5 Simple Steps Bypass Real VNC Authentication

Type : Tutorial

Level : Easy

Victim O.S : Windows XP SP3

Victim Vulnerable Application : RealVNC 4.1.1

Attacker O.S : Backtrack 5 R1

When looking around the web, and look at 1337day.com website I see a new remote exploit there about Real VNC Authentication Bypass. Actually securityfocus.com already describe this vulnerability here.

What is VNC? According to RealVNC website on realvnc.com :

RealVNC provides remote administration control software which lets you see and interact with desktop applications across any network.

RealVNC was life safer for system administrator who didn't too familiar with telnet or SSH, because they can see the desktop in real time, or in short words it looks like you use Remode Desktop Connection that is how RealVNC works.

Requirement :

1. Metasploit framework

Step By Step 5 Simple Steps Bypass Real VNC Authentication:

1. Open your terminal and type msfconsole command to go to your metasploit console.

2. The next step you need to define the exploit you want to use, it was realvnc_41_bypass.

msf > use exploit/multi/vnc/realvnc_41_bypass

3. The main thing you should remember that in this type of attack we didn't need to set up the payload, because we're attacking and bypassing VNC login, so the payload it also should be bring the victim desktop into our computer 

Let's view the available switch by running show options command :

Information :

autovnc --> automatically launch the VNC viewer

lport --> our local VNC viewer port(port5900 was the default port)

rhost --> target machine(victim computer)

rport --> target port on victim machine(port 5900 was the default port)

4. Set our target by using RHOST switch

msf  auxiliary(realvnc_41_bypass) > set rhost 192.168.8.94
rhost => 192.168.8.94

5. Okay, everything was already set up so great until this step and for the final step was using the exploit command.

Together with that script generated, we also have the victim screen via our local VNC viewer

Yes we're in!