Full Disclosure mailing list archives

Re: XP Remote Desktop Remote Activation

From: H D Moore <fdlist () digitaloffense net>
Date: Sun, 3 Oct 2004 00:58:18 -0500

If the exploit was written as a module for the Metasploit Framework, just 
select the VNC in-memory DLL injection payload and call it done.  This 
payload has the following advantages:

 - No files are written to disk, the AV has no chance of catching it
 - The VNC server is a thread in the exploited app's process
 - The payload works in read-only mode if admin privs aren't obtained
 - It will use the WinLogon desktop if locked or nobody is logged in
 - A command prompt is provided with the privs of the exploited process
 - If the exploit causes the app to exit on crash, no traces are left

http://metasploit.com/images/vnc.jpg
http://metasploit.com/projects/Framework/

-HD


On Friday 01 October 2004 23:50, Fixer wrote:n

____________________________________________________________________
Windows XP Professional provides a service called Remote Desktop,
which allows a user to remotely control the desktop as if he or she
were in front of the system locally (ala VNC, pcAnywhere, etc.).


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

XP Remote Desktop Remote Activation Fixer (Oct 02)
- Re: XP Remote Desktop Remote Activation morning_wood (Oct 02)
  - Re: XP Remote Desktop Remote Activation Joel R. Helgeson (Oct 02)
- RE: XP Remote Desktop Remote Activation Dominick Baier (Oct 02)
  - Re: XP Remote Desktop Remote Activation Fixer (Oct 02)
- RE: XP Remote Desktop Remote Activation Larry Seltzer (Oct 02)
- Re: XP Remote Desktop Remote Activation H D Moore (Oct 03)
  - Re: XP Remote Desktop Remote Activation Fixer (Oct 03)
- <Possible follow-ups>
- RE:XP Remote Desktop Remote Activation RandallM (Oct 02)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 02)