Metasploit mailing list archives
Re: vnc reverse question
From: neil-on-metasploit at restricted.dyndns.org (Neil)
Date: Fri, 17 Sep 2004 12:13:58 -0500
mmiller at hick.org writes:
No, the target server does not have to be running VNC, nor does it matter if the host is already running VNC. Reverse refers to how the second stage payload (the thing that loads the VNC DLL into memory) will be obtained, whether by connecting back to the attacker on a given port, or by having the attacker connect to the target on a given port. After the VNC DLL has been read in and loaded, the VNC DLL will re-use the connection that was created between msf and the target machine for the actual VNC protocol. As such, no ports need to be bound on the target machine for VNC to accept incoming connections because the VNC session is simply tunneled through the existing connection. Remember that the VNC "server" that is injected into the target process is a stripped down version of VNC -- it requires no installation and does nothing intrusive to the actual machine itself (such as modifying the registry). It was modified specifically for use with the library injection system in metasploit.
Good thing you mentioned about "no installation and does nothing intrusive to the actual machine". I am actually a little concerned with metasploit's exploits. Are there exploits bundled with metasploit that actually modifies something in the target system? I would like to know because I don't want our production server having a strain after I test it. So before I do it in PROD, I would like to know first if that's the case. Thanks buddy. Neil
Current thread:
- vnc reverse question Neil (Sep 17)
- Message not available
- Re: vnc reverse question Neil (Sep 17)
- Re: vnc reverse question mmiller at hick.org (Sep 17)
- Re: vnc reverse question H D Moore (Sep 17)
- Re: vnc reverse question Neil (Sep 17)
- Re: vnc reverse question Neil (Sep 17)
- Message not available
- <Possible follow-ups>
- vnc reverse question jerome.athias at caramail.com (Sep 17)
- vnc reverse question mmiller at hick.org (Sep 17)