How do Hackers for Hack a VPS server that works with VNC or RDP ? We unveil one of their techniques in our article! Despite all the methods that can exist for dedicated or virtualized server hacking, this one is the most used of all, especially by novices who want to grab things that don’t belong to them at all costs.
How to Hack a VPS or Dedicated server under VNC or RDP ?
Hacking a VPS (or Hack) a VPS under VNC or RDP is not an easy thing to do, today we will reveal a technique used by some “Hackers”, which allows them to take full control (hack a VPS or VNC) on the server.
This method also works on RDP (Remote Desktop of Windows), to hack Windows servers, sessions…
Before you start
This guide is for educational purposes only, never try to reproduce this “method”, unless you want big problems with the Justice of your country, it’s illegal, it’s called Theft !
We explain at the end of our educational guide, a way to avoid this kind of incident, nobody will be able to access, nor send a Ping request on your server, so you will be out of danger, against this dishonest method !
How do they hack a VPS server then ?
Before you start reading please read what a VPS (Virtual Private Server) is : What is a VPS Server ?
To summarize the method very briefly, the person who wants to steal VPS servers that are accessible by, VNC (Virtual Network Computing – software that allows to remotely administer its servers), will scan with a tool, a row of IP addresses with port 3389 (connection port of VNC).
Once the servers are found and corresponding to the use of VNC, an attack by Bruteforce is, then practiced, like most of the people who use very simple passwords, so it’s very simple for these thieves !
Once the correct password is found, the server is in the hands of the thief and he can execute all the commands and do what he wants with the server !
The method for hacking a VPS under VNC or RDP
First of all the pirate equips himself with utility software, these are the following :
The utility that will allow to scan IP address ranges in order to find VNC servers, KPortScan 3.0 and the last utility that will allow to use the Brute-force method on the vulnerable DuBrute v.2.2 machine, we put these utilities at your disposal since they are hardly found on the internet, so you will be able to run security tests on your servers and machines.
Once these utilities are in his possession, the hacker will first find a row of IP addresses that corresponds to the desired country, thanks to this site : CountryIPBlocks
It will choose the desired country by selecting the IP Range option.
Once this is done, the blocks of IP addresses appear, so he will select the block that corresponds to him.
After that, it starts the utility that allows to scan IP addresses by clicking on Load ranges to add its block(s) of IP address(es)
It selects the number of Threads (queries) with the VNC port (3389) and launches the Scan
Once finished, he just needs to save his findings using the same utility in a text file, which he will re-import into Dubrute.
And finally he configures the Brute-Force attack, by selecting the number of threads
Once he has clicked “OK”, the attack will be launched on the targeted machines, if the hacker is gifted, he will launch the attacks on a VPS server he owns (or not).
He will also use for example a file gathering possible passwords like a Text File containing the most used passwords (a dictionnary file).
How to protect yourself against Server Hack ?
Simply by using an iptables variable.
This Linux kernel firewall will protect you by using this variable, it will only allow your IP address to connect or send a PING request to your server :
sudo iptables -I INPUT -p tcp -s IPADDRESSOFYOURSERVER --dport 5901 -j ACCEPT
sudo iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 5901 -j DROP
This guide is finished, share it and support us, so we can continue to share !
Thank you very much for reading it and respect the laws of your country.