Jump to content

Hidden VNC install

cyoung_mi

By cyoung_mi
in Security

 Share

Recommended Posts

cyoung_mi Newbie

cyoung_mi

Posted
Posted

Hi, I was wondering if anyone has found a way to hide a quiet vnc server installation in

something small like a movie file or some other type of attachment?

I'm wondering if it's possible to email someone a simple attachment ( one that might pass a virus scan )

that once they extract or run it, it shows something "Fun" like a silly movie, or the like

but also installs VNC server service quietly and updates something like dyndns.org?

I'm guessing either the virus scan would catch VNC install, or windows would popup the internet access to dyndns.org

( vista for sure ).

This could be really nasty and I hope there are ways to block this or protect yourself.

Thanks!

Chris

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted

Unless there is a vulnerability in a particulate system that acts upon other wise non-executable files, then there is no way to use non-executable files to install or run stuff. The majority of file types that do allow code execution (exe, msi, bat, com, dll, lnk) are blocked by most email services.

Link to comment
Share on other sites
decepticon_eazy_e Newbie

decepticon_eazy_e

Posted
Posted
Unless there is a vulnerability in a particulate system that acts upon other wise non-executable files, then there is no way to use non-executable files to install or run stuff. The majority of file types that do allow code execution (exe, msi, bat, com, dll, lnk) are blocked by most email services.

this thread has been done to death, it was only a couple weeks ago, check the history.

Link to comment
Share on other sites
cyoung_mi Newbie

cyoung_mi

Posted
  • Author
Posted

Sorry for doing something to death.. I did a search for VNC..

I understand most exe and such are blocked, but perhaps if the exe was zipped, it might pass ok.

and I wasnt clear I guess.. I didnt mean try and embed VNC into a jpg or avi file..

I meant, hidding VNC server install inside a exe that does something simple, so the user thinks it worked.

( maybe like a keygen program or something simple )

Basicly I am asking if there a way for someone to sneak a VNC server install on your machine without you knowing.

and if so, how do you protect yourself? ( besides the well known idea of "DONT OPEN ATTACHMENTS!" haha )

Link to comment
Share on other sites
lopez1364 Newbie

lopez1364

Posted
Posted

This is actually a lot simpler than it seems. First of all attaching VNC to a jpg or avi will set all all kinds of alerts but what you need to do is attach a meterpreter exe to a trusted program or even (dark package it) that you can run a script to send a vnc to the machine. I have tested this scenario and always works like a charm.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...