Slashdot Mirror
Point, Click, Root.
An anonymous reader writes "The Metasploit Project just released version 2.2 of the Metasploit Framework. This release includes a VNC server payload that can be used with almost any of the Windows exploits. The scary thing about this payload is that the VNC server executes as a new thread in the exploited process; without writing any files to the disk drive. Is this the end as we know it for simple remote command shell exploits? A couple
articles have already mentioned this project."
Here
What a sad day when even taking over someone's machine can be done point-and-click style. Seemed so much more personal when you just had a remote shell.
The cool thing about the VNC payload is that it works if the machine is not logged in, or if the screen is locked.
How does something start off as a "portable network game" and end up as a f*cking remote GUI root?
Un-news
According to metasploit.com:
"This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only."
I have recently obtained a patent on One-Click Cracking.
Our lawyers will be getting in touch with the MetaSploit group to discuss licensing options.
Thank you,
Jeff Bezos
Founder and CEO
amazon.com
Congratulations adventurer!
Your quest is at an end for you have reached the root of NetHack.
Within, the Wizard of MS RAS has no power, the Oracle 8i speaks with utmost clarity, and the stack overflow bugs do not bite.
This comment does not necessarily represent the views and opinions of the author.
"Since when has it been news that VNC is shitty and insecure?"
Umm....RTFA.
It's a exploit for Windows (from the screenshot it seems to use the LSASS vulnerability that Sasser uses) that includes a VNC server in the payload, allowing remote GUI access under SYSTEM priveledges (SYSTEM is like root in *nix, higher than even the Administrators group).
Better hope all your boxes are patched against this vulnerability, or prepare to watch the kiddies go to work.
Any yes I do mean watch, that's the only "problem" with this system, whatever you do directly shows up on the real screen, so the user is likely to notice suspicious things happening.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
Or... you could connect in view-only mode and watch them type in sensitive data. Maybe install a key logger when they aren't around. Dig through their personal file stash and find nudies of their husband or wife and upload them to yafro.com. There's a whole lot of personal nastiness and ID theft that could result from this. Which leads me to lesson #1. NEVER put your PC directly on the internet. If you do, you deserve whatever happens to you.
Un-news
Ugh. This is going to be really popular with the script kiddies. I have to (grudgingly) admit that this is quite elegant though.
I wonder if running your own (password-protected) vncserver will be any protection against this. I guess it depends on whether the payloaded vncserver can have its port changed or whether it is stuck with the default.
If it can be changed then this is going to be very nasty. You couldn't even simply firewall all the vnc ports any more as the kiddie could configure the server to run on an unprivileged port. I suppose that SYN flag checking or using a connection-stateful firewall should protect against this.
Yuck.
... to make security experts more valuable by making security vulnerablities easier to exploit.
Mathematics is not a crime.