Often in infrastructure penetration tests,you might come across with the VNC service.The main use of this service is because systems administrators want to control remotely other systems or for technical support issues.So when a penetration tester discovers a VNC server running on port 5900 then it is a good practice to check if he could gain access to the system from that service by testing it for weak passwords.In this tutorial we will see how we can attack a VNC server.

So lets say that we have discover a VNC service running on port 5900 through our nmap scan.

VNC Service Discovery

 

Now we can use the metasploit framework in order to attack this service.The module that we will need is the vnc_login.Unfortunately metasploit doesn’t provide a big word-list for this module so we might want to use an alternative word-list in order our attack to have more efficiency.We are configuring the module and we are executing it with the run command.

VNC Authentication Scanner

 

As we can see from the image above the vnc scanner has managed to authenticate with the password admin.Now we can use the VNC viewer in order to authenticate with the remote host and to start the post exploitation activities.

Conclusion

VNC is a service that it can be discovered quite often in networks.As we saw the metasploit module is simple and effective and it can be used for testing this service.Metasploit provides of course and other modules that can exploit VNC vulnerabilities but in order to use these modules it is advisable first to be in contact with your client.