This module will scan the range of IP addresses for the Virtual Network Computing (VNC) servers that are accessible without any authentication details:
msf> use auxiliary/scanner/vnc/vnc_none_auth msf auxiliary(vnc_none_auth) > show options msf auxiliary(vnc_none_auth) > set RHOSTS 10.4.124.0/24 RHOSTS => 10.4.124.0/24 msf auxiliary(vnc_none_auth) > run [*] 10.4.124.22:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.23:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.25:5900, VNC server protocol version : "RFB 004.000", not supported! [*] Scanned 026 of 256 hosts (010% complete) [*] 10.4.124.26:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.27:5900, VNC server security types supported : None, free access! [*] 10.4.124.28:5900, VNC server security types supported : None, free access! [*] 10.4.124.29:5900, VNC server protocol version : "RFB 004.000", not supported! ... [*] 10.4.124.224:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.225:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.227:5900, VNC server security types supported : None, free access! [*] 10.4.124.228:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.229:5900, VNC server protocol version : "RFB 004.000", not supported! [*] Scanned 231 of 256 hosts (090% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed
Note that we have found a couple of VNC servers that are accessible without authentication. This attack vector can become a serious threat for system administrators and can trivially invite unwanted guests to your VNC server from the internet if no authorization controls are enabled.