Wubi Posted November 1, 2012 Report Posted November 1, 2012 Often in infrastructure penetration tests especially in large organizations you might come across with the VNC service.The main use of this service is because systems administrators want to remotely control other systems or for technical support issues in the users desktops.So when a penetration tester discovers a VNC server running on port 5900 then it is a good practice to check if he could gain access to the system from that service by checking for weak passwords.In this tutorial we will see how we can attack a VNC server. So lets say that we have discover a VNC service running on port 5900 through our nmap scan. [VNC Service Discovery] Now we can use the metasploit framework in order to attack this service.The module that we will need is the vnc_login.Unfortunately metasploit doesn’t provide a big word-list for this module so we might want to use an alternative word-list in order our attack to have more efficiency.So we are configuring the module and we are executing it with the run command. [VNC Authentication Scanner] As we can see from the image above the vnc scanner has managed to authenticate with the password admin.So now we can use the VNC viewer in order to authenticate with the remote host and to start the post exploitation activities. Conclusion VNC is a service that it can be seen quite often in networks.As we saw the metasploit module is simple and effective and it can be used for testing this service.Metasploit offers of course and other modules that can exploit VNC vulnerabilities but in order to use these modules it is advisable first to be in contact with the client that the penetration test is performed.Sursa Penetration Testing Lab Quote