[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] XP Remote Desktop Remote Activation

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] XP Remote Desktop Remote Activation
From: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
Date: Sun, 3 Oct 2004 00:58:18 -0500

If the exploit was written as a module for the Metasploit Framework, just 
select the VNC in-memory DLL injection payload and call it done.  This 
payload has the following advantages:

 - No files are written to disk, the AV has no chance of catching it
 - The VNC server is a thread in the exploited app's process
 - The payload works in read-only mode if admin privs aren't obtained
 - It will use the WinLogon desktop if locked or nobody is logged in
 - A command prompt is provided with the privs of the exploited process
 - If the exploit causes the app to exit on crash, no traces are left

http://metasploit.com/images/vnc.jpg
http://metasploit.com/projects/Framework/

-HD


On Friday 01 October 2004 23:50, Fixer wrote:n
> ____________________________________________________________________
> Windows XP Professional provides a service called Remote Desktop,
> which allows a user to remotely control the desktop as if he or she
> were in front of the system locally (ala VNC, pcAnywhere, etc.).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] XP Remote Desktop Remote Activation
  - From: Fixer

References:
- [Full-Disclosure] XP Remote Desktop Remote Activation
  - From: Fixer

Prev by Date: Re: [Full-Disclosure] On Polymorphic Evasion
Next by Date: Re[2]: [Full-Disclosure] All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
Previous by thread: RE: [Full-Disclosure] XP Remote Desktop Remote Activation
Next by thread: Re: [Full-Disclosure] XP Remote Desktop Remote Activation
Index(es):
- Date
- Thread