mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 06:30:37 +00:00
82 lines
4.7 KiB
Markdown
82 lines
4.7 KiB
Markdown
# 5800,5801,5900,5901 - Pentesting VNC
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
<figure><img src="../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
|
|
|
|
{% embed url="https://www.stmcyber.com/careers" %}
|
|
|
|
## 기본 정보
|
|
|
|
**Virtual Network Computing (VNC)**는 **Remote Frame Buffer (RFB)** 프로토콜을 사용하여 원격 제어 및 다른 컴퓨터와의 협업을 가능하게 하는 강력한 그래픽 데스크탑 공유 시스템입니다. VNC를 사용하면 사용자가 키보드 및 마우스 이벤트를 양방향으로 전송하여 원격 컴퓨터와 원활하게 상호작용할 수 있습니다. 이를 통해 실시간 액세스가 가능하며 네트워크를 통한 효율적인 원격 지원 또는 협업을 촉진합니다.
|
|
|
|
VNC는 일반적으로 **5800 또는 5801 또는 5900 또는 5901** 포트를 사용합니다.
|
|
```
|
|
PORT STATE SERVICE
|
|
5900/tcp open vnc
|
|
```
|
|
## 열거
|
|
```bash
|
|
nmap -sV --script vnc-info,realvnc-auth-bypass,vnc-title -p <PORT> <IP>
|
|
msf> use auxiliary/scanner/vnc/vnc_none_auth
|
|
```
|
|
### [**무차별 대입 공격**](../generic-methodologies-and-resources/brute-force.md#vnc)
|
|
|
|
## Kali를 사용하여 vnc에 연결하기
|
|
```bash
|
|
vncviewer [-passwd passwd.txt] <IP>::5901
|
|
```
|
|
## VNC 비밀번호 복호화
|
|
|
|
기본 **비밀번호는 저장됩니다**: \~/.vnc/passwd
|
|
|
|
VNC 비밀번호가 있고 암호화된 것처럼 보인다면(몇 바이트, 암호화된 비밀번호일 수 있는 경우), 아마도 3des로 암호화된 것입니다. [https://github.com/jeroennijhof/vncpwd](https://github.com/jeroennijhof/vncpwd)를 사용하여 평문 비밀번호를 얻을 수 있습니다.
|
|
```bash
|
|
make
|
|
vncpwd <vnc password file>
|
|
```
|
|
You can do this because the password used inside 3des to encrypt the plain-text VNC passwords was reversed years ago.\
|
|
For **Windows** you can also use this tool: [https://www.raymond.cc/blog/download/did/232/](https://www.raymond.cc/blog/download/did/232/)\
|
|
I save the tool here also for ease of access:
|
|
|
|
{% file src="../.gitbook/assets/vncpwd.zip" %}
|
|
|
|
## Shodan
|
|
|
|
* `port:5900 RFB`
|
|
|
|
<figure><img src="../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_유창한 폴란드어 필기 및 구사 필수_).
|
|
|
|
{% embed url="https://www.stmcyber.com/careers" %}
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|