This is awesome because before that I had to use Immunity's VAAseline to do VNC bruteforcing. But now you can just use vnc_login.
So the scenario is you find yourself on the other end of a VNC server.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDuVI1LGkHXUGeVyeWo2BXFc7pDy5iWi_rEzKx9CGo_rJwAc4h1ix28QEx8nL1uPOpLOTssx1bZTJRcVmsE8TwaPMOv93GsMOskxnDFEa1g3Q1LnF2GZrXjeic12n7BRSYy4euV-3vS-U/s400/vnc-login1.png)
Its tedious to password guess like this
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikAcgFqG-4KAubeXWBeLsW3KHWYNdR2PyO2_FIJp9vnl99StrD0N3rKe9OJNsXEdr1lHpDeuAy972w91MsCwZuZwzpE4sA5gxHAFSrZ8gO6uIwO2U74Hg44Me-iLLQvhqft8xz13XHf6c/s400/vnc-login2.png)
Instead let's use the metasploit module
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuZYifiFn6wiiiBpM-CPsASEnmFV5BKsq1kdsCSX7NEMdT2kyXpz_PgpfR6jyxb2BSJqWiZXqPapRFMHVW3irwrQi_cSr5c8TclbWZVF6q4BloOGda-SKBFAHo0ueUw04f5OkZCAOHdQc/s400/vnc-login3.png)
and throw a dictionary attack against the VNC server
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAHdp-RsxX35qDCfUmd4djhe-JSo6AmO-qqxJ56NF5sxTbyQ0EsfOup9FIVWPKiJUyBtkcV6HHX88lE3a_yIlWosScrD7aHih3i2MKQrfHjaIPmMApoCQ5-fCySzHNxmaaarLGBkUV5Pw/s400/vnc-login4.png)
Looks like the VNC no auth module had been ported and stuck in there too :-)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyOE_sHLETBPV15iY0xxAV8nDFfD1vUEE88VZtXR6GbsDa2oZU3uC76m17KOjVaykW427Qup7-2rIjJlLqvEdz1-uLq-I8vUt3N70u9XQFh8fAW-ZJ7Sf0_T0cIGbtvbayKH6kheogFks/s400/vnc-login5.png)
-CG
No comments:
Post a Comment