Module: Msf::Sessions::VncInjectOptions

Defined in:
lib/msf/base/sessions/vncinject_options.rb

Instance Method Summary collapse

Instance Method Details

#initialize(info = {}) ⇒ Object


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/msf/base/sessions/vncinject_options.rb', line 7

def initialize(info = {})
  super(info)

  # Override the DLL path with the path to the meterpreter server DLL
  register_options(
    [
      OptPort.new('VNCPORT',
        [
          true,
          "The local port to use for the VNC proxy",
          5900
        ]),
      OptAddress.new('VNCHOST',
        [
          true,
          "The local host to use for the VNC proxy",
          '127.0.0.1'
        ]),
      OptBool.new('DisableCourtesyShell',
        [
          false,
          "Disables the Metasploit Courtesy shell",
          true
        ]),
      OptBool.new('ViewOnly',
        [
          false,
          "Runs the viewer in view mode",
          true
        ]),
      OptBool.new('AUTOVNC',
        [
          true,
          "Automatically launch VNC viewer if present",
          true
        ])
    ], self.class)

  register_advanced_options(
    [
      OptBool.new('DisableSessionTracking',
        [
          false,
          "Disables the VNC payload from following the active session as users log in an out of the input desktop",
          false
        ])
    ], self.class)
  deregister_options('DLL')

end

#library_nameObject

The library name that we're injecting the DLL as can be random.


61
62
63
# File 'lib/msf/base/sessions/vncinject_options.rb', line 61

def library_name
  Rex::Text::rand_text_alpha(8) + ".dll"
end

#on_session(session) ⇒ Object

If the AUTOVNC flag is set to true, automatically try to launch VNC viewer.


69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# File 'lib/msf/base/sessions/vncinject_options.rb', line 69

def on_session(session)
  # Calculate the flags to send to the DLL
  flags = 0

  flags |= 1 if (datastore['DisableCourtesyShell'])
  flags |= 2 if (datastore['DisableSessionTracking'])

  # Transmit the one byte flag
  session.rstream.put([ flags ].pack('C'))

  # Set up the local relay
  print_status("Starting local TCP relay on #{datastore['VNCHOST']}:#{datastore['VNCPORT']}...")

  session.setup_relay(datastore['VNCPORT'], datastore['VNCHOST'])

  print_status("Local TCP relay started.")

  # If the AUTOVNC flag is set, launch VNC viewer.
  if (datastore['AUTOVNC'] == true)
    if (session.autovnc(datastore['ViewOnly']))
      print_status("Launched vncviewer.")
    else
      print_error("Failed to launch vncviewer.  Is it installed and in your path?")
    end
  end

  super
end