Multiple Infection System

I formated the VM and did after the installation and it worked,

however the RSC Console error

"Rcs console" Can not connect to server "

I checked the log file and I believe that is the license problem

LOG:

---------------------------

Reload

---------------------------

C:\RCS\DB\log\rcs-db_2015-04-01.log

2015-04-01 19:11:54 -0300 [iNFO]: Loading license limits C:/RCS/DB/config/rcs.lic

2015-04-01 19:11:54 -0300 [FATAL]: Invalid License File: corrupted integrity check

================================

the date of the operating system this April 1, 2015

I changed the vm file as the post

VM.vmx

============

tools.syncTime = "FALSE"

time.synchronize.continue = "FALSE"

time.synchronize.restore = "FALSE"

time.synchronize.resume.disk = "FALSE"

time.synchronize.shrink = "FALSE"

time.synchronize.tools.startup = "FALSE"

time.synchronize.tools.enable = "FALSE"

time.synchronize.resume.host = "FALSE"

 
Please note, if you want to make a deal with this user, that it is blocked.
Re: Galileo RCS-Multiple Infection System

I formated the VM and did after the installation and it worked,however the RSC Console error

"Rcs console" Can not connect to server "

I checked the log file and I believe that is the license problem

LOG:

---------------------------

Reload

---------------------------

C:\RCS\DB\log\rcs-db_2015-04-01.log

2015-04-01 19:11:54 -0300 [iNFO]: Loading license limits C:/RCS/DB/config/rcs.lic

2015-04-01 19:11:54 -0300 [FATAL]: Invalid License File: corrupted integrity check

================================

the date of the operating system this April 1, 2015

I changed the vm file as the post

VM.vmx

============

tools.syncTime = "FALSE"

time.synchronize.continue = "FALSE"

time.synchronize.restore = "FALSE"

time.synchronize.resume.disk = "FALSE"

time.synchronize.shrink = "FALSE"

time.synchronize.tools.startup = "FALSE"

time.synchronize.tools.enable = "FALSE"

time.synchronize.resume.host = "FALSE"
Click to expand...
I dont know what are you doing wrong .,anyway try with another license

This link is hidden for visitors. Please Log in or register now.


 
Re: Galileo RCS-Multiple Infection System

Thanks a lot for the help. finally succeeded, simply I deleted the file

C: /RCS/DB/config/rcs.lic

and after the error appeared

[FATAL]: No license file found

so I just threw the new license and worked

 
Please note, if you want to make a deal with this user, that it is blocked.
Re: Galileo RCS-Multiple Infection System

Thanks a lot for the help. finally succeeded, simply I deleted the fileC: /RCS/DB/config/rcs.lic

and after the error appeared

[FATAL]: No license file found

so I just threw the new license and worked
Click to expand...

I am glad I was able to help you

 
Re: Galileo RCS-Multiple Infection System

What is the password to this RAR anyone know the password let me know

 
Re: Galileo RCS-Multiple Infection System

what password for archive "Galileo RAT Full.rar"?

 
Please note, if you want to make a deal with this user, that it is blocked.
Re: Galileo RCS-Multiple Infection System

what password for archive "Galileo RAT Full.rar"?
Click to expand...
Sorry guy's the pass for the RAR it's 1337NET.RU

 
Re: Galileo RCS-Multiple Infection System

2015-04-01 15:22:27 +0700 [FATAL]: Could not connect to a primary node for replica set #]>

2015-04-01 15:22:27 +0700 [WARN]: Database connection failed, retry...

Help me, please.

 
Re: Galileo RCS-Multiple Infection System

vlw por compartilhar

 
Re: Galileo RCS-Multiple Infection System

2015-04-01 15:22:27 +0700 [FATAL]: Could not connect to a primary node for replica set #]>2015-04-01 15:22:27 +0700 [WARN]: Database connection failed, retry...

Help me, please.
Click to expand...
it says your database connection has failed, are you sure you configured the DB correctly ?

 
Re: Galileo RCS-Multiple Infection System

thanks so much for sharing this bro many thanks to u bro

 
Re: Galileo RCS-Multiple Infection System

Gracias por compartirla

 
Re: Galileo RCS-Multiple Infection System

I've configured everything, except the anonymizer. I've build the installer and installed on centos, but on rcs console the anonymizer does not receive status update. Why? Somebody can explain me exactly how to configure the anonymizer on centos? Thanks and sorry for bad english.

 
Status
Not open for further replies.
Back
Top