Funny you should mention that, I was just wondering last night how to use PEX to turn this into a Metasploit payload...:-)
One of these days I've got to sit down and start tinkering with it as there's 2 or 3 payloads I want to add to Metasploit (mostly custom backdoors), but I'm lazy and haven't gotten around to it. Fixer On Sun, 3 Oct 2004 00:58:18 -0500, H D Moore <[EMAIL PROTECTED]> wrote: > If the exploit was written as a module for the Metasploit Framework, just > select the VNC in-memory DLL injection payload and call it done. This > payload has the following advantages: > > - No files are written to disk, the AV has no chance of catching it > - The VNC server is a thread in the exploited app's process > - The payload works in read-only mode if admin privs aren't obtained > - It will use the WinLogon desktop if locked or nobody is logged in > - A command prompt is provided with the privs of the exploited process > - If the exploit causes the app to exit on crash, no traces are left > > http://metasploit.com/images/vnc.jpg > http://metasploit.com/projects/Framework/ > > -HD > > On Friday 01 October 2004 23:50, Fixer wrote:n > > ____________________________________________________________________ > > Windows XP Professional provides a service called Remote Desktop, > > which allows a user to remotely control the desktop as if he or she > > were in front of the system locally (ala VNC, pcAnywhere, etc.). > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
