Slashdot Mirror
Point, Click, Root.
An anonymous reader writes "The Metasploit Project just released version 2.2 of the Metasploit Framework. This release includes a VNC server payload that can be used with almost any of the Windows exploits. The scary thing about this payload is that the VNC server executes as a new thread in the exploited process; without writing any files to the disk drive. Is this the end as we know it for simple remote command shell exploits? A couple
articles have already mentioned this project."
Here
According to metasploit.com:
"This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only."
"Since when has it been news that VNC is shitty and insecure?"
Umm....RTFA.
It's a exploit for Windows (from the screenshot it seems to use the LSASS vulnerability that Sasser uses) that includes a VNC server in the payload, allowing remote GUI access under SYSTEM priveledges (SYSTEM is like root in *nix, higher than even the Administrators group).
Better hope all your boxes are patched against this vulnerability, or prepare to watch the kiddies go to work.
Any yes I do mean watch, that's the only "problem" with this system, whatever you do directly shows up on the real screen, so the user is likely to notice suspicious things happening.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
that anybody running VNC servers (or any remote access software) should have in place good firewalls and a good quality VPN requiring strong authentication.
ahem...torrent please?
For non Aussies:
Root = To have sex with, to fuck.
RTFA. They're using an unpassworded VNC server as the payload for your favorite win32 exploit. Thus, once you can root their machine, you can run a full VNC server in RAM and then wait till said luser sets their aim away message and goes to their boyfriend's house and have fun looking through their files remotely.
I wonder if running your own (password-protected) vncserver will be any protection against this.
Negative. One of the r-parameters you throw back (depending on whether you do a direct inject or a reverse tunnel inject) is what port the daemon is listening on. Keep in mind, you're not adding a VNC service or using an existing one, you're injecting the code into running memory. It will run even if there's another one hanging out on the system. Hell, it even bypasses the GINA.
One of the things we haven't done over here is test it while another remote user is actively VNC-ing the box. That would be interesting.
Also, keep in mind that VNC injection is only one of many payloads, and in my opinion, not nearly the most useful (but definitely the most fun).
trustedworlds.net - gaming, security, and the gunk that lives in between
yeah but obviously u haven't RTFA'ed cause then you would know how much better VNC server as A PAYLOAD is than some of these other tools that you've meantioned...the metasploit VNC payload WILL NOT create a new process and WILL NOT touch the disk at all, it doesn't simply "automate the installer".
If you own a box and put Netbus on it any forensics monkey can figure out what was going on. With metasploit framework they'll be totally useless...time to find a new job forensics guys!
Oh and if people think you are the Simpsons' comic book guy.....it is prob. cause you are.
It is not a VNC exploit - it exploits some vulnerability on the system and then has VNC as its payload. So once you have exploited the hole you have a nice VNC session for your personal use.