[Full-Disclosure] XP Remote Desktop Remote Activation
H D Moore
fdlist at digitaloffense.net
Sun Oct 3 06:58:18 BST 2004
If the exploit was written as a module for the Metasploit Framework, just
select the VNC in-memory DLL injection payload and call it done. This
payload has the following advantages:
- No files are written to disk, the AV has no chance of catching it
- The VNC server is a thread in the exploited app's process
- The payload works in read-only mode if admin privs aren't obtained
- It will use the WinLogon desktop if locked or nobody is logged in
- A command prompt is provided with the privs of the exploited process
- If the exploit causes the app to exit on crash, no traces are left
http://metasploit.com/images/vnc.jpg
http://metasploit.com/projects/Framework/
-HD
On Friday 01 October 2004 23:50, Fixer wrote:n
> ____________________________________________________________________
> Windows XP Professional provides a service called Remote Desktop,
> which allows a user to remotely control the desktop as if he or she
> were in front of the system locally (ala VNC, pcAnywhere, etc.).
Full-Disclosure is hosted and sponsored by Secunia.