6 Ways to Hack VNC Login Password

In this article, we will learn how to gain control over our victim’s PC through 5900 Port use for VNC service. There are various ways to do it and let take time and learn all those because different circumstances call for different measure.

 Let’s starts!!

 xHydra 

This is the graphical version to apply dictionary attack via 5900 port to hack a system. For this method to work:

Enter xHydra in your kali Linux terminal. And select Single Target option and their give the IP of your victim PC. And select VNC in box against Protocol option and give the port number 5900 against the port option.

Now, go to Passwords tab and select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to Start tab and click on Start button on the left.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, vnc, http, https, smb, several databases, and much more

Now, we need to choose a wordlist. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

-P:  denotes path for password list

-s: denote destination port number

-t: Run TASKS number of connects in parallel

Once the commands are executed it will start applying the dictionary attack and so you will have the right password in no time. As you can observe that we had successfully grabbed the VNC password as 098765

Metasploit

This module will test a VNC server on a range of machines and report successful logins. Currently it supports RFB protocol version 3.3, 3.7, 3.8 and 4.001 using the VNC challenge response authentication method.

Awesome!! From given below image you can observe the same password: 098765 have been found by metasploit.

Patator

 Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. It is quite useful for making brute force attack on several ports such as VNC, HTTP, SMB and etc.

From given below image you can observe that the process of dictionary attack starts and thus, you will attain the password of your victim.

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, VNC, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few

Run the following command

Here

-u: denotes username

-P:  denotes path for password list

As you can observe that we had successfully grabbed the VNC password as 098765.

Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. 

Run the following command

 Here

-U: denotes path for username list

-P:  denotes path for password list

As you can observe that we had successfully grabbed the vnc password as 098765.

Author: Sanjeet Kumar is a Information Security Analyst | Pentester | Researcher  Contact Here

Leave a Reply

Your email address will not be published. Required fields are marked *