Moniter Windows Desktop with VNCJNJECT in Metasploit

Hi guys!
Now i free time, i make tutorial show you "How to Moniter Windows Desktop using vncinject on Metasploit"
Ok, let's go..

VNC jnjection in Metasploit

Using the Metasploit payload for VNC injection, we can also inject a VNC server remotely, and can have the display thrown back to the host system. Users of the target system user will not notice that their display is being shared, though there is a trick—we have to disable the Metasploit courtesy shell which appears on the target system's display. If the courtesy shell is not disabled, then it will show a blue command prompt window at the time of exploitation, as shown in Figure 1. This can warn the users of the target system, and result in attack detection. After disabling the courtesy shell, it will not display the blue prompt, as you can see in Figure 2. VNC injection can also be used when a user is not logged in; in that case, don't bother to disable the courtesy shell.
-----------------#--------------

--------------------#------------------

Subscribe my channel, facebook to receve more tutorial's metasploit and hacking.

My channel: https://www.youtube.com/channel/UCwLM5caRRGycxqxkVjDz0lg

Facebook: https://www.facebook.com/pentester72/

Thanks!!

Exploit SMB protocol using smb_login module in Metasploit (Modules in Metasploit Part 1)

Validating SMB Logins

When you want to run a scan for a specific vulnerability across a network, Metasploit provide many auxiliary can help you accomplish such tasks.
The following Metasploit modules are just a few examples of many useful auxiliary scanning modules include in the Framework. Take advantage of your lab to probe and explore as many of them as you can.
smb_login in Metasploit
To check the validity of a username and password combination, use the SMB Login Check Scanner to connect to a range of hosts. As you might expect, this scan is loud and noticeable, and each login attempt will show up in the event logs of every Windows box it encounters.
After selectings the smb_login module with use, you can run show options to see the settings listed under the Required column. Metasploit allows you to specify a username and password comnination, a username and password list, ar a combination of either. In the next example, RHOSTS is set to small range of IP addresses and a username and password are configured for Metasploit to try against all addressws.

Options in smb_login module

Exploit target using smb_login module 

You can see successful login with user Administrator and a password of s3cr3t. Because workstations are all cloned from one image and deployed through the enterprise in many corporate environments, the administrator password may well be the same on all of them, granting you access to every workstation on the network.

Thanks for your reading.

Any question!

Youtube: https://www.youtube.com/channel/UCwLM5caRRGycxqxkVjDz0lg

Subscribe my channel to receive new tutorial for pennetration testing.

Thanks again!