Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

Another vulnerability that can potentially be exploited is an unsecured VNC service. This vulnerability is particularly nasty since VNC essentially provides remote control of a host. In this video, Dean demonstrates the Metasploit VNC exploit scanner.

Video Transcription

00:04
if you remember from our service is
00:12
we should weigh should recall that we had DNC running here. So there it is.
00:19
Any credentials which I've captured again will be shown here these air from the post crushed shell that I re established earlier.
00:26
So as I was saying it will it will put these in the database as they are captured shows where they came from,
00:32
which service that was running.
00:34
And because I did the hash dump with post dress. I also grabbed that.
00:39
We see that it's an MD five hash.
00:44
So for V N. C.
00:46
We have a scanner for this.
00:49
So let me do a search
00:54
for being see you see how many things we get? Quite a few,
00:59
huh?
01:00
Let me do a search force
01:04
scanner, BNC, see if that works. There we go.
01:10
All right, So notice that I can I don't need double quotes. I can just use a slash because I know it's a scanner that I want. And I remember that there's one for BNC, so that gives me a nice little short. Got to be able to do in that format,
01:23
s so we're gonna first try
01:26
a nun detection
01:27
scan,
01:29
which
01:30
looks for avian C configuration that has a
01:34
a, uh,
01:37
blank password,
01:38
hasn't had the password set.
01:41
That would be a huge
01:42
benefit for the Manchester
01:45
V. NC Connection is much like a remote desktop connection.
01:51
So
01:53
let's go ahead on. Specify this.
01:56
Look at her options.
01:57
Our host is already sat remote. Port looks correct,
02:02
and
02:05
let's go ahead and run the exploit.
02:10
So it found protocol. Version three Come on, four
02:16
on DDE.
02:19
It looks like it did not find a bowling password, but it might have, so that was worth worth checking again. We're going for the list of service is
02:27
trying methodically to identify areas where we think
02:30
we might be able to gain access to a system.
02:34
We've already shown a couple ways to get into this system, but we want to try some various options in order to fully explore are available
02:45
packs, points

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor