Ratel Server

Ratel War Room is an API driven server which works over HTTP and WebSocket. The server responses have some parameters which are common across all responses. These are: access, status and task. The access parameter specifies whether the current user’s access token is valid. The status parameter specifies the execution status of the request. If the request was not executed, the return value will be false, else true. The task parameter specifies the task Id for response. This can be helpful when querying multiple requests and parsing the appropriate response. Some requests will have the response under task id 24 This just means the response is a broadcast message which will be delivered to all connected users. I will document all the APIs of the server and post it soon.

Ratel Server accepts a json-configuration file in the command line arguement. When you create a server for the first time, you have to supply the admin username and password to start the server. Alternatively it also accepts a certificate and a key file which it uses for HTTPS and WebSocket connections. Ratel server can be started in either boomerang mode or ratel mode.

Ratel Mode

Ratel mode is the core server mode which interacts with badgers, starts listener and is your main C2 communication channel. Boomerang and Brute Ratel are not supposed to be run in the same server for operational security since Boomerang agents when injected by the badger, create a lot of HTTPS traffic due to the nature of socks proxy. Brute Ratel mode can be started as shown in the image below.

Boomerang Mode

In Boomerang mode, the server acts as a standalone socks and HTTPS proxy server. The host:port of the HTTPS server where the badgers would connect to send the pivot data, can be specified using the -host argument and the proxychains host/port can be specified using the -proxy argument. Boomerang mode also accepts password for authentication and ssl key/cert for HTTPs encryption. All invalid requests/scans from third parties will also be shown by the server if -v option is selected, else it can also be written to a file using the -o option.

Updating Brute Ratel Package

Brute Ratel can by updated using the -update commandline argument from the ratel server console (brute-ratel-linx64/brute-ratel-armx64). Upon attempting to update, it will ask you to enter the License key and the registered email ID. If you have lost your license key, you can request for a duplicate one by contacting use at paranoidninja@0xdarkvortex.dev.