lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: fdlist at digitaloffense.net (H D Moore)
Subject: XP Remote Desktop Remote Activation

If the exploit was written as a module for the Metasploit Framework, just 
select the VNC in-memory DLL injection payload and call it done.  This 
payload has the following advantages:

 - No files are written to disk, the AV has no chance of catching it
 - The VNC server is a thread in the exploited app's process
 - The payload works in read-only mode if admin privs aren't obtained
 - It will use the WinLogon desktop if locked or nobody is logged in
 - A command prompt is provided with the privs of the exploited process
 - If the exploit causes the app to exit on crash, no traces are left

http://metasploit.com/images/vnc.jpg
http://metasploit.com/projects/Framework/

-HD


On Friday 01 October 2004 23:50, Fixer wrote:n
> ____________________________________________________________________
> Windows XP Professional provides a service called Remote Desktop,
> which allows a user to remotely control the desktop as if he or she
> were in front of the system locally (ala VNC, pcAnywhere, etc.).

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux