An attacker already has a Meterpreter session (a text command shell) on a compromised Windows host and now wants a graphical desktop. What does deploying TightVNC give them, and how does it differ from that Meterpreter command shell?
TightVNC provides a full graphical remote desktop — the attacker sees and controls the victim's screen with mouse and keyboard, versus Meterpreter's text command-line.
VNC (Virtual Network Computing) is a remote-desktop protocol that streams the target's screen and relays input back. TightVNC is one popular implementation. Starting from the existing Meterpreter foothold, it escalates the takeover from commands to the whole GUI: the attacker on Kali watches the Windows desktop live and clicks around as the logged-in user.
| Meterpreter shell | TightVNC | |
|---|---|---|
| Interface | text commands | full graphical desktop |
| Feels like | scripting the box | sitting at the box |
| Good for | automation, stealth | anything that needs the GUI |
Legitimately, VNC/RDP are everyday remote-admin tools — the danger is the same capability in the wrong hands once a machine is compromised.
Tip: Shell = puppet strings; VNC = wearing the costume. Both control the victim, one just shows you the screen.