{"id":31792,"date":"2024-01-23T09:16:43","date_gmt":"2024-01-23T09:16:43","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31792"},"modified":"2024-01-23T09:16:46","modified_gmt":"2024-01-23T09:16:46","slug":"ghost-3","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/ghost-3\/","title":{"rendered":"Ghost &#8211; Unmasking The Intricacies Of A Remote Access Trojan"},"content":{"rendered":"\n<p><strong>Ghost<\/strong>\u00a0is a light\u00a0<a href=\"http:\/\/searchsecurity.techtarget.com\/definition\/RAT-remote-access-Trojan\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">RAT<\/a>\u00a0that gives the server\/attacker full remote access to the user&#8217;s command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client\/zombie noticing. <\/p>\n\n\n\n<p>The server\/attacker is also given the ability to download and execute files on the client\/zombie&#8217;s computer. This is also a silent and hidden process. <\/p>\n\n\n\n<p>Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.<\/p>\n\n\n\n<p>This malware is distributed simply by running\u00a0<em>zombie.exe<\/em>. This file name can be changed to whatever. There is no restriction. <\/p>\n\n\n\n<p>When run, it searches for the first two arguments (IP &amp; Port). If neither is provided, the program doesn&#8217;t run. With that being said, make sure you provide the server&#8217;s IP and Port in the command-line arguments. Example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>zombie.exe 127.0.0.1 27015<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/AHXR\/ghost#bot-features\"><\/a><strong>Bot Features<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Remote command execution<\/li>\n\n\n\n<li>Silent background process<\/li>\n\n\n\n<li>Download and run file (Hidden)<\/li>\n\n\n\n<li>Safe Mode startup<\/li>\n\n\n\n<li>Will automatically connect to the server<\/li>\n\n\n\n<li>Data sent and received is encrypted (substitution cipher)<\/li>\n\n\n\n<li>Files are hidden<\/li>\n\n\n\n<li>Installed Antivirus shown to server<\/li>\n\n\n\n<li>Easily spread malware through download feature<\/li>\n\n\n\n<li>Startup info doesn&#8217;t show in msconfig or other startup checking programs like CCleaner<\/li>\n\n\n\n<li>Disable Task Manager<\/li>\n<\/ul>\n\n\n\n<p>When successfully started, it adds itself to the start-up pool and runs silently in the background. It will try to repeatedly connect to the server. <\/p>\n\n\n\n<p>This process does not hog any memory or CPU usage. This means that the zombie will silently just idle in the background and whenever the server is up, it will automatically connect.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhRDZ6oRp6Z4DkHWatpkZIYWM8e7rYX1nvL1uTEvq4hzfnDb62oSE4zkb1iFZM6iS4Ry0GcPYPHPPmpChphft5qF1amc3qchfA5XIPuIaWz2SnCWUYyEPmN5oC9VtqYVH-IcUhWBeWwnxwX_r6g0led93zzGYQdpNDQxUl2pgqFjWuHeL-62EdUnKZE-Ard\/s16000\/68747470733a2f2f692e696d6775722e636f6d2f573561433672672e706e67.png\" alt=\"\"\/><\/figure>\n<\/div>\n\n\n<p>When starting the server, it will prompt for you a listening port. This is the port that you need to use in the command-line for zombie.exe. <\/p>\n\n\n\n<p>Once you provide the port, your server information will be provided and the menu will be down. The IP address provided is your external IP. <\/p>\n\n\n\n<p>With that being said, unless the client\/zombie is actively looking and tracking open connections, it will probably be smart to run this server under a remote location if you want to stay anonymous. <\/p>\n\n\n\n<p>If this does not interest you, simply renaming zombie.exe and\/or changing the assembly information using a tool will likely fool the client\/zombie.<\/p>\n\n\n\n<p><strong>Note<\/strong>: This project was only made for education purposes and to test out my recently published repositories (<a href=\"https:\/\/github.com\/AHXR\/ahxrlogger\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">ahxrlogger<\/a>\u00a0&amp;\u00a0<a href=\"https:\/\/github.com\/AHXR\/ahxrwinsocket\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">ahxrsocket<\/a>). If you choose to use this for malicious reasons, you are completely responsible for the outcome.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ghost\u00a0is a light\u00a0RAT\u00a0that gives the server\/attacker full remote access to the user&#8217;s command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client\/zombie noticing. The server\/attacker is also given the ability to download and execute files on the client\/zombie&#8217;s computer. This is also a silent and hidden process. Like most Remote Access Trojans, [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":31797,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,1321,6321,6052,6325],"class_list":["post-31792","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-ghost","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ghost - Unmasking The Intricacies Of A Remote Access Trojan<\/title>\n<meta name=\"description\" content=\"Ghost\u00a0is a light\u00a0RAT\u00a0that gives the server\/attacker full remote access to the user&#039;s command-line interpreter (cmd.exe). They are allowed to\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/ghost-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ghost - Unmasking The Intricacies Of A Remote Access Trojan\" \/>\n<meta property=\"og:description\" content=\"Ghost\u00a0is a light\u00a0RAT\u00a0that gives the server\/attacker full remote access to the user&#039;s command-line interpreter (cmd.exe). They are allowed to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/ghost-3\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-23T09:16:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-23T09:16:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"Ghost &#8211; Unmasking The Intricacies Of A Remote Access Trojan\",\"datePublished\":\"2024-01-23T09:16:43+00:00\",\"dateModified\":\"2024-01-23T09:16:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/\"},\"wordCount\":414,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp\",\"keywords\":[\"cybersecurity\",\"Ghost\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/ghost-3\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/\",\"name\":\"Ghost - Unmasking The Intricacies Of A Remote Access Trojan\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp\",\"datePublished\":\"2024-01-23T09:16:43+00:00\",\"dateModified\":\"2024-01-23T09:16:46+00:00\",\"description\":\"Ghost\u00a0is a light\u00a0RAT\u00a0that gives the server\/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/ghost-3\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ghost - Unmasking The Intricacies Of A Remote Access Trojan","description":"Ghost\u00a0is a light\u00a0RAT\u00a0that gives the server\/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/ghost-3\/","og_locale":"en_US","og_type":"article","og_title":"Ghost - Unmasking The Intricacies Of A Remote Access Trojan","og_description":"Ghost\u00a0is a light\u00a0RAT\u00a0that gives the server\/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to","og_url":"https:\/\/kalilinuxtutorials.com\/ghost-3\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-01-23T09:16:43+00:00","article_modified_time":"2024-01-23T09:16:46+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"Ghost &#8211; Unmasking The Intricacies Of A Remote Access Trojan","datePublished":"2024-01-23T09:16:43+00:00","dateModified":"2024-01-23T09:16:46+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/"},"wordCount":414,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","keywords":["cybersecurity","Ghost","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/ghost-3\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/","url":"https:\/\/kalilinuxtutorials.com\/ghost-3\/","name":"Ghost - Unmasking The Intricacies Of A Remote Access Trojan","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","datePublished":"2024-01-23T09:16:43+00:00","dateModified":"2024-01-23T09:16:46+00:00","description":"Ghost\u00a0is a light\u00a0RAT\u00a0that gives the server\/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/ghost-3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/ghost-3\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgzz_OeIJvkuxQIWoEqA98kW2mgjIk3Q43pBHE_qCpXkbhuB8r2JCeZ0R62qay8jVX-wOHNd3VocvmlIpwdEZCKVhAiAowab9mnQ6rwb3kp9fmhQ_JQ_HveFw6Rib_dsWvqfqps4JDczRAMF7UcfjHL-ro13WjGRsxj8cuc8XQ8sZIBb32gaZZbsK08QJHW\/s16000\/Untitled%20design%20(5).webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":11972,"url":"https:\/\/kalilinuxtutorials.com\/ghost-2\/","url_meta":{"origin":31792,"position":0},"title":"Ghost : An Android Post-Exploitation Framework","author":"R K","date":"December 22, 2020","format":false,"excerpt":"Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting Started Ghost installationGhost uninstallation Execution To run Ghost Framework you should execute the following command. ghost Why\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9629,"url":"https:\/\/kalilinuxtutorials.com\/ghost\/","url_meta":{"origin":31792,"position":1},"title":"Ghost : Android Debug Bridge To Remotely Access An Android Device","author":"R K","date":"March 10, 2020","format":false,"excerpt":"Ghost Framework is an Android post-exploitation framework that uses an Android Debug Bridge to remotely access an Android device. It Framework gives you the power and convenience of remote Android device administration. Installation cd ghostchmod +x install.sh.\/install.sh Un-installation cd ghostchmod +x uninstall.sh.\/uninstall.sh Execution To execute the Framework you should execute\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10111,"url":"https:\/\/kalilinuxtutorials.com\/cve-2020-0796\/","url_meta":{"origin":31792,"position":2},"title":"CVE-2020-0796 : Windows SMBv3 Client\/Server Remote Code Execution Vulnerability","author":"R K","date":"April 3, 2020","format":false,"excerpt":"CVE-2020-0796 is a remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. To exploit the vulnerability against a server,\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":21579,"url":"https:\/\/kalilinuxtutorials.com\/fileless-xec\/","url_meta":{"origin":31792,"position":3},"title":"Fileless-Xec : Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk","author":"R K","date":"February 7, 2022","format":false,"excerpt":"Fileless-Xec is a Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk Pentest use:\u00a0fileless-xec\u00a0is used on target machine to stealthy execute a binary file located on attacker machine Short story fileless-xec\u00a0enable us to execute a remote binary on a local machine directly from memory without dropping them on disk\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909 2x"},"classes":[]},{"id":7829,"url":"https:\/\/kalilinuxtutorials.com\/betterbackdoor-backdoor-with-a-multitude-features\/","url_meta":{"origin":31792,"position":4},"title":"BetterBackdoor : A Backdoor With A Multitude Of Features","author":"R K","date":"December 26, 2019","format":false,"excerpt":"BetterBackdoor is a backdoor is a tool used to gain remote access to a machine. Typically, backdoor utilities such as NetCat have 2 main functions: to pipe remote input into cmd or bash and output the response. This is useful, but it is also limited. BetterBackdoor overcomes these limitations by\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":38653,"url":"https:\/\/kalilinuxtutorials.com\/fake-vpn-download-trap-can-steal-your-work-login-in-minutes\/","url_meta":{"origin":31792,"position":5},"title":"Fake VPN Download Trap Can Steal Your Work Login in Minutes","author":"0xSnow","date":"March 18, 2026","format":false,"excerpt":"People trying to securely connect to work are being tricked into doing the exact opposite. A new malware campaign shows how a simple search for a VPN client can end with attackers stealing corporate login details and using them to access company networks. According to Malwarebytes, the attack starts when\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/kalilinuxtutorials.com\/category\/news\/"},"img":{"alt_text":"Fake VPN Download Trap Can Steal Your Work Login in Minutes","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgS_iqC1YlQQ_rSn4IE61U5ss7ZEsV3lABTg4ps1QT9mSYavyx7TJzOJanBugDxiuruqQC7zmprf7jdBrnT4-arNkwjN8BDs-0IAe94cHrG6zP2IWiciolaguN6SMk13zCOBJW_YATCxsaz_LlVFHWHLlPSLAS0Ff2ChDeHjajUViji9WqVfRhFoAFGVvo\/s700\/vpn.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgS_iqC1YlQQ_rSn4IE61U5ss7ZEsV3lABTg4ps1QT9mSYavyx7TJzOJanBugDxiuruqQC7zmprf7jdBrnT4-arNkwjN8BDs-0IAe94cHrG6zP2IWiciolaguN6SMk13zCOBJW_YATCxsaz_LlVFHWHLlPSLAS0Ff2ChDeHjajUViji9WqVfRhFoAFGVvo\/s700\/vpn.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgS_iqC1YlQQ_rSn4IE61U5ss7ZEsV3lABTg4ps1QT9mSYavyx7TJzOJanBugDxiuruqQC7zmprf7jdBrnT4-arNkwjN8BDs-0IAe94cHrG6zP2IWiciolaguN6SMk13zCOBJW_YATCxsaz_LlVFHWHLlPSLAS0Ff2ChDeHjajUViji9WqVfRhFoAFGVvo\/s700\/vpn.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgS_iqC1YlQQ_rSn4IE61U5ss7ZEsV3lABTg4ps1QT9mSYavyx7TJzOJanBugDxiuruqQC7zmprf7jdBrnT4-arNkwjN8BDs-0IAe94cHrG6zP2IWiciolaguN6SMk13zCOBJW_YATCxsaz_LlVFHWHLlPSLAS0Ff2ChDeHjajUViji9WqVfRhFoAFGVvo\/s700\/vpn.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31792"}],"version-history":[{"count":1,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31792\/revisions"}],"predecessor-version":[{"id":31795,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31792\/revisions\/31795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31797"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}