Results 1 to 3 of 3

Thread: HowTo: Tunnel your VNC session over SSH

Threaded View

  1. #1
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Midwest, USA

    Default HowTo: Tunnel your VNC session over SSH

    VNC sends credentials in clear text over the wire much like FTP, or telnet, and some other basic protocols. We can create a secure shell tunnel to bind a local port to a remote port. In this case we will be binding
    5901 locally with 5901 on our remote host. The VNC port number will change based on the screen so to speak, so it is possible to run more than one vnc session/screen, just use the corresponding port. To start another VNC server, just repeat the vncserver command.

    Server side setup:

    You'll need sshd and vnc started.
    Create a password if you haven't already as ssh will not work without one. This should only apply to the LiveDVD.
    root@bt:~# passwd
    I like to add ssh into the startup as I am running a hard drive install.
    root@bt:~# update-rc.d ssh defaults
    generate your keys if you have not already, then start your ssh daemon
    root@bt:~# sshd-generate
    root@bt:~# /etc/init.d/ssh start
    set your vnc password and start your VNC server.
    root@bt:~# vncpasswd
    root@bt:~# vncserver

    Viewer side steps:

    Next, on the machine you will be viewing with, create a tunnel from your localhost port to remote host port and VNC in through the tunnel, The tunnel protects your credentials and session.
    root@bt:~# ssh -L 5901: user@remote.hostname.or.ip.address
    FYI the command with OpenSSH for windows is the same if you are wanting to view from a windows machine.

    Now that you've got your tunnel created you will need to connect to VNC locally through said tunnel.
    To VNC into your backtrack machine locally I like to use;(laptop in scenario below. Could even be a windows machine)
    Then start whatever you need.

    Now here is where this might be useful.
    Say for instance you have a backtrack laptop and a very powerful backtrack/server desktop running back in the office capable of using CUDA/pyrit, something that will take awhile. You've collected a WPA 4-way handshake for your current given pentest with your laptop. You create your ssh tunnel, you upload the handshake, start your VNC server on your CUDA/pyrit server, VNC in, start your pyrit crack in the 5901 VNC session on your cracking server, and go get some lunch. You can power down your laptop if you like, eat your sushi, power back on, tunnel up again, then go back to your VNC session to check your progess as everything in the VNC session on the cracking server will continue to run unless you stop said process or you killed your VNC server for that particular screen. Even if you have closed your SSH tunnel! A nice advantage of this is for over the internet connections is you would only need to forward your SSH port and not VNC.

    EDIT: I've recorded a short video of establishing the connection once everything is set up. This is to demonstrate that your processes continue to run, and also to help fully illustrate what we are doing here to people struggling with the concept.
    VNC through SSH tunnel Video
    Pay attention to which hostnames certain commands are run on
    Last edited by iproute; 11-22-2010 at 09:52 PM.

Similar Threads

  1. Replies: 1
    Last Post: 04-19-2009, 03:41 AM
  2. Tunnel VPN over 443 and evading IDS
    By theberries in forum OLD Programming
    Replies: 19
    Last Post: 01-27-2009, 11:05 AM
  3. kismete_drone over SSH tunnel
    By imported_cybrsnpr in forum OLD Wireless
    Replies: 11
    Last Post: 12-15-2008, 08:10 PM
  4. Tunnel Device in Backtrack 3
    By PureEvil in forum OLD Newbie Area
    Replies: 3
    Last Post: 02-09-2008, 02:07 AM
  5. ethercap question about gre tunnel
    By linuxbeast in forum OLD BackTrack v2.0 Final
    Replies: 1
    Last Post: 11-07-2007, 07:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts