Metasploit mailing list archives
RealVNC exploit issue
From: barcajax at gmail.com (Mervyn Heng)
Date: Sun, 30 Jul 2006 14:33:45 +0800
Hi H D, I followed your tip regarding leaving the LHOST and LPORT as default. This time I don't get an error page but Metasploit just sits there waiting. Am I missing something? On 7/29/06, H D Moore <hdm at metasploit.com> wrote:
The LHOST/LPORT fields should be set the interface and port that the VNC proxy will bind to. Good values for these are: LHOST: 0.0.0.0 LPORT: 5900 Once the exploit runs, the module will open the proxy port and try to connect to it with "vncviewer" if you have it installed (included by default with the Windows install of the Framework). -HD On Friday 28 July 2006 10:50, Mervyn Heng wrote:I have Metasploit running on my host OS and a vulnerable Win XP (with RealVNC v4.1.1). I used the POC from Blacksecurity and was able to log into my virtual machine running the vulnerable version of VNC. I tried to do the same with Metasploit but got the attached error page. What source IP and port should I be specifying within Metasploit?
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060730/fd65226e/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: Metasploit waits.JPG Type: image/jpeg Size: 95875 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060730/fd65226e/attachment.jpeg>
Current thread:
- RealVNC exploit issue Mervyn Heng (Jul 28)
- RealVNC exploit issue H D Moore (Jul 28)
- RealVNC exploit issue Mervyn Heng (Jul 29)
- RealVNC exploit issue Dane Krapchev (Jul 30)
- RealVNC exploit issue Mervyn Heng (Jul 29)
- RealVNC exploit issue H D Moore (Jul 28)