# 5800,5801,5900,5901 - Pentesting VNC

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Basic Information

**Virtual Network Computing (VNC)** ni mfumo thabiti wa kushiriki desktop wa picha unaotumia **Remote Frame Buffer (RFB)** protokali kuwezesha udhibiti wa mbali na ushirikiano na kompyuta nyingine. Kwa VNC, watumiaji wanaweza kuingiliana kwa urahisi na kompyuta ya mbali kwa kutuma matukio ya kibodi na panya kwa pande zote mbili. Hii inaruhusu ufikiaji wa wakati halisi na inarahisisha msaada wa mbali au ushirikiano kupitia mtandao.

VNC kwa kawaida hutumia bandari **5800 au 5801 au 5900 au 5901.**
```
PORT    STATE SERVICE
5900/tcp open  vnc
```
## Uhesabuzi
```bash
nmap -sV --script vnc-info,realvnc-auth-bypass,vnc-title -p <PORT> <IP>
msf> use auxiliary/scanner/vnc/vnc_none_auth
```
### [**Brute force**](../generic-methodologies-and-resources/brute-force.md#vnc)

## Unganisha na vnc ukitumia Kali
```bash
vncviewer [-passwd passwd.txt] <IP>::5901
```
## Kuondoa siri ya nenosiri la VNC

Nenosiri la **kawaida limehifadhiwa** katika: \~/.vnc/passwd

Ikiwa una nenosiri la VNC na linaonekana limefichwa (baiti chache, kama vile linaweza kuwa nenosiri lililofichwa), huenda limeandikwa kwa 3des. Unaweza kupata nenosiri la wazi kwa kutumia [https://github.com/jeroennijhof/vncpwd](https://github.com/jeroennijhof/vncpwd)
```bash
make
vncpwd <vnc password file>
```
You can do this because the password used inside 3des to encrypt the plain-text VNC passwords was reversed years ago.\
For **Windows** you can also use this tool: [https://www.raymond.cc/blog/download/did/232/](https://www.raymond.cc/blog/download/did/232/)\
I save the tool here also for ease of access:

{% file src="../.gitbook/assets/vncpwd.zip" %}

## Shodan

* `port:5900 RFB`

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}