Re: [Full-Disclosure] XP Remote Desktop Remote Activation

[Fixer <fixer907@xxxxxxxxx>]

Funny you should mention that, I was just wondering last night how to
use PEX to turn this into a Metasploit payload...:-)

One of these days I've got to sit down and start tinkering with it as
there's 2 or 3 payloads I want to add to Metasploit (mostly custom
backdoors), but I'm lazy and haven't gotten around to it.

Fixer


On Sun, 3 Oct 2004 00:58:18 -0500, H D Moore <fdlist@xxxxxxxxxxxxxxxxxx> wrote:
> If the exploit was written as a module for the Metasploit Framework, just
> select the VNC in-memory DLL injection payload and call it done.  This
> payload has the following advantages:
> 
> - No files are written to disk, the AV has no chance of catching it
> - The VNC server is a thread in the exploited app's process
> - The payload works in read-only mode if admin privs aren't obtained
> - It will use the WinLogon desktop if locked or nobody is logged in
> - A command prompt is provided with the privs of the exploited process
> - If the exploit causes the app to exit on crash, no traces are left
> 
> http://metasploit.com/images/vnc.jpg
> http://metasploit.com/projects/Framework/
> 
> -HD
> 
> On Friday 01 October 2004 23:50, Fixer wrote:n
> > ____________________________________________________________________
> > Windows XP Professional provides a service called Remote Desktop,
> > which allows a user to remotely control the desktop as if he or she
> > were in front of the system locally (ala VNC, pcAnywhere, etc.).
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html