Re: vnc reverse question

[hdm at metasploit.com (H D Moore)]

The only Windows payloads which have the ability to modify the system are:
- win32_exec: executes whatever command you want, which could modify..
- win32_adduser: creates a new local user account on the system
- win32_*_uploadexec: uploads a file to c:\metasploit.exe and executes it

After exploit certain system-level flaws, you should reboot the system to 
prevent any in-memory modifications from causing a crash at a later date. 
For instance, if you use the LSASS or MS03-026 exploits on an active 
domain controller, there is a small chance the system will crash sometime 
after you have exited your shell/pay/load/vnc session. If you are testing 
production systems, make sure you are able to reboot them after a 
successful exploit session.

Er, so yeah, what mmiller said :)

-HD


On Friday 17 September 2004 12:13, Neil wrote:
> Good thing you mentioned about "no installation and does nothing
> intrusive to the actual machine". I am actually a little concerned with
> metasploit's exploits. Are there exploits bundled with metasploit that
> actually modifies something in the target system? I would like to know
> because I don't want our production server having a strain after I test
> it.
>
> So before I do it in PROD, I would like to know first if that's the
> case.
>
> Thanks buddy.
>
> Neil