Meet Remmanaut, the autoit remote administration tool

[lgvlgv]

think this is a good way for the remote control bit to go forward with that part of the program, the use of a vnc repeter ant 3 party tools like teamviewer

 

(thescript seems abended for now)

 

 

[lgvlgv]

I will surely try and get back with my humble suggestions and ideas

[faldo]

2 hours ago, lgvlgv said:

think this is a good way for the remote control bit to go forward with that part of the program, the use of a vnc repeter ant 3 party tools like teamviewer

(thescript seems abended for now)

Funny you should mention that, i've actually already written the code implementing UVNC-repeater into Remmanaut, it works great! It will be launched once the file transfer functions is done 

2 hours ago, lgvlgv said:

I will surely try and get back with my humble suggestions and ideas

Humbly is by far the best way to cooperate, your ideas are most welcome!

[lgvlgv]

yeah, i notice the code after i posted it was not enabled yet

maybe all clients/remote tools should access a https php web page insteed of talking direcly with mysql server over internet, or maybe i read the files wrong?

its not so good to have name/password compiled in to exe file if clients access mysql over internet on 3306 port witch is i think clear text?

 

 

Edited April 27, 2016 by lgvlgv

[faldo]

Just now, lgvlgv said:

yeah, i notice the code after i posted it was not enabled yet

maybe all clients/remote tools should access a https php web page insteed of talking direcly with mysql server over internet, or maybe i read the files wrong?

its not so good to have name/password compiled in to exe file if clients access mysql over internet on 3306 port witch is i think clear text?

 

 

The DB is only accessed from within the server by the connectors.

[lgvlgv]

something like this example in php

expandcollapse popup

<?php

$Database = "ksglt_con"; // databes
$Host = "localhost"; // hostname
$Username = "**********"; /// username
$Password = "*******"; /// pass
$id_for_registering = "44252";
$link = mysql_connect($Host, $Username, $Password);
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
if (!mysql_select_db($Database)) {
    die('Could not select database: ' . mysql_error());
}


$ClientIP= $_SERVER['REMOTE_ADDR'];
$time=date("Y-m-d H:i:s");
$hostname=$_REQUEST['hostname'];
$username=$_REQUEST['username'];
$client_id=$_REQUEST['id'];

if ($client_id != "" AND ($hostname != "" OR $username != "")) {
    if (is_client($client_id)) {
        update_client($client_id);
        echo "UPDATED;";
        get_tasks($client_id);
    } else { 
        ad_client($client_id);
        echo "REGISTRED;";
    }
} else {
echo "FLASE;";
}


function ad_client($id) {
Global $ClientIP, $time, $hostname, $username, $id_for_registering;
$result = mysql_query("
INSERT INTO `ksglt_con`.`clients` (
`id` ,`cid` ,`ip` ,`last_con` ,`hostname` ,`username` ,`custom_name`,`user_id`)
VALUES (
NULL , '".$id."', '".$ClientIP."', '".$time."', '".$hostname."', '".$username."', 'NewUsr_".$username."', '".$id_for_registering."');
");
}

function update_client($id) {
Global $ClientIP, $time, $hostname, $username;
$query="
UPDATE `ksglt_con`.`clients` SET
`ip` = '".$ClientIP."',
`last_con` = '".$time."',
`hostname` = '".$hostname."',
`username` = '".$username."'
WHERE `clients`.`cid` = '".$id."' LIMIT 1 ;
";
$result = mysql_query($query);
}

function get_tasks($id) {
Global $ClientIP;
$query = "SELECT * FROM `tasks` WHERE `cid` = '".$id."' LIMIT 1";
$result = mysql_query($query);
    while ($row = mysql_fetch_assoc($result)) {
    echo $row["task"].';';
    mysql_query('DELETE FROM `tasks` WHERE `tasks`.`id` = '.$row['id'].' LIMIT 1;');
    }
}

function is_client($id) {
$query= "SELECT * FROM `clients` WHERE `cid` = '".$id."' LIMIT 1";
$result = mysql_query($query);
    $num_rows = mysql_num_rows($result);

    if($num_rows > 0) { 
        return true; 
    } else { 
        return false; 
    }
}


//if (!$result) {
//    die('Could not query:' . mysql_error());
//}


//echo mysql_result($result, 2); // outputs third employee's name

 

Edited April 27, 2016 by lgvlgv

[faldo]

Having the agent/tool access a webpage is not a bad idea but since i'm not a web programmer i can't really tell the pros and cons compared to having them use ssl with tcp connectors.

Right now, the only link to the DB from the internet is throgh the management tool and that link is limited by the commands accepted, so there won't be a way in to the DB directly. When the time comes I'm going to implement a user and password management system in the management connector along with an anti-hammer function... i'll focus on that later anyways

[lgvlgv]

13 minutes ago, faldo said:

The DB is only accessed from within the server by the connectors.

but the Remmanaut-agent connector.exe  is installed in agent directory, right?

becose it is very easy to uncompile exe files if u have the tools.

 

[faldo]

6 minutes ago, lgvlgv said:

but the Remmanaut-agent connector.exe  is installed in agent directory, right?

becose it is very easy to uncompile exe files if u have the tools.

 

No, the Remmanaut-agent connector.exe is installed server side. Why would you want to decompile the exe? The project is open source

In fact, the only way you'll be able to access "valuable" information is if you're logged on the server and access the database... so don't let people in there

Edited April 27, 2016 by faldo

[lgvlgv]

Not me, was thinking if "your" clientside installation was spread becose it will be on your customers computers.

 

hmm. i got it installed in my agent directory?

"C:\Remmanaut agent\Remmanaut-agent connector.exe"

maybe i got confused i ust installed all on same machine to test it

 

 

[faldo]

3 minutes ago, lgvlgv said:

Not me, was thinking if "your" clientside installation was spread becose it will be on your customers computers.

 

hmm. i got it installed in my agent directory?

"C:\Remmanaut agent\Remmanaut-agent connector.exe"

maybe i got confused i ust installed all on same machine to test it

 

 

For testing purposes it don't really matter but installing the agent and server in the same foler is not optimal otherwise

The only files installed on the agent are:

FileInstall("Log-GUI.exe", $Installpath & "\Log-GUI.exe", 1)
FileInstall("Remmanaut-agent.exe", $Installpath & "\Remmanaut-agent.exe", 1)
FileInstall("PsExec.exe", $Installpath & "\PsExec.exe", 1)

 

Edited April 27, 2016 by faldo

[lgvlgv]

13 minutes ago, faldo said:

For testing purposes it don't really matter but installing the agent and server in the same foler is not optimal otherwise

The only files installed on the agent are:

FileInstall("Log-GUI.exe", $Installpath & "\Log-GUI.exe", 1)
FileInstall("Remmanaut-agent.exe", $Installpath & "\Remmanaut-agent.exe", 1)
FileInstall("PsExec.exe", $Installpath & "\PsExec.exe", 1)

 

Yeah, i must have done something wrong when i run the setup?
i cant see why it would end up where it did?

 

[lgvlgv]

Anyway, i like what ive seen so far

I will play with it mutch more when i come back from Prague

[storme]

Just a quick HI FIVE...for now

I've been working on and off (mostly off) on this "concept" for years.

I usually give up at the planning stage because I think of all the problems/the solutions to those problems then the problems they will create..etc..

After chasing my own tail for a while I wander off and do something else.

So great work on getting code written.

When I get a moment I'll download your system and if my tail chasing can lend anything I'll post it to see if it can help.

I know a little PHP/Autoit/C((+(+))#)/Java basically I was taught how to program not a language so will help if/when I can (if you need it).

An idea that just came to me....
Use A3X instead of EXE for client end "modules"

• to avoid false positives
• Smaller up/downloads
• Can compile code for one off jobs to be sent with embedded "temporary data"

Keep up the great work!
John Morrison

[storme]

Hi faldo

This is the structure I designed for my system (that never was).  I'm high on compartmentalizing and the structure lends itself to multiple programs (a3x) doing separate jobs at the same time. Thus removing the need to have AutoIt multitask.   You just keep a queue of sub-tasks.

Each level just has to worry about it's particular function(s) and reporting to the level above.  This simplifies coding as you only have to worry about coding the particular aspect you are working on.  That is once you have the system structure worked out and understood.

A library/skeleton could be created to provide the support functions for the lower levels with a "---put code here---" section for the job it will perform.

System Structure

• Watchdog

  • Autostarts with Computer
  • Background service (no visible icon)
  • ?? Network connection repair functions ??
  • Updates other major system components

  • Able to (re)build system if components deleted/damaged (with help from server)

  • Watches for lockups and restarts components if necessary
    (keeps scheduler running)
  • this is an EXE file so can be added to Antivirus exceptions

  • Starts "scheduler" when system is ready

• Scheduler

  • Heart of system
  • Visible task bar icon

  • User interacts through this module
  • Lists running “tasks”

  • Restarts “tasks” after a computer restart (E.g. Task may have restarted computer for it’s process)

  • Handles background functions for system

• Overseer/Tasker

  • Performs a particular task/job

  • May consist of running many separate jobs/progams(herders) in sequence

• Herder

  • Handles the running of an individual programs/jobs

  • e.g. Malwarebytes, defrag, ???

• Handler

  • Wrangles certain aspects of the program/job

  • (update/scan/etc.)

Hope that helps

John

 

[faldo]

Hey John!
Thanx for your input, unfortunatly i havn't looked in to A3X yet but if it will help with "multitasking" i'm all for it and will certainly try to implement it.
Also, thanx for your view on the structure, even if i havn't made the system structure public (since it's in constant flux) i believe we have the same opinion on how the system should be built
Do take a look at the code/functions and holler if you need me to clarify something. Even though i've made "personal" quotes in the code there is no white paper yet.

On a sidenote, i've completed the file transfer function of the manager module and will upload a new version as soon as i've polished it a bit.
Cheers!

[storme]

A3X are really just EXE files without the Autoit interpreter attacked.

Quote

Compressed au3 files, similar to exe's but without the attached interpreter,
Must be executed with AutoIt3.exe or one of your compiled exe's with ::

/AutoIt3ExecuteScript your.a3x

They won't help with multitasking but they will help with "False positive" virus detection and because they don't have the interpreter attached they are smaller.

The structure I outlined lends itself to multitasking as multiple "Overseer/Tasker" can run simultaneously.  The "Scheduler" just needs to have a queue to know what is and isn't running.

If you want others help then you should get the "white paper" / "structure" settled so that others can comment on it and help where they can. 

I would love to see what you have in mind

With out it people will just stand back and wait as they won't know where they can help you or even if they can help you. 

Without clear plan you may not get much help until you have a almost finished system.

Also a good plan means that you won't hit as many brick walls. as you have a map to follow....

As I said I've been over a lot of the ground you will traverse.. I'm here to help.

[storme]

Also didn't know this posted exsisted but it looks a GREAT tutorial and working code that should help you with your project
 

amazing what members do on here

[storme]

Another thought for you....

I'm assuming that the MySQL server is running on the "Remmanent server" with the web(PHP) server.

Using AutoIt on the "Remmanent server" would limit you to a Windows computer that you have full access to and that you had Virus software exceptions set for you AutoIt programs.  So it would limit you in future expansions of the system.

If you need AutoIt for "server" functions Id' suggest bouncing the clients from the web server(PHP) off to another computer/server.
OR
Getting the server to contact the Windows computer that has AutoIt running on it to achieve that you need there.

OR

Have the windows (autoIt) computer contact the server to update/control/etc what is needed.

 

 

[TheSpannish]

What about building a redhat or debian? Would load all the traffic to the server so master and clients cant work less stressed