Invoke-Vnc: Powershell VNC injector
Invoke-Vnc executes a VNC agent in-memory and initiates a reverse connection, or binds to a specified port. Password authentication is supported.
Execute agent remotely via WMI
If you have authenticated access (password, nt hash or kerberos ticket) to the machine, you can use the vncexec.py script to execute the VNC agent.
Upload an encoded ps1 script as a bat file via SMB and execute the agent to bind a VNC port on target:
Download the script via HTTP from the attacker’s host and execute the agent to get a reverse VNC connection:
Script depends on a recent build of impacket library. Get it at https://github.com/CoreSecurity/impacket
Invoke over net:
Launch VNC listener to catch reverse VNC connection: