Day 70: Hijacking VNC (Enum, Brute, Access and Crack)
Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction. It uses port 5900: VNC and 5901: VNC-1.
Here are simple ways to find the service, brute the service, access the service and finally crack any VNC passwords you come across.
Get Banner Info
nmap -p 5901 --script vnc-info $IP
Brute Force with Metasploit
VNC through the SSH Tunnel, passing an encrypted VNC Password
vncviewer -passwd secret $IP:6901
Decrypting VNC Passwords
vncpwd <vnc password file>