Authentication
Testing credentials
VNC servers may support password authentication, though this is uncommon. Currently, NetExec does not support username auth and will omit any value provided to --username/-u.
nxc vnc <ip> -u '' -p <password>
Expected Results:
nxc vnc <TARGET> -u '' -p 'badpassword'nxc vnc <TARGET> -u '' -p 'badpassword'
VNC 192.168.56.22 5900 192.168.56.22 [*] RFB 3.8
VNC 192.168.56.22 5900 192.168.56.22 [+] badpassword
Unauthenticated access
When the VNC server doesn't require authentication, the following output can be expected.
nxc vnc <TARGET>nxc vnc <TARGET>
VNC 192.168.56.22 5900 192.168.56.22 [*] RFB 3.8 (No Auth:True)
Specify port
nxc vnc <TARGET> --port 5901nxc vnc <TARGET> --port 5901
VNC 192.168.56.22 5901 192.168.56.22 [*] RFB 3.8 (No Auth:True)
VNC sleep
Increase the VNC socket connection sleep interval to prevent rate limiting.
nxc vnc <ip> --vnc-sleep <seconds>