5800,5801,5900,5901 - Pentesting VNC

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

If you are interested in hacking career and hack the unhackable - we are hiring! (fluent polish written and spoken required).

Careers | stmcyber.com | penetration testingstmcyber.com

Basic Information

Virtual Network Computing (VNC) ni mfumo thabiti wa kushiriki desktop wa picha unaotumia Remote Frame Buffer (RFB) protokali kuwezesha udhibiti wa mbali na ushirikiano na kompyuta nyingine. Kwa VNC, watumiaji wanaweza kuingiliana kwa urahisi na kompyuta ya mbali kwa kuhamasisha matukio ya kibodi na panya kwa pande mbili. Hii inaruhusu ufikiaji wa wakati halisi na inarahisisha msaada wa mbali au ushirikiano kwa njia ya mtandao.

VNC kwa kawaida hutumia bandari 5800 au 5801 au 5900 au 5901.

PORT    STATE SERVICE
5900/tcp open  vnc

Uhesabuzi

nmap -sV --script vnc-info,realvnc-auth-bypass,vnc-title -p <PORT> <IP>
msf> use auxiliary/scanner/vnc/vnc_none_auth

Brute force

Unganisha na vnc ukitumia Kali

vncviewer [-passwd passwd.txt] <IP>::5901

Kuondoa usiri wa nenosiri la VNC

Default nenosiri limehifadhiwa katika: ~/.vnc/passwd

Ikiwa una nenosiri la VNC na linaonekana limefichwa (baiti chache, kama vile linaweza kuwa nenosiri lililofichwa), huenda limeandikwa kwa 3des. Unaweza kupata nenosiri wazi kwa kutumia https://github.com/jeroennijhof/vncpwd

make
vncpwd <vnc password file>

You can do this because the password used inside 3des to encrypt the plain-text VNC passwords was reversed years ago. Kwa Windows unaweza pia kutumia chombo hiki: https://www.raymond.cc/blog/download/did/232/ Ninahifadhi chombo hapa pia kwa urahisi wa ufikiaji:

Shodan

port:5900 RFB