Realvnc bypass auth connection failure

[barcajax at gmail.com (Mervyn Heng)]

Hi Mr Moore. I tested the same exploit from Metasploit in Backtrack (running
as a virtual machine) against my vulnerable RealVNC server (also a virtual
machine) and was successful in gaining remote access without requiring the
VNC password.
I attribute my previous failure to the fact that the exploit could not
locate my VNC client (within XP) versus the fact that it automatically found
and launched the TightVNC client in Backtrack.
Thanks for your time and feedback.

On 7/31/06, Mervyn Heng <barcajax at gmail.com> wrote:
> Mr Moore, you are right about port 5900. It was not listening on my
> machine. I can't put my finger on why its not listening though. Any
> pointers?
>
>
> On 7/31/06, H D Moore <hdm at metasploit.com> wrote:
> > After launching the Metasploit module, open a command shell and run
> > "netstat -na", make sure port 5900 is actually listening. Then try
> > connecting to this as localhost/127.0.0.1, either with the GUI or using
> > the vncviewer command line (vncviewer 127.0.0.1::5900). If this fails,
> > try connecting manually with telnet or netcat. I can't reproduce that
> > issue on the Metasploit test machines.
> >
> > -HD
> >
> > On Sunday 30 July 2006 20:07, Mervyn Heng wrote:
> > > Tried doing the same using the exploit provided by Metasploit but with
> > > no luck. Metasploit states that it is listening for VNC connections on
> > > 0.0.0.0:5900 but when I used the VNC viewer by specifying localhost,
> > > 127.0.0.1,  0.0.0.0 or the host OS IP, I keep getting a connection
> > > error message. Already turned off the firewall on the virtual machine
> > > and host OS... any ideas why I can't connect to the VNC server through
> >
> > > Metasploit as a proxy?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060731/136dc026/attachment.htm>