lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6f5565af041003073959b04c06@mail.gmail.com>
From: fixer907 at gmail.com (Fixer)
Subject: XP Remote Desktop Remote Activation

Funny you should mention that, I was just wondering last night how to
use PEX to turn this into a Metasploit payload...:-)

One of these days I've got to sit down and start tinkering with it as
there's 2 or 3 payloads I want to add to Metasploit (mostly custom
backdoors), but I'm lazy and haven't gotten around to it.

Fixer


On Sun, 3 Oct 2004 00:58:18 -0500, H D Moore <fdlist@...italoffense.net> wrote:
> If the exploit was written as a module for the Metasploit Framework, just
> select the VNC in-memory DLL injection payload and call it done.  This
> payload has the following advantages:
> 
> - No files are written to disk, the AV has no chance of catching it
> - The VNC server is a thread in the exploited app's process
> - The payload works in read-only mode if admin privs aren't obtained
> - It will use the WinLogon desktop if locked or nobody is logged in
> - A command prompt is provided with the privs of the exploited process
> - If the exploit causes the app to exit on crash, no traces are left
> 
> http://metasploit.com/images/vnc.jpg
> http://metasploit.com/projects/Framework/
> 
> -HD
> 
> On Friday 01 October 2004 23:50, Fixer wrote:n
> > ____________________________________________________________________
> > Windows XP Professional provides a service called Remote Desktop,
> > which allows a user to remotely control the desktop as if he or she
> > were in front of the system locally (ala VNC, pcAnywhere, etc.).
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ