In order to make a recent Bash Bunny payload, I needed to investigate how to install and configure Team Viewer without user interaction. This post will go through how I achieved that.
My TeamViewer configuration was focussed around setting a personal password (a static password that can be used to access the computer) and installing TeamViewer as a service so the computer can be remotely controlled without a user being active.
Team Viewer version: free edition 15.1.3937
Windows version: 64-bit 1909 OS Build 18363.592
I’ve uploaded some example files to my GitHub. These are aimed at the BashBunny payload, but the example-setting.reg file and PowerShell script may be of use to you.
Capturing Desired Configuration
In order to capture your desired configuration, you’ll need to manually install TeamViewer and configure it on a test system. You’ll then need to export the settings to a .reg file. Important note: you must do this through the program itself. If you wish to set a personal password, don’t do it in TeamViewer as it will not import correctly. However, you’ll be able to set the password in the Export Options.
- Open TeamViewer
- Extras Menu > Options > Advanced >Show advanced options
- Scroll to the bottom > TeamViewer options
- Export options to a *.reg file
- Set location and name of reg file
- Select the sections to export. Important Note: I recommend selecting all sections, along with Export user specific settings as default for all users.
- Set the personal password you wish to use here.
- Export the settings.
Editing Captured Configuration For Silent Import
In my testing, I could not get the settings to take effect if I simply imported the reg file via command line, PowerShell, or even just double clicking the reg file and importing via Windows. It would only work using the Import settings feature in TeamViewer. However, I discovered a way around this.
We must add some additional settings to the reg file so it can be imported via script.
If using 64-bit Windows, you must add WOW6432Node to all the registry paths in the reg file.
For example, any path matching this:
Will need to be changed to:
Secondly, you’ll need to add this line to the end of the reg file:
Save the reg file.
Deploying and Configuring TeamViewer Silently
Now we’ll create the script to install TeamViewer and import the settings.
Below is a PowerShell script I created. Here’s what the script does:
- Install TeamViewer silently and wait for the install to finish before continuing.
- Stop the TeamViewer service.
- Import the .reg file containing our edits.
- Start the TeamViewer service.
- Get the TeamViewer ID needed for connection and save it to a location. Name the file after the computer name.
- Remove the TeamViewer icon from the desktop.
# Vars $DestFile = "$env:COMPUTERNAME-TV-ID.txt" $ToolPath = "\\netlogon\software\TeamViewerSetup" $DestPath = "\\server\share$\TeamViewerIDs" $Dest = "$DestPath\$DestFile" # Install Team Viewer Start-Process -wait $ToolPath\TeamViewer_Setup.exe /S Start-Sleep -Seconds 2 net stop teamviewer Start-Sleep -Seconds 2 reg import $ToolPath\tv-settings.reg Start-Sleep -Seconds 2 net start teamviewer Start-Sleep -Seconds 2 (Get-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\TeamViewer' -Name ClientID).ClientID > $dest Remove-Item "$env:public\desktop\TeamViewer.lnk"
I hope you found this useful, please consider supporting my work by becoming a patron where you get early access to posts like this, exclusive content and receive other benefits for as little as $2 a month.
If you would prefer to make a one-time donation then please PayPal.me.
Many thanks to my first patron!