VNC
VNC usually uses ports 5800 or 5801 or 5900 or 5901.
What is VNC?
It is a cross-platform screen sharing system that was created to remotely control another computer. This means that a computer’s screen, keyboard, and mouse can be used from a distance by a remote user from a secondary device as though they were sitting right in front of it.
VNC works on a client/server model. A server component is installed on the remote computer (the one you want to control), and a VNC viewer, or client, is installed on the device you want to control from. This can include another computer, a tablet, or a mobile phone. When the server and viewer are connected, the server transmits a copy of the remote computer’s screen to the viewer.
1
2
PORT STATE SERVICE VERSION
5900/tcp open vnc VNC (protocol 3.3)
VNC Pentesting
 Shodan search query : |
|---|
port:5800,5801,5900,5901 |
port:5901 authentication disabled |
rfb authentication disabled |
Banner Grabbing
1
2
3
4
5
#Nmap Scripts:
nmap -sV --script vnc-info,realvnc-auth-bypass,vnc-title -p <PORT> 10.10.x.x
#Metasploit Framework:
msf> use auxiliary/scanner/vnc/vnc_none_auth
VNC Credentials
Decrypting VNC Password
Default password is stored in: ~/.vnc/passwd.
If you have the VNC password and it looks encrypted (a few bytes, like if it could be and encrypted password). It is probably ciphered with
3des. You can get the clear text password usingvncpwd. Because in 3des the password used to encrypt plaintext VNC passwords was reversed years ago.
GitHub - jeroennijhof/vncpwd: VNC Password Decrypter
VNC Password Decrypter repository.
1
2
make
vncpwd <vnc password file>
Connection Tools
Debian:
1
2
vncviewer [-passwd passwd.txt] [10.10.x.x]::5901
vncviewer [-passwd password] [10.10.x.x]::5901
Windows:
Comments powered by Disqus.