VNC (Virtual Network Computing) Pentesting
VNC is a graphical desktop sharing system that uses the Remote Frame Buffer protocol to remotely control another computer. Default ports are 5800, 5801, 5900, 5901.
Enumeration
nmap --script vnc-info -p 5900 <target-ip>
# RealVNC authentication bypass (CVE-2006-2369)
nmap --script realvnc-auth-bypass -p 5900 <target-ip>
msf> use auxiliary/scanner/vnc/vnc_none_auth
Brute Force Credentials
VNC server does not use the username, but only the password.
Connect
remmina
remmina -c vnc://<target-ip>
remmina -c vnc://username@vulnerable.com
remmina -c vnc:vulnerable.com?VncUsername=username
remmina -c vnc://username:password@vulnerable.com
remmina -c vnc://vulnerable.com?VncUsername=username\&VncPassword=password