--- title: "5900 - Vnc" weight: 5900 date: "2026-03-09T09:23:30+08:00" lastmod: "2026-03-10T13:26:55+08:00" --- 💡 **学习提示**: 本文档介绍 **Vnc** 的渗透测试方法,适合信息安全初学者和从业人员参考。 ⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。 --- > ⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。 ## 5800,5801,5900,5901 - 渗透测试 VNC ### 基本信息 **Virtual 网络 Computing (VNC)** is a robust graphical desktop-sharing system that utilizes the **Remote Frame Buffer (RFB)** protocol to enable remote control and collaboration with another computer. With VNC, users can seamlessly interact with a remote computer by transmitting keyboard and mouse events bidirectionally. This allows for real-time access and facilitates efficient remote assistance or collaboration over a network. VNC usually uses ports **5800 or 5801 or 5900 or 5901.** ``` PORT STATE SERVICE 5900/tcp open vnc ``` ### 信息收集 ```bash nmap -sV --script vnc-info,realvnc-auth-bypass,vnc-title -p msf> use auxiliary/scanner/vnc/vnc_none_auth ``` #### [**Brute force**](../generic-hacking/brute-force.md#vnc) ### Connect to vnc using Kali ```bash vncviewer [-passwd passwd.txt] ::5901 ``` ### Decrypting VNC password 默认 **password is stored** in: \~/.vnc/passwd If you have the VNC password and it looks encrypted (a few bytes, like if it could be an encrypted password), it is probably ciphered with 3des. You can get the clear text password using [https://github.com/jeroennijhof/vncpwd](https://github.com/jeroennijhof/vncpwd) ```bash make vncpwd ``` You can do this because the password used inside 3des to encrypt the plain-text VNC passwords was reversed years ago.\ For **Windows** you can also use this tool: [https://www.raymond.cc/blog/download/did/232/](https://www.raymond.cc/blog/download/did/232/)\ I save the tool here also for ease of access: vncpwd.zip ### Shodan - `port:5900 RFB` --- --- --- ### 搜索引擎语法 #### FOFA ```bash # FOFA 搜索语法 port="5900" ``` #### Shodan ```bash # Shodan 搜索语法 port:5900 ``` #### ZoomEye ```bash # ZoomEye 搜索语法 port:5900 ``` --- ## 📖 参考资料 - [HackTricks - 5900-vnc](https://book.hacktricks.wiki/en/network-services-pentesting/5900-vnc.html)