Encrypt SCPrompt communications using SecureVNC plugin

Encrypt SCPrompt communications using Ultravnc’s SecureVNC DSM plugin which uses AES-256 encryption for all communications between client and server

SecureVNC Plugin allows secure communications between UVNC viewer and server. The following steps show how-to Add SecureVNC plugin to secure SCPrompt.

As SCPrompt uses UVNC server at its core, its easy to modify SCPrompt to use SecureVNC Plugin which secures connections between ultravnc components using AES-256

By using an encryption module (DSM in UVNC world), you can be assured that only the person with a correctly configured SCPrompt server can connect to the viewer and only the viewer from the person who created the SCPrompt is able view remote computers using SCPrompt created by you.

  1. download scprompt Roll-your-own and unzip to a suitable location.
  2. download SecureVNC.dsm.
  3. place SecureVNC.dsm in the same folder as scprompt.exe
    (there are all conf files and others)
  4. Next step is to configure your ultravnc.ini.
    You can make it by your hands or just start winvnc.exe in the scprompt directory and configure it through the program properties.
    All changes made in program gui will be written to ultravnc.ini in the scprompt directory
  5. Enable SecureVNC.dsm plugin (by hands or through gui).
  6. Configure scprompt.ini through gui (provided by settings_manager.exe).
  7. “build” scprompt.
  8. run uvncviewer in listen mode, don’t forget to:
    1. copy SecureVNC.plugin to vncviewer’s directory
    2. make uvncviewer use SecureVNC.plugin.
  9. Enjoy the secure opensource goodness

That’s all.

3 thoughts on “Encrypt SCPrompt communications using SecureVNC plugin

  1. We’re testing SCPrompt but get a trojan detection from MS Defender.
    MS Defender says that scprompt2020_Example_NSIS_2.20.3.53_2020-03-26_23-10-34.exe is infected with Win32/CryptInject!ml and SCPrompt2020_roll-your-own_2.20.3.53.zip with AutoIt/Injector.J!ibt.
    Anything we can do about this?

    1. Try uploading the zip to virustotal … its likely a false positive, some AV detect Autoit incorrectly as a virus, as its a script language that is very powerful And has been used for auspicious actions on occasion. Source code is included as resourse of exe or on github if you want to learn it and build for yourself.

    2. It has been years since i have seen a false positive on scprompt. Use virustotal to scan the file (you can copy the download link directly into virustotal, so you dont need to download it yourself. I will take a look at this as soon as i have some free time.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.