Metasploit and VNC Password Bruteforcing (by carnal0wnage via

You probably missed it but jduck recently snuck in a VNC mixin and vnc_login module to the trunk.

This is awesome because before that I had to use Immunity’s VAAseline to do VNC bruteforcing. But now you can just use vnc_login.

So the scenario is you find yourself on the other end of a VNC server.

Its tedious to password guess like this

Instead let’s use the metasploit module

and throw a dictionary attack against the VNC server

Looks like the VNC no auth module had been ported and stuck in there too 🙂


Original article:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s