The UltraVNC Viewer 1.0.2 application has a larger than 512 bytes buffer that is at risk of being overflowed. You must determine the size of the buffer in bytes (see instructions for a method to do this). You will need to determine the size of the buffer and choose a positive integer constant large enough to contain the input. This is a 32-bit integer. An example for a 32-bit integer constant would be 4294967295 which is the maximum value for the integer. The integer you choose should be large enough to contain the input required and will not overflow the buffer. If you don’t know the buffer size of the internal buffer in the UltraVNC Viewer, you can determine the buffer size by using the “help” command. When this command is used, the UltraVNC Viewer will prompt you to press “1” for help about buffer limits and the size of the buffer. This will provide you the size of buffer in bytes that you after you will use for the exploit code.
After you chose a buffer size the next thing you need is a payload to fill the buffer of the buffer size. There are a few payloads that work well for a buffer overflow. All of these payloads have the same basic function. This is to send a malicious program from one machine to another. These payloads include: Stage2, Stage3, Stage4, Stage2_CHEAT, Stage2_CHEAT_NOANSIE, and Stage3_CHEAT.
1) you can to understand how uvnc generates password; 2) you can install vnc on you computer and copy passwd from local installed here on remote host; 3) you can use Windows Authentification, and connect with windows creditionals. d2c66b5586