[Full-Disclosure] XP Remote Desktop Remote Activation
fixer907 at gmail.com
Sun Oct 3 15:39:31 BST 2004
Funny you should mention that, I was just wondering last night how to
use PEX to turn this into a Metasploit payload...:-)
One of these days I've got to sit down and start tinkering with it as
there's 2 or 3 payloads I want to add to Metasploit (mostly custom
backdoors), but I'm lazy and haven't gotten around to it.
On Sun, 3 Oct 2004 00:58:18 -0500, H D Moore <fdlist at digitaloffense.net> wrote:
> If the exploit was written as a module for the Metasploit Framework, just
> select the VNC in-memory DLL injection payload and call it done. This
> payload has the following advantages:
> - No files are written to disk, the AV has no chance of catching it
> - The VNC server is a thread in the exploited app's process
> - The payload works in read-only mode if admin privs aren't obtained
> - It will use the WinLogon desktop if locked or nobody is logged in
> - A command prompt is provided with the privs of the exploited process
> - If the exploit causes the app to exit on crash, no traces are left
> On Friday 01 October 2004 23:50, Fixer wrote:n
> > ____________________________________________________________________
> > Windows XP Professional provides a service called Remote Desktop,
> > which allows a user to remotely control the desktop as if he or she
> > were in front of the system locally (ala VNC, pcAnywhere, etc.).
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.