lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200410030058.18180@M3T4>
From: fdlist at digitaloffense.net (H D Moore)
Subject: XP Remote Desktop Remote Activation

If the exploit was written as a module for the Metasploit Framework, just 
select the VNC in-memory DLL injection payload and call it done.  This 
payload has the following advantages:

 - No files are written to disk, the AV has no chance of catching it
 - The VNC server is a thread in the exploited app's process
 - The payload works in read-only mode if admin privs aren't obtained
 - It will use the WinLogon desktop if locked or nobody is logged in
 - A command prompt is provided with the privs of the exploited process
 - If the exploit causes the app to exit on crash, no traces are left

http://metasploit.com/images/vnc.jpg
http://metasploit.com/projects/Framework/

-HD


On Friday 01 October 2004 23:50, Fixer wrote:n
> ____________________________________________________________________
> Windows XP Professional provides a service called Remote Desktop,
> which allows a user to remotely control the desktop as if he or she
> were in front of the system locally (ala VNC, pcAnywhere, etc.).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ