Re-2: vnv injection

[jvarlet at aressi.fr (jvarlet at aressi.fr)]

after dll injection, and VNC proxy listening on port 5900 when i run netstat i have nothing.
When i run vnc viewer on 127.0.0.1, then i can see it when i run netstat, but i have nothing on screen.
If i use UltraVNC as viewer, i have the message : Negotiate Protocole Version but anything else...

-------- Original Message --------
Subject: Re: [framework] vnv injection (21-oct.-2005 17:01)
From:    mmiller at hick.org
To:      jvarlet at aressi.fr

> On Fri, Oct 21, 2005 at 02:16:57PM +0000, jvarlet at aressi.fr wrote:
> > Hi,
> >
> > I am trying to make vnc injection : with exploit iis50_webdav_ntdll, bind 
> > and reverse vnc injection on a 2000 server sp0
> >
> > I have no problem with reverse shell.
> >
> > With VNC I have the following messages :
> > dll is uploaded to memory
> > VNC proxy listening on port 5900
> >
> > So I tried to connect with VNCViewer (ultravnc and realvnc)on LHOST, RHOST, 
> > and 127.0.0.1 on port 5900. But I have nothing. I tried with AUTOVNC=1 and 
> > 0.
> > The metasploit shell is opened on RHOST screen.
> >
> > I read documentation but i did not find anything about that. Maybe this 
> > exploit does not work with vnc injection ?
>
> If you get to the point that the courtesy shell is displayed and the VNC
> local proxy is listening, it is probably safe to say that the payload
> worked.  The local proxy should be able to be communicated with on
> 127.0.0.1::5900 (the double colon is important depending on the vnc
> viewer you are using).  You don't even have to specify the port since
> 5900 is the default.  If vncviewer is in your path then AUTOVNC=1 should
> work fine.  When you run netstat, do you see anything listening on port
> 5900?  You should get an error message if it had failed to bind.
>
> Hope that helps.


To: mmiller at hick.org
Cc: framework at metasploit.com