Penetration Testing

VNC tunneling over SSH

In the previous article we had performed VNC penetration testing and today you will VNC tunneling to connect the remote machine with VNC server when they both belong different network interface.

Basically, tunneling is a process which allows data sharing or communication between two different networks privately. Tunneling is normally performed through encapsulating the private network data and protocol information inside the public network broadcast units so that the private network protocol information visible to the public network as data. 

Let’s Begin!!

Requirement:

Server machine(Ubuntu):  Two network interface with activated SSH service

Local machine (Ubuntu): activated VNC service

Remote machine(window):  with install tight VNC viewer

In the following image, we are trying to explain the VNC tunneling process where a remote PC of IP 192.168.1.225 is trying to connect to 10.0.0.20 which is on INTRANET of another network. To establish a connection with the local machine, remote PC will create VNC tunnel which will connect with the local system via SSH server machine.

Given the image below is describing the network configuration for server machine (SSH) where it is showing two IP 192.168.1.226 and another 10.0.0.10 as explain above.

Another image given below is describing network configuration for a local machine which is showing IP 10.0.0.20

Checking activated VNC service using the following command:

 netstat -tlp

Hence from the given image, you can see the highlighted text is showing 5900 is enabled in the local machine.

Open the terminal and type using the following command to connecting to VNC machine (IP: 10.0.0.20) through server machine (IP: 10.0.0.10).

vncviewer 10.0.0.20

Great!! Local machine successfully connected

Similarly Using tight vnc viewer remote machine (192.168.1.225) now trying to connect local machine (IP: 10.0.0.10) as shown in the given image

Since they belong to the different network, therefore, he receives network error.

Follow given below step to connect remote machine to the local machine via ssh server.

  • Open TightVNC connection and enter the local machine IP: 0.0.20 with port 5900.
  • Enable SSH tunneling
  • Now enter ssh server IP: 168.1.226 with port 22 and ssh server username: ubuntu.

Congrats!!! The remote machine had successfully connected with the local machine through VNC.

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here