Jump to content

NAT router and remote box

thelowlyone

By thelowlyone
in Everything Else

 Share

Recommended Posts

thelowlyone Newbie

thelowlyone

Posted
Posted

I'm running a Windows XP (Home Edition) computer behind a NAT router and I control it remotely using VNC. However, I recently lost control of it. I'm not sure what happened but when I tried connecting to it yesterday it just wouldn't connect. No error message or anything the viewer just opened and then closed. I'm using TightVNC server and I've tried using the TightVNC viewer, UltraVNC viewer and the Java viewer to connect to the computer with no success.

The machine is located in my uncle's house and he's out of town for the next 2 weeks or so which means I can't get physical access to it (not to mention he lives ~80 miles from me). I can connect to the router fine (remote management is enabled). I checked all the settings on the router such as port forwarding and such. Is there anyway for me to get shell access to the computer so that I can restart the machine or just the VNC server? Thanks in advance.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

You could try giving wake on lan a try, if its etherneted in, and has power, you can remotely turn it on. If VNC is set as a service, it should bring it up again. And while unlikely, if you had a naked VNC on the net, with no VPN or SSH, it could have been pwned by some digital miscreant.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

There's probally a message box on the desktop lol. "click OK to accept connection". See if anything is listening on the vnc port (5800 or 5900 i think, unless you changed it). If there isn't, VNC isn't working right. Otherwise your next port of call is metasploit and hax0ring. Is the target machine fully up to date patchwise?

Link to comment
Share on other sites
thelowlyone Newbie

thelowlyone

Posted
  • Author
Posted

I think its something wrong with the VNC server because it "connects" but before it can finish loading the screen it closes. When I try to connect using Java, it connects but it doesn't display the "login" dialogue box. It says the applet has loaded but that's it, just blank. The title bar on Firefox displays the name of my computer and doesn't display anything.

As for patches, I haven't updated in a few months (~3 months). I didn't want to update because I don't have VNC running as a service. And how can I use metasploit to reconnect?

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

Long story short you use metaspolit to hack the system and gain access to it via a backdoor you've created. Then you can restart the VNC server or do one of those calls for remote assitance things.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

Google metaspolit, should throw something up. TBH i've never gotten it to work because i've kept everything up to date and not had anything else running that can be exploited. If you don't like the idea of exploiting the box your only option is to go over to your uncles house and reboot it, or wait 2 weeks until he's back.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

The easy way is since you have access to the router gui, is to put the machine in the DMZ. But this is risky, as anyone can do what i'm suggesting. If the machine in question has a firewall, this probally won't work, and I think the VNC injection was fixed as of SP2. In all honesty i'm not the best person to talk to about this, as while I know it may be possible, I don't have the information you need to make this work.

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted
If you have the winxp logins, can't you just forward the right ports/stick it in the dmz for a few mins and push a new VNC instance onto the box?

That would be best avoided... might cause worse problems...

I have, however, looked around and to try to login remotly with mmc you need to fardward ports 3350 and 3351 TCP. Once you have done that, you need to make sure your acount on the computer you are currently on has the same user name and password as a administrator user (not the administrator). Then oepn services.msc, right clcik on the only item in the left panle and click connect and type in the computers IP address, you should now have a list of all the services that the computers has and you can start and stop them. If you get any errors/warnings, egnor them for the most part (I know, bad practice, but I do this all the time and it will some times screem errors at me and after 'ok'ing them all away it still works.).

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted
Well then cant he install the service...

Not remotly no... but my point is that a default install will install the service regurdless of weather or not you run it as a service is up to you. In this instance it is not been run as a service, but that dosn't mean the services isn't installed.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

Right: With ultraVNC (i'm testing more), a default install DOES NOT INSTALL A SERVICE. You have to choose to install the service, and without that choice being selected, its not in computer managments list of services.

Tight VNC doens't, but RealVNC does by default.

So, given that the guy is using TightVNC, and not realVNC, he's not going to be able to do what you say is he Sparda.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...