Point, Click, Root.
An anonymous reader writes "The Metasploit Project just released version 2.2 of the Metasploit Framework. This release includes a VNC server payload that can be used with almost any of the Windows exploits. The scary thing about this payload is that the VNC server executes as a new thread in the exploited process; without writing any files to the disk drive. Is this the end as we know it for simple remote command shell exploits? A couple
articles have already mentioned this project."
The cool thing about the VNC payload is that it works if the machine is not logged in, or if the screen is locked.
How does something start off as a "portable network game" and end up as a f*cking remote GUI root?
Un-news