Metasploit mailing list archives
VNC payload problems
From: andres.riancho at gmail.com (Andres Riancho)
Date: Tue, 25 Sep 2007 17:50:49 -0300
hdm, On 9/25/07, H D Moore <hdm at metasploit.com> wrote:
I see this once in a while -- usually its caused by one of these two issues: 1) Security software on the target is breaking causing VNC to crash
well, the target is a fresh install of windows 2k, so i don't think this is the case. 2) Some other software is killing the exploit process, with VNC in it hmmm , could be... going to test some ideas based on your pointers. Common case is using the "psexec" exploit with the VNC payload, the
service control manager will kill VNC after a few seconds. One way to track whats going on is to attach a debugger to the target process and see what happens when the connection is closed.
"what happens when the connection is closed.", what do you mean with this ? -HD
On Tuesday 25 September 2007 15:29, Andres Riancho wrote:Neither bind and reverse VNC are working. I think that the problem is with the TCP relay... any ideas on why this ain't working? How can I debug the multistage payload (the .exe on the remote server) ?
-- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070925/3aeb0154/attachment.htm>
Current thread:
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems H D Moore (Sep 25)
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems Patrick Webster (Sep 25)
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems H D Moore (Sep 26)
- VNC payload problems Andres Riancho (Sep 26)
- VNC payload problems Andres Riancho (Sep 25)
- VNC payload problems Andres Riancho (Sep 26)
- VNC payload problems H D Moore (Sep 25)
- <Possible follow-ups>
- VNC payload problems Steven Olson (Sep 26)