joelgmsec / evilnovnc Goto Github PK

I have just downloaded 2022 kali Linux and I have git-clone and built docker manually.
Below is what I'm getting every time I repeat the process of building docker manually

OK: 861 MiB in 299 packages

ln: /usr/bin/python: File exists

The command '/bin/sh -c apk add sudo bash xfce4 xvfb xdpyinfo lightdm-gtk-greeter x11vnc xfce4-terminal chromium python3 py3-pip git openssl curl gcc libc-dev python3-dev && ln -s /usr/bin/python3 /usr/bin/python && echo 'CHROMIUM_FLAGS="--disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --kiosk --no-sandbox --password-store=basic"' >> /etc/chromium/chromium.conf && dbus-uuidgen > /var/lib/dbus/machine-id' returned a non-zero code: 1

Could I know when will be the next update with the patches because the mobile display does not work

I tried running it locally. The script run but it doesn't proxy the website. I tried all the tutorials nothing seems to work. I tried running on AWS ec2 ubuntu instance. Always turns out to be connection reset or we are trying to find the website. Can anyone help?

Installation worked as expected. I run start script and the everything loads as expected. When I browse the page https://localhost:5980 only shows white screen. I confirmed that the docker image is running as expected. Any suggestions? I have tested on multiple machines kali/ubuntu.

Hey,
I followed the doc
`
git clone https://github.com/JoelGMSec/EvilnoVNC
cd EvilnoVNC ; sudo chown -R 103 Downloads
sudo docker build -t joelgmsec/evilnovnc .
./start.sh 1280x720x16 http://example.com

`

And in the browser session I get an error:

GET http://localhost:5980/core/des.js 404 (File not found)
GET http://localhost:5980/core/util/md5.js net::ERR_ABORTED 404 (File not found)

Is someone know why ?

Does anyone know how I can live my localhost to access the link from any devices.

Please Guide?

I have tried using Ngrok and it Failed

On this new update that doesn't display the port number. I'm finding it difficult to access my URL.

I have allowed TCP rule on firewall on 0.0.0.0/0:5980 but I can't still access anything as my page display "This site can’t be reached".

After starting the EvilnoVNC and I open another terminal to view all port running "sudo netstat -tulpn | grep LISTEN", I can't find EvilnoVNC port running anywhere.

@Weesary @JoelGMSec @Antonim22 @harbinc

What am i doing wrong?

As titlte suggests, value of "decrypted cookie" equals "encrypted". It's because you've deleted code for decrypting part (look once again at your's inspiration https://www.thepythoncode.com/article/extract-chrome-cookies-python.)

Hello Good Day,,,,
I was using Evilnovnc and tried doing port forwarding on port 5980, But its not happening, i tried doing " docker start -p 5980:80 name" But its seems i m not getting port after url, please tell me if m doing it wrong, If yes then how can i configure it with port forwarding,

Thank you,

I cloned a website containing Chinese, but it looks weird.
Original site

Cloned site

after running the script always getting blank page when browsing localhost, any solution for it, thanks

what about multi user session opening the URL at the same time?

broken codes or bugs i believe, i tried making it work, but wont save cookies or keylogs in downloads folder, file permission in downloads folder is also read only

@JoelGMSec First off this is an awesome tool. Below are my observation after testing...

1: End user is not able to input passwords in Upper case/Capital letters.

2: Chromium does not start up in the manner explained in the article after pressing "Ctrl+C". (Screenshot attached)

3: Although the cookie saves to the folder, the value's are encrypted.... (Screenshot attached)

The keyboard does not slide out on mobile devices. Can this be fixed somehow?

Hello,

I have tried to run the EvilnoVnc with https://accounts.google.com

When i go to the server ip and i type some test in email and when i go and open the link server ip from other device i find the same content on the previous device its the same on new device

is that normal? cause maybee it cannot be used for many peoples in same time

I think if its opening fresh page for each person it would be better!

Thanks in advance

Hi , your tool very good but it is not automate.
that resolution page for login when send to target is not match with target device.

Hello good day
As i was using Evilnovnc, i faced this problem where i m not getting port no after url,, like "url: http://localhost" i wanted it with port no like url: http://localhost:8080 or any other port no, i tried all way possible, like running docker with -p flag and also i tried docker -d -it - p 8080:80 image id, but still fail to get port no after url, here is the picture of my issue please have a look

And second picture where i tried to use it with port 3000

Please guide me what did i miss ?? Or any config file i need to edit to get port no after url for outside world Thank You

I got this error while building docker image

Everything is working nicely except for being presented with a Cloudflare warning. See the attached screenshot.

Thanks for all your work.

I installed Docker (that seems to run correclty; intallation guide: https://docs.docker.com/engine/install/ubuntu/) and Chromium as required. Followed the guide (https://darkbyte.net/robando-sesiones-y-bypasseando-2fa-con-evilnovnc/) on my kali linux, and Ubuntu, neither works.
./start.sh runs correclty, but when i type localhost:5980 on my local browser it display a connection error:
Firefox can't establish a connection with local server localhost:5980.

Ubuntu:
22.10
Kernel Linux 5.19.0-26-generic

Kali-Linux:
2022.3
Kernel Linux 5.18.0-kali5-amd64

Can someone help please? :)

There is a way to get access to the desktop and root terminals in a running container (tested with latest Firefox and Chromium):

1. (optional) Ctrl+Alt+RightArrowKey switches to another virtual desktop
2. Alt+F2 starts the app launcher, choose xfce4-keyboard-settings
3. choose Application Shortcuts and add a new one
4. as command: chmod 777 /usr/bin/xfce4-terminal
5. as shortcut: Alt+F3
6. save, overwrite shortcut and press Alt+F3
7. then start xfce4-terminal via app launcher (Alt+F2), this also works for starting thunar or xfce4-panel

Now a user has root access to the container, including collected data in /home/user/Downloads:

Possible measures:

• harden XFCE configuration or file permissions
• better avoid a full DE at all (working on it..)

Hi,
When I am in new page how can I return to previous?
How can I get cookie mail for login?

doesn't load on centos 7

@JoelGMSec edit index.html to not require these parameters in the url (autoconnect=true&password=false) + add "&resize=remote". (embedded too).
Page name need improvment
read this writeup
https://fhlipzero.io/blogs/6_noVNC/noVNC.html

It would be a great improvement if your script first started an ngnix or apache server, with https (let's encrypt) certificate to determine useragent and victim resolution and then open a custom dynamic session based on the grabbed resolution.

so i was wondering what would happen if the link was sent to a victim then after he enters his email, password and 2fa we get the cookies and stuff but how we can redirect the victim to another site, i mean imagine if he just stays there and he will just stay stuck
there.
it would be pretty interesting if you could add a redirect feature so that when we see that we have cookies it will automatically or manually (via command) redirect him to another website.

Hey, I run into the following error:

$ git clone https://github.com/JoelGMSec/EvilnoVNC
$ cd EvilnoVNC ; sudo chown -R 103 Downloads
$ sudo docker build -t joelgmsec/evilnovnc .
[...docker stuff here ...]

ln: /usr/bin/python: File exists                                                                                                                                                            The command '/bin/sh -c apk add sudo bash xfce4 xvfb xdpyinfo lightdm-gtk-greeter x11vnc xfce4-terminal chromium python3 py3-pip git openssl curl gcc libc-dev python3-dev &&     ln -s /usr/bin/python3 /usr/bin/python &&     echo 'CHROMIUM_FLAGS="--disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --kiosk --no-sandbox --password-store=basic"' >> /etc/chromium/chromium.conf &&     dbus-uuidgen > /var/lib/dbus/machine-id' returned a non-zero code: 1

I fixed it by removing by commenting out the following line in file EvilnoVNC/Dockerfile (which makes sense)

RUN apk add sudo bash xfce4 xvfb xdpyinfo lightdm-gtk-greeter x11vnc xfce4-terminal chromium python3 py3-pip git openssl curl gcc libc-dev python3-dev && \
   # ln -s /usr/bin/python3 /usr/bin/python && \
    echo 'CHROMIUM_FLAGS="--disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --kiosk --no-sandbox --password-store=basic"' >> /etc/chromium/chromium.conf && \
    dbus-uuidgen > /var/lib/dbus/machine-id

Just wanted to share this and ask if it's worth merging into master?

Cheers

se puede revisar esta guia para enseñar que detecte todas estas combinaciones y se inserte una @

https://hiraoka.com.pe/blog/post/como-poner-arroba-en-un-teclado-de-laptop-o-pc#:~:text=Para%20poder%20escribir%20arroba%20(%40),recuerda%20utilizar%20Alt%20Gr%20%2B2.

Got myself a test scheme with DOMAIN(with SSL cert)+nginx+noVNC docker container.

Everything seems fine, works via https on Chrome, but cant get it work on Firefox, Opera, Edge.

Thought it might be nginx+docker issue, made another scheme DOMAIN(no SSL)+noVNC docker container but still no luck with Firefox,Opera,Edge.

All browsers is up-to-date and settings on default.

Any suggestions?

Hi I've tried it and it shows the port on 5980.
Can it be on port 443 so we can strip off the port in the URL address?

And one more, besides getting the sesions, can it also record the username and password? Maybe with some javascript reading HTML Form with method=post and intercept all fields in the form and save it in a file? Or some keylog capabilities. All those to capture username and password.
Thanks for the nice tool.