Part 2 - VNC Scanner

Video Activity

Another vulnerability that can potentially be exploited is an unsecured VNC service. This vulnerability is particularly nasty since VNC essentially provides remote control of a host. In this video, Dean demonstrates the Metasploit VNC exploit scanner.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Description

Another vulnerability that can potentially be exploited is an unsecured VNC service. This vulnerability is particularly nasty since VNC essentially provides remote control of a host. In this video, Dean demonstrates the Metasploit VNC exploit scanner.

Video Transcription
00:04
if you remember from our service is
00:12
we should weigh should recall that we had DNC running here. So there it is.
00:19
Any credentials which I've captured again will be shown here these air from the post crushed shell that I re established earlier.
00:26
So as I was saying it will it will put these in the database as they are captured shows where they came from,
00:32
which service that was running.
00:34
And because I did the hash dump with post dress. I also grabbed that.
00:39
We see that it's an MD five hash.
00:44
So for V N. C.
00:46
We have a scanner for this.
00:49
So let me do a search
00:54
for being see you see how many things we get? Quite a few,
00:59
huh?
01:00
Let me do a search force
01:04
scanner, BNC, see if that works. There we go.
01:10
All right, So notice that I can I don't need double quotes. I can just use a slash because I know it's a scanner that I want. And I remember that there's one for BNC, so that gives me a nice little short. Got to be able to do in that format,
01:23
s so we're gonna first try
01:26
a nun detection
01:27
scan,
01:29
which
01:30
looks for avian C configuration that has a
01:34
a, uh,
01:37
blank password,
01:38
hasn't had the password set.
01:41
That would be a huge
01:42
benefit for the Manchester
01:45
V. NC Connection is much like a remote desktop connection.
01:51
So
01:53
let's go ahead on. Specify this.
01:56
Look at her options.
01:57
Our host is already sat remote. Port looks correct,
02:02
and
02:05
let's go ahead and run the exploit.
02:10
So it found protocol. Version three Come on, four
02:16
on DDE.
02:19
It looks like it did not find a bowling password, but it might have, so that was worth worth checking again. We're going for the list of service is
02:27
trying methodically to identify areas where we think
02:30
we might be able to gain access to a system.
02:34
We've already shown a couple ways to get into this system, but we want to try some various options in order to fully explore are available
02:45
packs, points
Up Next