What are your favorite hVNC implementations over the years? Developing something new and I need good inspiration -- would like to look at something and review implementation and add my own special sauce to it (and convert to Zig/Nim/V)
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Studying hVNC Dev
- Автор темы 0x4809234098234
- Дата начала
TINYNUKE ON GITHUB
tinynuke is very old and shit , if you have good skills i will suggest writing new one and comunition over websockets is more more faster i Write one in c++ and nodejs and trust me the speed of the hvnc is much faster than tcp, but if you are starter tinynuke will be good for you to know how hvnc work how he create virtual desktop etc ..
WebSockets is the protocol over the TCP protocol it can't be faster than TCP, if you do the same implementation with TCP you can be a bit faster by omitting WebSocket handshakes and headers. I suspect that you used blocking sockets for TCP while WebSockets libraries are generally implemented with non blocking ones or something of that kind.
Последнее редактирование:
Why people keep trying harder to build hvnc to essentially control browsers.
It is a pain to fix the white squares in pics retrieved by PrintWindow for exemple and there are more obstacles.
While in the same time, lunching a headless chromium browser with remote debugging port and routing the port to your c2 allows you to simply capture screenshots of the browser and simply send clicks and inputs with a nice api provided by chromium.
I wonder why we don't see much hvnc analog like in the beautyfull powershell bot sold on the commercial section (don't remember the name, I think it is monad). Maby I am missing a hudge advantage of hvnc.
Is there any advantages (other than be able to support non chromium browsers) that justify the pain of building hvnc instead of debugging chromium ? I personnaly used hvnc in the past and never used it for other things than web browsers.
It is a pain to fix the white squares in pics retrieved by PrintWindow for exemple and there are more obstacles.
While in the same time, lunching a headless chromium browser with remote debugging port and routing the port to your c2 allows you to simply capture screenshots of the browser and simply send clicks and inputs with a nice api provided by chromium.
I wonder why we don't see much hvnc analog like in the beautyfull powershell bot sold on the commercial section (don't remember the name, I think it is monad). Maby I am missing a hudge advantage of hvnc.
Is there any advantages (other than be able to support non chromium browsers) that justify the pain of building hvnc instead of debugging chromium ? I personnaly used hvnc in the past and never used it for other things than web browsers.
Btw, is it possible to launch chromium browser in headless mode with an existing user profile (to use cookies and session information when accessing sites) while the user is working with the browser on his own? If the browser process is closed you can copy the default profile to the other folder and launch chrome headless with debugging port, but if the user is using the profile files like session are locked.
yes this is exactly what I mean, sorry for beeing unclear, I though I was.
I didn't notice that the profile is locked if currently used. But it stills surprise me that this technique is not wide spreaded in malwares, considering how much easyer it is to implement than "real" hvnc
Will that what i meant , but I made the answer short Still websockets is much more faster normal tcp connection and as i said i have tried this and compare tinynuke connection speed with my hvnc speed that was over websockets and yes websockets are With No lag
Are you saying that if you add the use of websockets to tinynuke, it will become faster? This is bullshit. This will not help in any way, because there is no normal frame transfer in tinynuke.
No iam not saying if you replace winsock with websockets in tinynuke will be faster , iam saying using websockets is faster , tinynuke is very old and need lot's of upgrade on code to be a good hvnc .
Tinynuke and pureminer has added hvnc you can get a version and then analyse the hvnc how it works what library he uses but it will require reverse engineering skills, or you can read tinynuke source code on GitHub as kozak deex said its free and source code and also in both c++ and someone on GitHub rewrite it using c#
I think hvnc or rfb in general is more versatile. for example once i implement my server i can receive frame buffer information from any platform I create an implant for. also you can switch between the input desktop and your hidden desktop (on windows).
I Have studied hvnc I started last year and i created my own, hvnc is very easy at least for me because i tried 1 2-10 times and more i failed a lot, and finally i success
1 - create desktop
2 - set the desktop thread to the newly created desktop
3 - start enumerating visible windows by z-order or meaning from the last window to the first window
This step is very important because the hvnc cant use the bitblt function because it only can print a visible window so hvnc needs to use printwindow because printwindow can send the WM_PRINT command to a specific window to print it even if it is non-active like the real desktop
And print window will capture the window using bitblt and will copy the captured window to a global DC or compatible DC so every time find a visible window the printwindow captures the new window and copies it to the CompitableDc and if you don’t use z-order enumeration will get almost black screen because the last window will be black for something called Program Manager but with z-order enumeration the Program manager will be the first window and so on
When finish enumeration now you get the pixels from the global dc and can save them to bitmap or compress them to jpeg and send them over the network the problem with tinynuke hvnc is he using blocking-sockets for send and receive and this the step make it non useful and very slow and more more issues i figured out
I can create a tutorial for you guys if you like this type of tutorial
1 - create desktop
2 - set the desktop thread to the newly created desktop
3 - start enumerating visible windows by z-order or meaning from the last window to the first window
This step is very important because the hvnc cant use the bitblt function because it only can print a visible window so hvnc needs to use printwindow because printwindow can send the WM_PRINT command to a specific window to print it even if it is non-active like the real desktop
And print window will capture the window using bitblt and will copy the captured window to a global DC or compatible DC so every time find a visible window the printwindow captures the new window and copies it to the CompitableDc and if you don’t use z-order enumeration will get almost black screen because the last window will be black for something called Program Manager but with z-order enumeration the Program manager will be the first window and so on
When finish enumeration now you get the pixels from the global dc and can save them to bitmap or compress them to jpeg and send them over the network the problem with tinynuke hvnc is he using blocking-sockets for send and receive and this the step make it non useful and very slow and more more issues i figured out
I can create a tutorial for you guys if you like this type of tutorial