Hi Hacker's again welcome back my new blog post, in this post we will learn How Hacker Use NoVNC in Phishing Technique. which is help to bypass two factor authentication. so let's see how we can complete this thing, and how hackers login to your account using NoVNC.
What is NoVNC
NoVNC (Network Virtual Terminal Protocol over VNC) is a web-based implementation of the VNC (Virtual Network Computing) protocol. VNC is a graphical desktop-sharing system that allows you to remotely control another computer's desktop environment. It was originally developed by the RealVNC team in the late 1990s.
With VNC, a "server" component runs on the remote machine, and a "viewer" component runs on the local machine. The server captures the screen display and transmits it to the viewer over the network. The viewer, in turn, sends input from the local user back to the server, allowing remote control of the remote machine.
NoVNC takes this concept a step further by providing a web-based viewer for VNC. It allows users to access VNC sessions directly through a web browser without requiring the installation of any additional software on the local machine. This is especially useful in situations where installing a dedicated VNC client is not feasible or allowed.
The NoVNC viewer is written in JavaScript, and it uses HTML5 canvas and WebSockets to create a functional VNC client that can be embedded in a web page. As a result, you can connect to a VNC server from anywhere with an internet connection and a web browser.
NoVNC supports various authentication methods, making it secure for accessing remote desktops over the internet. It has become a popular choice for web-based VNC solutions and is often used in virtualization environments and web hosting platforms where remote server access is needed.
#Disclaimer
The content has been made available for informational and educational
purposes only. All practices demos are performed on my own devices or
networks, Linuxndroid are not responsible for any type of action.
Step.1: Use NoVNC For Phishing Technique
ok so use NoVNC we will need a Cloud VPS, because we will start the VNC server here and access in out-of-network here so I will need a Cloud VPS machine,
Note: You can use AWS, Digital Ocean, or any free server for this Purpose.
so here I am using Kali Linux 2023 VPS, inside which we are going to start and setup NoVNC. the first thing you have to install chromium browser in your Kali.
Step.2: Hide Phishing page inside NoVNC.
after chromium browser is installed. now you have to download NoVNC from Github, pay attention, this is NoVNC Official page, which cab be copied and pasted on your terminal.
Step.3: Bypass Social Media 2FA using NoVNC
ok now you have to start novnc server. with below command , as you type, ther novnc server will start the port 5901. also it will start its server on port 80, which you will be able to access on the browser.
Step.4: Access Computer Screen using Browser
After starting the NoVNC server, you have to open a new terminal. now in this terminal you have to type a command , what will happen is that a website will open on top of your browse. this website can be any. Gmail.com facebook or whatever you want.
Step.5: No Phishing URL is block
now your computer or VPS can be accessed by any browser. With the help of this url, you can open it the browser, after which what result comes in front of us, we have gmail.com open in front of us which we also typed on the terminal session.
Now if anyone login inside this opened window, then all this login is being login on your VPS machine where you have stared this server and in a way this is the whole original website. this is not a phishing website. but it is being accessed like NoVNC, so all your credentials are being saved on the Hacker's VPS. you are typing here on this browser, there is a complete operating system behind this browser.
Original idea by @mrd0x: https://mrd0x.com/bypass-2fa-using-novnc
Conclusion
This post conclusion is How hacker can be create a Phishing environment using NoVNC. and how can a whole Phishing page be hosted behind a NoVNC server. it is not a bug deal to bypass 2FA in social media Accounts, so I hope You like this post and Enjoy it, and I will See you in the next post Thanks keep Learning :)
0 Comments
Please do not enter any spam link in the comment box.