If the exploit was written as a module for the Metasploit Framework, just select the VNC in-memory DLL injection payload and call it done. This payload has the following advantages:
- No files are written to disk, the AV has no chance of catching it - The VNC server is a thread in the exploited app's process - The payload works in read-only mode if admin privs aren't obtained - It will use the WinLogon desktop if locked or nobody is logged in - A command prompt is provided with the privs of the exploited process - If the exploit causes the app to exit on crash, no traces are left http://metasploit.com/images/vnc.jpg http://metasploit.com/projects/Framework/ -HD On Friday 01 October 2004 23:50, Fixer wrote:n > ____________________________________________________________________ > Windows XP Professional provides a service called Remote Desktop, > which allows a user to remotely control the desktop as if he or she > were in front of the system locally (ala VNC, pcAnywhere, etc.). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
