Metasploit mailing list archives
Re: vnc reverse question
From: hdm at metasploit.com (H D Moore)
Date: Fri, 17 Sep 2004 13:12:42 -0500
The only Windows payloads which have the ability to modify the system are: - win32_exec: executes whatever command you want, which could modify.. - win32_adduser: creates a new local user account on the system - win32_*_uploadexec: uploads a file to c:\metasploit.exe and executes it After exploit certain system-level flaws, you should reboot the system to prevent any in-memory modifications from causing a crash at a later date. For instance, if you use the LSASS or MS03-026 exploits on an active domain controller, there is a small chance the system will crash sometime after you have exited your shell/pay/load/vnc session. If you are testing production systems, make sure you are able to reboot them after a successful exploit session. Er, so yeah, what mmiller said :) -HD On Friday 17 September 2004 12:13, Neil wrote:
Good thing you mentioned about "no installation and does nothing intrusive to the actual machine". I am actually a little concerned with metasploit's exploits. Are there exploits bundled with metasploit that actually modifies something in the target system? I would like to know because I don't want our production server having a strain after I test it. So before I do it in PROD, I would like to know first if that's the case. Thanks buddy. Neil
Current thread:
- vnc reverse question Neil (Sep 17)
- Message not available
- Re: vnc reverse question Neil (Sep 17)
- Re: vnc reverse question mmiller at hick.org (Sep 17)
- Re: vnc reverse question H D Moore (Sep 17)
- Re: vnc reverse question Neil (Sep 17)
- Re: vnc reverse question Neil (Sep 17)
- Message not available
- <Possible follow-ups>
- vnc reverse question jerome.athias at caramail.com (Sep 17)
- vnc reverse question mmiller at hick.org (Sep 17)