2023-08-03 19:12:22 +00:00
# 5800,5801,5900,5901 - VNC渗透测试
2022-04-28 16:01:33 +00:00
< details >
2024-01-05 23:28:30 +00:00
< summary > < strong > 通过< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > 从零开始学习AWS黑客攻击! < / strong > < / summary >
2022-04-28 16:01:33 +00:00
2024-01-05 23:28:30 +00:00
支持HackTricks的其他方式:
2022-04-28 16:01:33 +00:00
2024-01-05 23:28:30 +00:00
* 如果您希望在**HackTricks中看到您的公司广告**或**下载HackTricks的PDF**,请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks商品**](https://peass.creator-spring.com)
* 发现[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们独家的[**NFTs系列**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群组** ](https://discord.gg/hRep4RUj7f )或[**telegram群组**](https://t.me/peass)或在**Twitter** 🐦 [**@carlospolopm** ](https://twitter.com/carlospolopm )**上关注我。**
* **通过向** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) 和 [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github仓库提交PR来分享您的黑客技巧。**
2022-04-28 16:01:33 +00:00
< / details >
2023-08-03 19:12:22 +00:00
## 基本信息
2020-07-15 15:43:14 +00:00
2024-01-05 23:28:30 +00:00
在计算机领域,**虚拟网络计算**( ) , ( ) ,
2023-08-03 19:12:22 +00:00
来自[wikipedia](https://en.wikipedia.org/wiki/Virtual\_Network\_Computing)。
2020-07-15 15:43:14 +00:00
2024-01-05 23:28:30 +00:00
VNC通常使用端口**5800或5801或5900或5901。**
2021-10-18 11:21:18 +00:00
```
2020-07-15 15:43:14 +00:00
PORT STATE SERVICE
5900/tcp open vnc
```
2023-08-03 19:12:22 +00:00
## 枚举
```bash
nmap -sV --script vnc-info,realvnc-auth-bypass,vnc-title -p < PORT > < IP >
msf> use auxiliary/scanner/vnc/vnc_none_auth
```
### [**暴力破解**](../generic-methodologies-and-resources/brute-force.md#vnc)
2020-07-15 15:43:14 +00:00
2024-01-05 23:28:30 +00:00
## 使用Kali连接到vnc
2023-08-03 19:12:22 +00:00
```bash
vncviewer [-passwd passwd.txt] < IP > ::5901
```
## 解密VNC密码
2020-07-15 15:43:14 +00:00
2024-01-05 23:28:30 +00:00
默认**密码存储**在:\~/.vnc/passwd
2023-08-03 19:12:22 +00:00
2024-01-05 23:28:30 +00:00
如果你有VNC密码, ( , )
2020-07-15 15:43:14 +00:00
```bash
make
vncpwd < vnc password file >
```
2024-01-05 23:28:30 +00:00
您可以这样做,
对于**Windows**,您也可以使用此工具:[https://www.raymond.cc/blog/download/did/232/](https://www.raymond.cc/blog/download/did/232/)
为了方便访问,我也在这里保存了该工具:
2020-07-15 15:43:14 +00:00
{% file src="../.gitbook/assets/vncpwd.zip" %}
2022-05-01 13:25:53 +00:00
## Shodan
2020-09-23 23:00:32 +00:00
2020-09-24 19:58:30 +00:00
* `port:5900 RFB`
2022-04-28 16:01:33 +00:00
< details >
2024-01-05 23:28:30 +00:00
< summary > < strong > 从零开始学习AWS黑客技术, < / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS红队专家)< / strong > < / a > < strong > ! < / strong > < / summary >
2022-04-28 16:01:33 +00:00
2024-01-05 23:28:30 +00:00
支持HackTricks的其他方式:
2022-04-28 16:01:33 +00:00
2024-01-05 23:28:30 +00:00
* 如果您希望在**HackTricks中看到您的公司广告**或**下载HackTricks的PDF**,请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks商品**](https://peass.creator-spring.com)
* 发现[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们独家的[**NFTs系列**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群组** ](https://discord.gg/hRep4RUj7f )或[**telegram群组**](https://t.me/peass)或在**Twitter** 🐦 上**关注**我 [**@carlospolopm** ](https://twitter.com/carlospolopm )**。**
* **通过向** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) 和 [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github仓库提交PR来分享您的黑客技巧。
2022-04-28 16:01:33 +00:00
< / details >
