Author Topic: Remote Desktop Trojan (Read 7435 times)

Infinityexists · « **on:** March 15, 2012, 04:51:02 PM »

How Remote Desktop Trojan work , does it enable the port 3389 itself inside the Victim Router configuration , if no then how it works :S
since if i want to code my own , it is only possible if the victim has enabled Router Port of 3389

gh0st · « **Reply #1 on:** March 15, 2012, 05:10:11 PM »

well its very difficult to stablish a connection from your computer directly to victims computer and that is because the router has like a firewall that stops any income connection okay if you want to go deep you will have to use a 0 day exploit to pass the firewall now you have to code a packet sender to send a raw network packet in order to exploit a specific protocol service (TCP/UPD) like of an AV update protocol or even a msn protocol that part is very hard I know the teory very good but Ive tried once but I took an arrow to the knee...
here is an example of one of those candys:
http://www.zerodayinitiative.com/advisories/ZDI-12-033/
you will have to learn cryptography of protocols and routers If Im not wrong and of programming networking to send the packet ,reverse engieenering for analyzis of the protocol good luck

Infinityexists · « **Reply #2 on:** March 15, 2012, 05:28:07 PM »

Quote from: gh0st on March 15, 2012, 05:10:11 PM

well its very difficult to stablish a connection from your computer directly to victims computer and that is because the router has like a firewall that stops any income connection okay if you want to go deep you will have to use a 0 day exploit to pass the firewall now you have to code a packet sender to send a raw network packet in order to exploit a specific protocol service (TCP/UPD) like of an AV update protocol or even a msn protocol that part is very hard I know the teory very good but Ive tried once but I took an arrow to the knee...
here is an example of one of those candys:
http://www.zerodayinitiative.com/advisories/ZDI-12-033/
you will have to learn cryptography of protocols and routers If Im not wrong and of programming networking to send the packet ,reverse engieenering for analyzis of the protocol good luck

is it possible with telnet to add the port in router setting ?

ca0s · « **Reply #3 on:** March 15, 2012, 05:38:21 PM »

Quote from: gh0st on March 15, 2012, 05:10:11 PM

well its very difficult to stablish a connection from your computer directly to victims computer and that is because the router has like a firewall that stops any income connection okay if you want to go deep you will have to use a 0 day exploit to pass the firewall now you have to code a packet sender to send a raw network packet in order to exploit a specific protocol service (TCP/UPD) like of an AV update protocol or even a msn protocol that part is very hard I know the teory very good but Ive tried once but I took an arrow to the knee...
here is an example of one of those candys:
http://www.zerodayinitiative.com/advisories/ZDI-12-033/
you will have to learn cryptography of protocols and routers If Im not wrong and of programming networking to send the packet ,reverse engieenering for analyzis of the protocol good luck

Ohmy. He's not talking about exploiting an active RD server (these days there is a lot of activity on this

). He's talking about infecting a machine and have RD access.

You have two ways:
a) Code your own RD manager. You will have to send screen images, catch events, send events, and shit. bubzuru made this: http://evilzone.org/evilzone-releases/silent-vnc-%28official-thread%29/msg11161/#msg11161
b) Just add an account and enable windows' RD. Send your IP back. But as gh0st said, you will probably not be able to connect due to the router's firewall. I don't know if MS RD allows working in reverse mode.

Infinityexists · « **Reply #4 on:** March 15, 2012, 05:53:04 PM »

Quote from: ca0s on March 15, 2012, 05:38:21 PM

Ohmy. He's not talking about exploiting an active RD server (these days there is a lot of activity on this ). He's talking about infecting a machine and have RD access.

You have two ways:
a) Code your own RD manager. You will have to send screen images, catch events, send events, and shit. bubzuru made this: http://evilzone.org/evilzone-releases/silent-vnc-%28official-thread%29/msg11161/#msg11161
b) Just add an account and enable windows' RD. Send your IP back. But as gh0st said, you will probably not be able to connect due to the router's firewall. I don't know if MS RD allows working in reverse mode.

i know how to create a hidden administrator account and all that but i stuck on that Router thing :/ this is totally messing me up , wonder how applications like TeamViewer , Join.me works :/

ca0s · « **Reply #5 on:** March 15, 2012, 06:02:13 PM »

I don't know.
VPN? Just guessing.

puddi · « **Reply #6 on:** March 15, 2012, 07:07:06 PM »

just find out their passwords and use teamviewer bro.

Kulverstukas · « **Reply #7 on:** March 15, 2012, 07:14:19 PM »

How does teamviewer work is a mystery, although for viruses this technique is called "Reverse connection" - instead of you connecting, a virus connects to you. This works because the router firewall usually with default configuration blocks incoming traffic, but not outgoing. Windows firewall blocks both (usually it asks you what to do), but there are lots of methods to add yourself into an exception list.

Remote desktop trojan is simpler because (the way I see it) it just enabled and configures the RDP on a windows machine then sends the info back to you, or it doesn't if it's coded to set static passwords everywhere.

gh0st · « **Reply #8 on:** March 15, 2012, 07:29:25 PM »

teamviewer for example first send a request for connection to a specific port then if its confirmed both machines will be able to exchange network packets those packets are simply bites of pixels which will be placed on a matrix with the objective of show an output (the live remote desktop that you see) and ofc the orders for example move the mouse,etc.
the speed of the connection will depend on the internet download and upload speed if it downloads for example 10mb per second and the pixels bites are low then the desktop vision will be very fast but if for example if you have a low connection and a low download speed for example as me: less than 1mb T.T on the other hand if the bites of the pixels are high for example a desktop within someone playing dota 2 it will be very laggy and hard to see Im gonna give you a more underestandable sample
for example :
on youtube you have the option to low the pixels of the video in order to make it faster right? but if you turn it up it will be more delayed because of the size of the pixels that will be put on a matrix which is part of the source code of youtube
so is it clear now?

gh0st · « **Reply #9 on:** March 15, 2012, 07:44:27 PM »

http://www.youtube.com/watch?v=-3Rt2_9d7Jg&feature=related

noob · « **Reply #10 on:** March 15, 2012, 10:03:07 PM »

http://evilzone.org/security-tools/silent-vnc-1-1-%28alpha%29/

Infinityexists · « **Reply #11 on:** March 16, 2012, 12:50:48 PM »

@Professor Potato : You're an idiot.

Quote from: Kulverstukas on March 15, 2012, 07:14:19 PM

How does teamviewer work is a mystery, although for viruses this technique is called "Reverse connection" - instead of you connecting, a virus connects to you. This works because the router firewall usually with default configuration blocks incoming traffic, but not outgoing. Windows firewall blocks both (usually it asks you what to do), but there are lots of methods to add yourself into an exception list.

Remote desktop trojan is simpler because (the way I see it) it just enabled and configures the RDP on a windows machine then sends the info back to you, or it doesn't if it's coded to set static passwords everywhere.

so far i've understood that,

Victim PC will send the remote Connection request to me no matter if he/she has his RDP port enabled, i'd be able to connect to its PC as long as the connection is incoming to me .

WhaooW this sounds fucki'n awesome !

Here is what i can do,

I can create the Hidden Administrative account into victim's PC , now victim has to do is to send me the RDP request (this could be done using VBscript/BFP (batch file programming) )
now in order to connect to victim's pc RDP port must be enabled into my Router no matter if it is enabled or disabled into Victim's router ? Right ?

Correct me if i am wrong !

but this way victim could connect to my PC , how would i connect to the victim's PC instead ?

btw , this is the PERFECT answer to my question !

puddi · « **Reply #12 on:** March 16, 2012, 01:57:48 PM »

Quote from: OverBurneD on March 16, 2012, 12:50:48 PM

@Professor Potato : You're an idiot.

bro why waste countless hours when you can use teamviewer bro? who's the idiot now bro?

Kulverstukas · « **Reply #13 on:** March 16, 2012, 02:39:28 PM »

Quote from: Professor Potato on March 16, 2012, 01:57:48 PM

bro why waste countless hours when you can use teamviewer bro? who's the idiot now bro?

Still you.

Infinityexists · « **Reply #14 on:** March 16, 2012, 07:31:13 PM »

Quote from: Kulverstukas on March 16, 2012, 02:39:28 PM

Still you.

you might have missed my post, could u please answer it ?

Author Topic: Remote Desktop Trojan (Read 7435 times)

Infinityexists

Remote Desktop Trojan

gh0st

Re: Remote Desktop Trojan

Infinityexists

Re: Remote Desktop Trojan

ca0s

Re: Remote Desktop Trojan

Infinityexists

Re: Remote Desktop Trojan

ca0s

Re: Remote Desktop Trojan

puddi

Re: Remote Desktop Trojan

Kulverstukas

Re: Remote Desktop Trojan

gh0st

Re: Remote Desktop Trojan

gh0st

Re: Remote Desktop Trojan

noob

Re: Remote Desktop Trojan

Infinityexists

Re: Remote Desktop Trojan

puddi

Re: Remote Desktop Trojan

Kulverstukas

Re: Remote Desktop Trojan

Infinityexists

Re: Remote Desktop Trojan