当前位置:网站首页>6-24 exploit-vnc password cracking
6-24 exploit-vnc password cracking
2022-08-02 01:37:00 【Mountain Rabbit 1】
Introduction to VNC
VNC (Virtual Network Console) is the abbreviation of Virtual Network Console.It is an excellent remote control tool software developed by the famous AT&T European research laboratory.It is mainly used for visual control, similar to the remote desktop. The ssh and rlogin we have contacted before are the control terminals of the command line, but VNC is a little different from the remote desktop. The remote desktop is open to 3389, while the VNC server is open.By default it runs on port 5900
nmap 192.168.1.105
Port 5900 is usually open to the VNC server
Detect target VNC
Use nmap -sV -p 5900 IP address to probe the target VNC version information.
nmap -sV -p 5900 192.168.1.105
msf crack VNC password
See if there is a weak password to log in. After logging in, we can visually operate our system through the channel connecting the VNC client to the server
The vnc_login module can be used to crack the VNC server authentication username and password under msf
msfconsoleuse auxiliary/scanner/vnc/vnc_loginshow options
set rhosts 192.168.42.137run
Crack result: username is empty, password is password
vnc client login
Under windows, install the vnc viewer client software to connect to the VNC server. There is also a corresponding version under linux. You can download the vnc viewer on the Internet
After we log in with VNC, we are a user with root privileges, and we can perform arbitrary operations here
If VNC is so simple to be cracked, VNC will be used by more people, making it simple to execute commands, perform visual operations, and operate on our server, which is very dangerous and has security risksYes, in order to prevent this from happening, we can set the password verification corresponding to VNC. Its password is very complicated. At this time, we cannot crack it and monitor it in real time
Limit the number of logins and the threshold to make VNC more secure. At the same time, you can also set up a firewall to prevent other IPs from logging in. VNC can only log in with a fixed IP, which ensures VNC to a large extent.Service security, and server security
边栏推荐
- 【ORB_SLAM2】void Frame::ComputeImageBounds(const cv::Mat &imLeft)
- kubernetes之服务发现
- flask获取post请求参数
- C语言实验十 函数(二)
- 信息收集之目录扫描-dirbuster
- Navicat data shows incomplete resolution
- Flex layout in detail
- For effective automated testing, these software testing tools must be collected!!!
- Day11 Shell scripting basics
- ECMAScript 2022 正式发布,有你了解过的吗?
猜你喜欢
制造企业数字化转型现状分析
typescript37-class的构造函数实例方法继承(extends)
Can't connect to MySQL server on 'localhost3306' (10061) Simple and clear solution
安全(2)
Two ways to pass feign exceptions: fallbackfactory and global processing Get server-side custom exceptions
flex布局中使用flex-wrap实现换行
dbeaver连接MySQL数据库及错误Connection refusedconnect处理
传统企业数字化转型需要经过几个阶段?
理解分布式系统中的缓存架构(下)
华为5年女测试工程师离职:多么痛的领悟...
随机推荐
Can't connect to MySQL server on 'localhost3306' (10061) Simple and clear solution
创新项目实战之智能跟随机器人原理与代码实现
HSDC和独立生成树相关
Can‘t connect to MySQL server on ‘localhost3306‘ (10061) 简洁明了的解决方法
C语言实验六 一维数组程序设计
Flask gets post request parameters
ELK日志分析系统
Moonbeam与Project Galaxy集成,为社区带来全新的用户体验
喜报 | AR 开启纺织产业新模式,ALVA Systems 再获殊荣!
Redis和MySQL数据一致性问题,有没有好的解决方案?
有效进行自动化测试,这几个软件测试工具一定要收藏好!!!
Reflex WMS中阶系列7:已经完成拣货尚未Load的HD如果要取消拣货,该如何处理?
ECMAScript 2022 正式发布,有你了解过的吗?
PHP直播源码实现简单弹幕效果的相关代码
C语言实验十 函数(二)
For effective automated testing, these software testing tools must be collected!!!
bool Frame::PosInGrid(const cv::KeyPoint &kp, int &posX, int &posY)
关于MySQL的数据插入(高级用法)
Docker安装canal、mysql进行简单测试与实现redis和mysql缓存一致性
管理基础知识18