Team Viewer Silent Install and Configuration

In order to make a recent Bash Bunny payload, I needed to investigate how to install and configure Team Viewer without user interaction. This post will go through how I achieved that.

 

My TeamViewer configuration was focussed around setting a personal password (a static password that can be used to access the computer) and installing TeamViewer as a service so the computer can be remotely controlled without a user being active.

Team Viewer version: free edition 15.1.3937

Windows version: 64-bit 1909 OS Build 18363.592

I’ve uploaded some example files to my GitHub. These are aimed at the BashBunny payload, but the example-setting.reg file and PowerShell script may be of use to you.

 

Capturing Desired Configuration

In order to capture your desired configuration, you’ll need to manually install TeamViewer and configure it on a test system. You’ll then need to export the settings to a .reg file. Important note: you must do this through the program itself. If you wish to set a personal password, don’t do it in TeamViewer as it will not import correctly. However, you’ll be able to set the password in the Export Options.

  1. Open TeamViewer
  2. Extras Menu > Options > Advanced >Show advanced options
  3. Scroll to the bottom > TeamViewer options
  4. Export options to a *.reg file
  5. Set location and name of reg file
  6. Select the sections to export. Important Note: I recommend selecting all sections, along with Export user specific settings as default for all users.
  7. Set the personal password you wish to use here.
  8. Export the settings.

 

Editing Captured Configuration For Silent Import

In my testing, I could not get the settings to take effect if I simply imported the reg file via command line, PowerShell, or even just double clicking the reg file and importing via Windows. It would only work using the Import settings feature in TeamViewer. However, I discovered a way around this.

We must add some additional settings to the reg file so it can be imported via script.

If using 64-bit Windows, you must add WOW6432Node to all the registry paths in the reg file.

For example, any path matching this:

[HKEY_LOCAL_MACHINE\SOFTWARE\TeamViewer]

and this:

[HKEY_CURRENT_USER\SOFTWARE\TeamViewer]

 

Will need to be changed to:

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer]

and

[HKEY_CURRENT_USER\SOFTWARE\WOW6432Node\TeamViewer]

 

Secondly, you’ll need to add this line to the end of the reg file:

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer\DefaultSettings]

“Autostart_GUI”=dword:00000001

Save the reg file.

 

Deploying and Configuring TeamViewer Silently

Now we’ll create the script to install TeamViewer and import the settings.

Below is a PowerShell script I created. Here’s what the script does:

  1. Install TeamViewer silently and wait for the install to finish before continuing.
  2. Stop the TeamViewer service.
  3. Import the .reg file containing our edits.
  4. Start the TeamViewer service.
  5. Get the TeamViewer ID needed for connection and save it to a location. Name the file after the computer name.
  6. Remove the TeamViewer icon from the desktop.

 

PowerShell Script:

# Vars
$DestFile = "$env:COMPUTERNAME-TV-ID.txt"
$ToolPath = "\\netlogon\software\TeamViewerSetup"
$DestPath = "\\server\share$\TeamViewerIDs"
$Dest = "$DestPath\$DestFile"

# Install Team Viewer
Start-Process -wait $ToolPath\TeamViewer_Setup.exe /S
Start-Sleep -Seconds 2
net stop teamviewer
Start-Sleep -Seconds 2
reg import $ToolPath\tv-settings.reg
Start-Sleep -Seconds 2
net start teamviewer
Start-Sleep -Seconds 2
(Get-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\TeamViewer' -Name ClientID).ClientID > $dest
Remove-Item "$env:public\desktop\TeamViewer.lnk"

I hope you found this useful, please consider supporting my work by becoming a patron where you get early access to posts like this, exclusive content and receive other benefits for as little as $2 a month.

If you would prefer to make a one-time donation then please PayPal.me.

If you’d like to get in touch with me please leave a comment, send me a tweet or DM, or send me a message via my contact form.

-Mike

Many thanks to my first patron!

CMI

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: