Greetings in this short video presentation, we're going to see how we go about using Medusa a password cracking utility to perform a VNC brute force attack on a remote target that is running the VNC as a service. The Medusa password cracking utility is a speedy, massively parallel, modular login brute force or for networking services. For this video demonstration, I'll be using Kali as my attack platform. And I have a target of meta splittable. To that I will be exploring with the Medusa. So the first thing I've done is I've gone over to my mess portable to I've done an IF config, and I have confirmed that I know the address of this meta splittable install.

They're both on the same network. And to confirm this, I can go back over to my Cali and I will ping the known address for my misquoted book to go ahead and hit Ctrl C. Break that sequence. So I know that these two machines can now see each other. If you are unsure what services are actually running on a supportable use end map from your Cali machine, you just type in and mat space dash s, capital letter V, followed by the IP address of the target. In this case, my IP address is 192 dot 168 dot 145 dot 128. And now if I hit Enter in just a moment, and Matt's going to come back and tell me exactly what services are running on my target machine of mess portable to the end maps service scan has completed successfully and I see that I do have an install of VNC running protocol version three dot three running on port 5900.

Medusa comes pre installed on my Kali so I had nothing to do as far as downloading or installing the package. We're now ready to launch Medusa and attack or go after my mess portable to machine and exploit them This VNC service that is currently running. So I've typed in Medusa space dash H followed by the IP address of the target, then I give it a space dash you and this is for the user wordless that I want to provide. So I'm providing Medusa with a word list. And I'll also provide Medusa with a password list that is going to use and we're telling it that the module, we want to use the dash M. What module I want to assign for this particular exploit is the VNC module. Now, once everything is configured correctly, I'm just going to go ahead and hit Enter.

And just a moment, it's going to come back and it's going to start going through a list of 1009 usernames and trying to figure out the passwords. Now you'll see that the results pull up here that there are some successes. Once you have a number of successes, you can go ahead and break the sequence by just typing Ctrl C, I stopped the sequence at about 64. So as I scan through the results of my scan for this VNC vulnerability and looking at the passwords that are seen successfully Peterman, I can see that the number one password is actually password by itself. So, we're going to use that password to allow us to have access remotely using a version of VNC that comes pre installed on my Kali machine. So I'm going to go ahead and hit Ctrl C, break the sequence.

If you need to restart the scan, you can look at the bottom where we broke the sequence and it tells you exactly how to restart your scan. And, again, start looking for those usernames and passwords. I'm going to go ahead and type in clear at the prop screens up my terminal and gives me a clean screen. Now we're going to attempt to connect using a version of VNC See that comes pre installed on my Cali machine. So I'll continue on here with this password cracking of the VNC service that is running on my men exploitable to I'm going to use the x type VNC viewer. So I've typed in x type vn c viewer, and I follow that up with the password of the target machine.

That's all you got to do. I'm not going to go ahead and hit Enter. And just a moment, it's going to pop up and ask you for the password. Now we know that the password that is most commonly found with Medusa on this particular exploit was password. So I'm just going to type in password. I'm going to hit Enter, and you see that I now have remote access using VNC over two minutes portable to using that password that we cracked off of the VNC service that was running.

This access provided me with total root control or administrator access of the target machine and I can type In command and take over my medicine portable to machine. And I can type in such as you name space dash a to get the version information all about what's running on that particular target. I can also type in LS to see what's available at the root directory. And I can just keep on typing in commands. And I won't have any problem because I do have full root access. In this short video presentation we got to see how I use Medusa and one of its modules the VNC module to crack using brute force a username and password that is used to have access to the machine remotely using VNC.

If you have any questions or concerns about this video, please don't hesitate to reach out and contact your instructor and I'll see you in my next video.