Metasploit mailing list archives

VNC payload problems

From: andres.riancho at gmail.com (Andres Riancho)
Date: Tue, 25 Sep 2007 17:50:49 -0300

hdm,

On 9/25/07, H D Moore <hdm at metasploit.com> wrote:


I see this once in a while -- usually its caused by one of these two
issues:

1) Security software on the target is breaking causing VNC to crash



well, the target is a fresh install of windows 2k, so i don't think this is
the case.

2) Some other software is killing the exploit process, with VNC in it


hmmm , could be... going to test some ideas based on your pointers.

Common case is using the "psexec" exploit with the VNC payload, the

service control manager will kill VNC after a few seconds. One way to
track whats going on is to attach a debugger to the target process and
see what happens when the connection is closed.



"what happens when the connection is closed.", what do you mean with this ?

-HD


On Tuesday 25 September 2007 15:29, Andres Riancho wrote:

Neither bind and reverse VNC are working. I think that the problem
is with the TCP relay... any ideas on why this ain't working? How can I
debug the multistage payload (the .exe on the remote server) ?




-- 
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070925/3aeb0154/attachment.htm>

Current thread:

VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems H D Moore (Sep 25)
  - VNC payload problems Andres Riancho (Sep 25)
    - VNC payload problems Patrick Webster (Sep 25)
    - VNC payload problems Andres Riancho (Sep 25)
    - VNC payload problems H D Moore (Sep 26)
    - VNC payload problems Andres Riancho (Sep 26)
    - VNC payload problems Andres Riancho (Sep 26)
- Re: VNC payload problems Andres Riancho (Sep 25)
- <Possible follow-ups>
- VNC payload problems Steven Olson (Sep 26)