Happy Sunday, folks!
In today’s post, I’ll be exploiting VNC in my Metasploitable box to achieve root access. It’s another easy exploit, so it’s a good one to get the brain juices flowing for the day.
VNC (Virtual Network Computing) enables a users to control another computer over a network connection. So in other words, it’s a remote-control software. Looking at our previous Nmap scan, we can see that Metasploitable has a VNC server running.
VNC is running on port 5900. Cool, let’s get to work!
We’ll fire up Metasploit first and see if we can find any exploits. Once the framework has opened, a simple search for VNC should return results.
Hmm. The module auxiliary/scanner/vnc/vnc_login looks promising. Let’s give it the old college try and boot it up.
A show options command returns quite a bit of options we can set. For now, let’s just set the RHOSTS option, which is 10.10.1.10, and the USERNAME option, which will be root. We don’t need to set a PASS_FILE for this exploit, as one is selected by default. Once the options are set to our liking, we can run the exploit by typing: exploit.
Success! The exploit has returned a password, which is in fact: password. Time to see if we can login to the VNC server with these credentials.
As we can see, the credentials worked! We can make sure we have root access by a simple ‘whoami’ command. Done! Nice and easy exploit to start our Sunday!
Thanks for reading!