Penetration Testing mailing list archives
Re: [PEN-TEST] Decrypting VNC passwords - Tool required
From: Domenico De Vitto <dom () DEVITTO DEMON CO UK>
Date: Sun, 27 Aug 2000 22:52:55 +0100
There is an easier was if you can get to the wire... and the ego in me says I discovered it (for the record). VNC generates challenges based on a seed taken from 'time()'. That means two connections with the same second get the same challenge. If you can man-in-the-middle, you wait for the challenge, steal the reply, spoof a RST and try logging in with the same reply. Of course that sorta hinges on someone logging on in les than a second, (maybe, I've not checked the client code for when it prompts). So the rule is...."ssh tunnel" over insecure networks (read: always) Dom -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Aviram Jenik Sent: 25 August 2000 14:35 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Decrypting VNC passwords - Tool required Hi Erica. There's a patch to the VNC client that can be used to brute-force the server's password. See: http://www.securiteam.com/tools/Brute_forcing_VNC_passwords.html Regarding securing VNC, see: http://www.securiteam.com/unixfocus/Securing_VNC_for_the_Internet_environmen t.html (NOTE: URLs might be wrapped) Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com http://www.AutomatedScanning.com ----- Original Message ----- From: "erica bernt" <erica_bbb () YAHOO COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Monday, August 21, 2000 1:36 PM Subject: Decrypting VNC passwords - Tool required
Hi Everyone, I was doing an audit of some systems and managed to penetrate into the NT domain. I see that VNC is installed and so I picked up the DES encrypted password from the registry. As per :
http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_weak_password_pro tection_mechanism.html
My specific questions to you is what tool would you recommend to decrypt this password ? and are there any other ways to attack VNC ? On a more general level, what are the most formidable remote management tools that are out there that you have most difficulty to detect and penetrate ? regards Erica __________________________________________________ Do You Yahoo!? Yahoo! Mail Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- [PEN-TEST] Decrypting VNC passwords - Tool required erica bernt (Aug 21)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aj Effin ReznoR (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Max Vision (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required David Jacoby (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required H D Moore (Aug 24)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aviram Jenik (Aug 26)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Domenico De Vitto (Aug 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Batten, Gerald (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 23)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Hyde, Mark (GEO) (Aug 24)