Black Hat Ransom | Lesson Five | Exploit VNC | Offensive Security

Avoiding Big Brother

hacking kill chain metasploit metasploitable nmap offensive security ransomware vnc vulnerability

description

This attack simulation was created in a safe environment for educational purposes. No real target is attacked. A vulnerable machine was created using Metasploitable.

There are ransomware gangs that target VNC. VNC is an alternative remote access protocol to RDP for non-Windows devices. Exploiting VNC for ransomware attacks is less common than RDP but it does happen. I thought I would use the Metasploitable vulnerability for VNC to demonstrate an attack.

The vulnerability isn't technical in the sense that there is a problem with an application or service. Like in my previous video on exploiting RDP servers, the vulnerability is weak credentials used for logging in.

To demonstrate the attack, I use Nmap to search for port 5900 and whether VNC is running on it. I then use an auxiliary scanner in Metasploit to brute-force the VNC server.

To watch my videos on an alternative platform you can visit the Odysee channel: https://odysee.com/@AvoidingBigBrother:8 This channel will include videos too risky for YouTube because of content moderation.

I have dropped the pitch of my voice for the videos and use the alias of Brian Bladen for privacy reasons. I am also paranoid of being hacked!

FREE TRAINING on our website at https://avoidbigbro.com/lp-courses/ and for blog posts https://avoidbigbro.com/news/

Join the Discord: https://avoidbigbro.com/the-discord-server/

My recommended products (so far) that I use as a lone wolf operator:

Malwarebytes Premium - Antimalware software suitable for personal use and not an option for business users. Affiliate link included - feel free to go to Malwarebytes in your browser if you don't want to include my link https://prf.hn/l/5NL4PJj

CyberGhost - I had no problems with this VPN and highly recommend. They are based in Romania where the laws on privacy are not so strict. Not truly anonymous but good for privacy. https://www.cyberghostvpn.com/en_US/

KeePass - Excellent offline password manager that I recommend rather than using a cloud service. https://keepass.info/

You can check out my ebooks at https://avoidbigbro.com/resources/

Available titles 'Covert Techniques' a guide about privacy and how to avoid surveillance. 'The Bear Roars' my research on Russian state-sponsored APT groups. Author Brian Bladen ... https://www.youtube.com/watch?v=0E-vUyGf_0A

created

2023-12-18

staked

0.18570187 LBC

license

Copyrighted (contact publisher)

File size

13529354 Bytes