You may want to check out the VNC payload in Metasploit.
I have gotten a meterpreter session to my (Windows XP) victim machine and am able to upload files, but I'm not sure where (if anywhere) in the Backtrack installation I can find a Windows VNC server to upload. Does Backtrack come with anything like that?
(Before anyone asks why -- I need to have GUI access to my victim machine so I can use a key piece of graphical software installed on it. Also, I'm running Backtrack as a live CD, so I would like to use files on the live CD if possible, but obviously if it's not there, I'll just mount a thumb drive and get it off of that.)
yes the reverse vnc is easyer and more practical but maybe you should take a look in this directory, there is a zip file with vnc software and much more...
It's very possible to get a GUI from meterpreter session. However, I think you can make things even much simpler if you use the VNC reverse connector instead of the meterpreter one. Before running the exploit, type show payloads to get a full list of all the payloads and select the appropriate one from the last say 10 (can't remember exact number)..
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
Thanks for your responses.
Unfortunately, I'm stuck with meterpreter since I got on with autopwn. My goal is to get on a plain XP SP2 machine with pretty much nothing running on it, so I'm not sure how autopwn even turned something up. How do I know which exploit was the successful one? It does seem like it would be more straightforward to do the VNC payload with non-autopwning Metasploit, but OpenVAS doesn't find any vulnerabilities, so I'm not sure how to proceed without any information there. I tried ms08_067_netapi for kicks and it was not successful. Obviously there's *some* vulnerability that autopwn finds, but I'm at a loss for how to identify it.
BigMac, I think I see the file you are talking about -- vnc-ssh.rar -- but BackTrack doesn't seem to come with unrar. Is there something included that I can use instead? I'm really hoping to work just off the Live CD.