mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
90 lines
4.5 KiB
Markdown
90 lines
4.5 KiB
Markdown
# 5800,5801,5900,5901 - Pentesting VNC
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
<figure><img src="../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
|
|
|
|
{% embed url="https://www.stmcyber.com/careers" %}
|
|
|
|
## Basic Information
|
|
|
|
**Virtual Network Computing (VNC)** is a robust graphical desktop-sharing system that utilizes the **Remote Frame Buffer (RFB)** protocol to enable remote control and collaboration with another computer. With VNC, users can seamlessly interact with a remote computer by transmitting keyboard and mouse events bidirectionally. This allows for real-time access and facilitates efficient remote assistance or collaboration over a network.
|
|
|
|
VNC usually uses ports **5800 or 5801 or 5900 or 5901.**
|
|
|
|
```
|
|
PORT STATE SERVICE
|
|
5900/tcp open vnc
|
|
```
|
|
|
|
## Enumeration
|
|
|
|
```bash
|
|
nmap -sV --script vnc-info,realvnc-auth-bypass,vnc-title -p <PORT> <IP>
|
|
msf> use auxiliary/scanner/vnc/vnc_none_auth
|
|
```
|
|
|
|
### [**Brute force**](../generic-methodologies-and-resources/brute-force.md#vnc)
|
|
|
|
## Connect to vnc using Kali
|
|
|
|
```bash
|
|
vncviewer [-passwd passwd.txt] <IP>::5901
|
|
```
|
|
|
|
## Decrypting VNC password
|
|
|
|
Default **password is stored** in: \~/.vnc/passwd
|
|
|
|
If you have the VNC password and it looks encrypted (a few bytes, like if it could be an encrypted password), it is probably ciphered with 3des. You can get the clear text password using [https://github.com/jeroennijhof/vncpwd](https://github.com/jeroennijhof/vncpwd)
|
|
|
|
```bash
|
|
make
|
|
vncpwd <vnc password file>
|
|
```
|
|
|
|
You can do this because the password used inside 3des to encrypt the plain-text VNC passwords was reversed years ago.\
|
|
For **Windows** you can also use this tool: [https://www.raymond.cc/blog/download/did/232/](https://www.raymond.cc/blog/download/did/232/)\
|
|
I save the tool here also for ease of access:
|
|
|
|
{% file src="../.gitbook/assets/vncpwd.zip" %}
|
|
|
|
## Shodan
|
|
|
|
* `port:5900 RFB`
|
|
|
|
<figure><img src="../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
|
|
|
|
{% embed url="https://www.stmcyber.com/careers" %}
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|