It would help if I knew what exploit you were referring too.
Metasploit exploration question
Hey guys, just the other day I decided to do a bit of exploration in Metasploit. It was something I had avoided up until this moment. Anyhow, the best way to learn is to have a bit of a play around, so I decided to do so. I have two PC's sitting side by side, one running Windows Vista which was also the one I booted BackTrack on, and the other running Ubuntu and Windows XP. I booted into Windows XP, because it has the VNC server and viewer installed. Then I went into BackTrack on this PC and tried a VNC exploit where I wait for the connection. Here is where I got a bit confused. The default port for listening was port 4444. What I would like to know is - do I need to open this port on BackTrack and then try and connect to BackTrack from the other PC, or do I need to change this port to the default for VNC - 5900, and then try and connect from the XP computer? Or am I missing something completely? I did read in one of the other threads about creating a malicious web page - I am assuming that's not applicable with the VNC exploits, but I could be wrong. Any ideas? Thanks, and if you could point me towards further reading/tutorials that would be cool too. I just need a little something to start on, and then I can teach myself the rest with ease. Thanks guys
-Stephen
It would help if I knew what exploit you were referring too.
Sorry Purehate, you have a point there. It is the Client Buffer Overflow RealVNC 3.3.7.
-Stephen
Default port of 4444 was target or attacker?
You can tell which port VNC is listening on, on the target using netstat -a (locally) or nmap (remotely).
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
This is a good video to check out just to see how everything works. I believe this is an older version of metasploit, but same concept.
http://www.irongeek.com/i.php?page=videos/metasploit1
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
So I'm going to assume you realize that the victim computer must have RealVNC 3.3.7. running on it?Originally Posted by phoenix910
Also Just because the exploit is for VNC that does not automatically mean you will get vnc control. Now naturally you would try that payload first but if it doesnt work well then keep trying. Normally only one or two of the payloads will work on any given exploit .
Reverse Shell is the only thing that has worked for me.
Then I run this http://www.tburke.net/info/misc/vnc_remote.htm
Or something close to that. I have it all nicely wrapped into a batch file. Just upload, run the batch file, then you got a VNC server to connect to. The only downside, is that on some machines, the VNC server will showup in the taskbar on the bottom right. Or sometimes there is a space there but no Icon. When you hover the mouse over it, It says VNC. So it's not "really" hidden. But the install is pretty silent.
Or this article http://wiki.hak5.org/wiki/Remotely_Install_VNC
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
the way to get around that is when you are building the backdoor/vnc on a windows machine you install it first and delete that key out of the registry. The rebuild the program, put it in a batch file with a listen command and the connect with metasploit. I could do a write up on building a vnc back door from scratch but it must be done in windows because it must be installed to delete the registry keys to make it invisible. I f you set the file to run at startup the next time the machine is turned on it is running. Much more invisible than that hack5 article.
Yeah, I did realise that, but my main problem was just in the fact that I know that VNC is listening on port 5900 on the other PC, and I was trying to do a reverse shell, so that from the other PC I could attempt to connect to my BackTrack one, at which stage it receives a connection and then launches the exploit. But would I have to change MetaSploits default port for receiving connections then from 4444 to 5900 as well?
And to all the others who have posted links, thank you, I shall have a look soon enough.
-Stephen
No the port on the attack machine is whatever the default is unless you change it.
Posting Permissions