remkow Posted November 6, 2006 Share Posted November 6, 2006 I saw that a program called services.exe installs the WinVNC app as a service. My question is, what does it exactly do, and is the source code available? This is because I am making my own payload, and services.exe is the only program that is still detected by my AV (trying to make a pyload that doesn't need to kill any antiviruses) EDIT: i got it working without using services.exe, topic can be locked or whatever Quote Link to comment Share on other sites More sharing options...
DLSS Posted November 6, 2006 Share Posted November 6, 2006 hey , i'm interested :D if u succeed pls do release it ! (groetjes :D DLSS) Quote Link to comment Share on other sites More sharing options...
pseudobreed Posted November 6, 2006 Share Posted November 6, 2006 Services.exe is part of Microsoft's OS. It's the program that actually installs, starts, stops, deletes services. Quote Link to comment Share on other sites More sharing options...
remkow Posted November 6, 2006 Author Share Posted November 6, 2006 I am talking about the services.exe in the winvnc payload. This is probably a different program with the same name, because I don't think that antivirus software would detect a legit windows application.. Quote Link to comment Share on other sites More sharing options...
spektormax Posted November 6, 2006 Share Posted November 6, 2006 well considering I reslised it, servercies.exe is a modifed services, tit uses some weird registries to alwasy have r00t, use avkill it should work Quote Link to comment Share on other sites More sharing options...
DLSS Posted November 6, 2006 Share Posted November 6, 2006 yeah but he wants to make a stick that install's vnc , without the need for a av kill and without the virus detectors going off ... Quote Link to comment Share on other sites More sharing options...
spektormax Posted November 6, 2006 Share Posted November 6, 2006 it can be done, I was just lazy to do it, look at the hacksaw, follow the same struckture and use a registry in the run registery to auto run the winvnc. Its not hard, I jsut did it that way cuz I was in a rush Quote Link to comment Share on other sites More sharing options...
remkow Posted November 7, 2006 Author Share Posted November 7, 2006 Can you tell me which registry entries are created/modified?? EDIT: nevermind guys, I've found a way to do it without even using services.exe Quote Link to comment Share on other sites More sharing options...
DLSS Posted November 7, 2006 Share Posted November 7, 2006 Can you tell me which registry entries are created/modified??EDIT: nevermind guys, I've found a way to do it without even using services.exe can u release wot u've got ? Quote Link to comment Share on other sites More sharing options...
remkow Posted November 7, 2006 Author Share Posted November 7, 2006 Yeah sure. I used regmon to to check what registry entries were created when the services.exe would be used, and I saw that they were exactly the same as those in vncdmp2.reg, meaning that the entire services.exe component was not necessary.. So I deleted services.exe, and removed it from services.bat in the VNCInstallfiles dir. I tried it out, and it worked just like it used to, without my antivirus going crazy :D Quote Link to comment Share on other sites More sharing options...
geocine Posted January 9, 2007 Share Posted January 9, 2007 ill give it a try Quote Link to comment Share on other sites More sharing options...
remkow Posted January 9, 2007 Author Share Posted January 9, 2007 lol, I forgot I made this topic :P I do have to say that the installation doesn't occur correctly without the services.exe, not sure what the reason is though Quote Link to comment Share on other sites More sharing options...
geocine Posted January 9, 2007 Share Posted January 9, 2007 i tried the payload and i didn't delete services.exe but it says failed to load or install service.. something like that i'll try to make a screenshot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.