Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: XP Remote Desktop Remote Activation
From: Fixer <fixer907 () gmail com>
Date: Sun, 3 Oct 2004 07:39:31 -0700

Funny you should mention that, I was just wondering last night how to
use PEX to turn this into a Metasploit payload...:-)

One of these days I've got to sit down and start tinkering with it as
there's 2 or 3 payloads I want to add to Metasploit (mostly custom
backdoors), but I'm lazy and haven't gotten around to it.


On Sun, 3 Oct 2004 00:58:18 -0500, H D Moore <fdlist () digitaloffense net> wrote:
If the exploit was written as a module for the Metasploit Framework, just
select the VNC in-memory DLL injection payload and call it done.  This
payload has the following advantages:

- No files are written to disk, the AV has no chance of catching it
- The VNC server is a thread in the exploited app's process
- The payload works in read-only mode if admin privs aren't obtained
- It will use the WinLogon desktop if locked or nobody is logged in
- A command prompt is provided with the privs of the exploited process
- If the exploit causes the app to exit on crash, no traces are left



On Friday 01 October 2004 23:50, Fixer wrote:n
Windows XP Professional provides a service called Remote Desktop,
which allows a user to remotely control the desktop as if he or she
were in front of the system locally (ala VNC, pcAnywhere, etc.).

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]