vnv injection

[mmiller at hick.org (mmiller at hick.org)]

On Fri, Oct 21, 2005 at 02:16:57PM +0000, jvarlet at aressi.fr wrote:
> Hi,
>
> I am trying to make vnc injection : with exploit iis50_webdav_ntdll, bind and reverse vnc injection on a 2000 server 
> sp0
>
> I have no problem with reverse shell.
>
> With VNC I have the following messages :
> dll is uploaded to memory
> VNC proxy listening on port 5900
>
> So I tried to connect with VNCViewer (ultravnc and realvnc)on LHOST, RHOST, and 127.0.0.1 on port 5900. But I have 
> nothing. I tried with AUTOVNC=1 and 0.
> The metasploit shell is opened on RHOST screen.
>
> I read documentation but i did not find anything about that. Maybe this exploit does not work with vnc injection ?

If you get to the point that the courtesy shell is displayed and the VNC
local proxy is listening, it is probably safe to say that the payload
worked.  The local proxy should be able to be communicated with on
127.0.0.1::5900 (the double colon is important depending on the vnc
viewer you are using).  You don't even have to specify the port since
5900 is the default.  If vncviewer is in your path then AUTOVNC=1 should
work fine.  When you run netstat, do you see anything listening on port
5900?  You should get an error message if it had failed to bind.

Hope that helps.