‘Beast’ is a Windows based backdoor trojan horse, commonly known as “RAT” or Remote Administration Tool. It is written in Delphi. It uses the typical client-server model for launching an attack. It is somewhat similar to metasploit in Kali.
Beast was one of the first trojans to feature a reverse connection its victim, giving the attacker complete control over the infected computer once the connection is established. It is capable of infecting versions of Windows from win 95 to the latest win 10.
Step 1: Boot into any Windows machine and install Beast application. It is advised to go with Windows XP or lower. The setup file can be downloaded here.
Step 2: Start the Beast application.
Step 3: Click on Build Server button.
Step 4: Select the Inject in Explorer.exe option.
Step 5: Go to AV-FW Kill tab and make sure you enable all the check boxes for disabling anti-virus and firewall.
Step 6: Go to Misc. tab and disable Melt server on install option and enable Clear restore points(XP) option.
Step 7: Go to Exe Icon tab and select any icon to disguise and click on the Save Server button.
Now that our Trojan file is ready to use, send the Trojan file to victim and lure them to execute the created trojan file on the victim system.
Step 8: Now that the victim has installed the trojan without knowing that its actually a trojan, connect to the victim computer by giving the IP address and Port in Beast and click on Go Beast button.
Step 9: Now that we’ve established the connection, select the action or task you want to execute on victim’s PC from the given list.
Clicking on Files button gives access to the victim’s file directory.
Clicking on the Registry gives us the permission to change the HKey_* registry values of the victim.
Note that the default ports used for the direct and reverse connections were 6666 and 9999 respectively. Still you can change the default ports. Beast also comes with file binder to embed the trojan into another application. Thats the reason it is used today and backed by the community.