Type : Tutorial
Level : Easy
Victim O.S : Windows XP SP3
Victim Vulnerable Application : RealVNC 4.1.1
Attacker O.S : Backtrack 5 R1
When looking around the web, and look at 1337day.com website I see a new remote exploit there about Real VNC Authentication Bypass. Actually securityfocus.com already describe this vulnerability here.
What is VNC? According to RealVNC website on realvnc.com :
RealVNC provides remote administration control software which lets you see and interact with desktop applications across any network.
RealVNC was life safer for system administrator who didn't too familiar with telnet or SSH, because they can see the desktop in real time, or in short words it looks like you use Remode Desktop Connection that is how RealVNC works.
1. Open your terminal and type msfconsole command to go to your metasploit console.
2. The next step you need to define the exploit you want to use, it was realvnc_41_bypass.
msf > use exploit/multi/vnc/realvnc_41_bypass
3. The main thing you should remember that in this type of attack we didn't need to set up the payload, because we're attacking and bypassing VNC login, so the payload it also should be bring the victim desktop into our computer
Let's view the available switch by running show options command :
Information :autovnc --> automatically launch the VNC viewer lport --> our local VNC viewer port(port5900 was the default port) rhost --> target machine(victim computer) rport --> target port on victim machine(port 5900 was the default port)
4. Set our target by using RHOST switchmsf auxiliary(realvnc_41_bypass) > set rhost 192.168.8.94 rhost => 192.168.8.94
5. Okay, everything was already set up so great until this step and for the final step was using the exploit command.
Together with that script generated, we also have the victim screen via our local VNC viewer
Yes we're in!
1. Update your VNC into the newer version, as you can see on securityfocus.com links above the newest version was not vulnerable.
Hope you enjoyed it