remkow Posted November 6, 2006 Posted November 6, 2006 I saw that a program called services.exe installs the WinVNC app as a service. My question is, what does it exactly do, and is the source code available? This is because I am making my own payload, and services.exe is the only program that is still detected by my AV (trying to make a pyload that doesn't need to kill any antiviruses) EDIT: i got it working without using services.exe, topic can be locked or whatever Quote
DLSS Posted November 6, 2006 Posted November 6, 2006 hey , i'm interested :D if u succeed pls do release it ! (groetjes :D DLSS) Quote
pseudobreed Posted November 6, 2006 Posted November 6, 2006 Services.exe is part of Microsoft's OS. It's the program that actually installs, starts, stops, deletes services. Quote
remkow Posted November 6, 2006 Author Posted November 6, 2006 I am talking about the services.exe in the winvnc payload. This is probably a different program with the same name, because I don't think that antivirus software would detect a legit windows application.. Quote
spektormax Posted November 6, 2006 Posted November 6, 2006 well considering I reslised it, servercies.exe is a modifed services, tit uses some weird registries to alwasy have r00t, use avkill it should work Quote
DLSS Posted November 6, 2006 Posted November 6, 2006 yeah but he wants to make a stick that install's vnc , without the need for a av kill and without the virus detectors going off ... Quote
spektormax Posted November 6, 2006 Posted November 6, 2006 it can be done, I was just lazy to do it, look at the hacksaw, follow the same struckture and use a registry in the run registery to auto run the winvnc. Its not hard, I jsut did it that way cuz I was in a rush Quote
remkow Posted November 7, 2006 Author Posted November 7, 2006 Can you tell me which registry entries are created/modified?? EDIT: nevermind guys, I've found a way to do it without even using services.exe Quote
DLSS Posted November 7, 2006 Posted November 7, 2006 Can you tell me which registry entries are created/modified??EDIT: nevermind guys, I've found a way to do it without even using services.exe can u release wot u've got ? Quote
remkow Posted November 7, 2006 Author Posted November 7, 2006 Yeah sure. I used regmon to to check what registry entries were created when the services.exe would be used, and I saw that they were exactly the same as those in vncdmp2.reg, meaning that the entire services.exe component was not necessary.. So I deleted services.exe, and removed it from services.bat in the VNCInstallfiles dir. I tried it out, and it worked just like it used to, without my antivirus going crazy :D Quote
remkow Posted January 9, 2007 Author Posted January 9, 2007 lol, I forgot I made this topic :P I do have to say that the installation doesn't occur correctly without the services.exe, not sure what the reason is though Quote
geocine Posted January 9, 2007 Posted January 9, 2007 i tried the payload and i didn't delete services.exe but it says failed to load or install service.. something like that i'll try to make a screenshot Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.