Penetration Testing mailing list archives

Re: [PEN-TEST] Decrypting VNC passwords - Tool required

From: Domenico De Vitto <dom () DEVITTO DEMON CO UK>
Date: Sun, 27 Aug 2000 22:52:55 +0100

There is an easier was if you can get to the wire...
and the ego in me says I discovered it (for the record).

VNC generates challenges based on a seed taken from 'time()'.
That means two connections with the same second get the same challenge.
If you can man-in-the-middle, you wait for the challenge, steal the reply,
spoof a RST and try logging in with the same reply.

Of course that sorta hinges on someone logging on in les than a second,
(maybe, I've not checked the client code for when it prompts).

So the rule is...."ssh tunnel" over insecure networks (read: always)

Dom

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Aviram Jenik
Sent: 25 August 2000 14:35
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Decrypting VNC passwords - Tool required


Hi Erica.

There's a patch to the VNC client that can be used to brute-force the
server's password.
See:
http://www.securiteam.com/tools/Brute_forcing_VNC_passwords.html

Regarding securing VNC, see:
http://www.securiteam.com/unixfocus/Securing_VNC_for_the_Internet_environmen
t.html

(NOTE: URLs might be wrapped)

Aviram Jenik
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
http://www.AutomatedScanning.com


----- Original Message -----
From: "erica bernt" <erica_bbb () YAHOO COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, August 21, 2000 1:36 PM
Subject: Decrypting VNC passwords - Tool required

Hi Everyone,

I was doing an audit of some systems and managed to
penetrate into the NT domain. I see that VNC is
installed and so I picked up the DES encrypted
password from the registry. As per :

http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_weak_password_pro
tection_mechanism.html


My specific questions to you is what tool would you
recommend to decrypt this password ? and are there any
other ways to attack VNC ?

On a more general level, what are the most formidable
remote management tools that are out there that you
have most difficulty to detect and penetrate ?

regards Erica


__________________________________________________
Do You Yahoo!?
Yahoo! Mail  Free email you can access from anywhere!
http://mail.yahoo.com/

Current thread:

[PEN-TEST] Decrypting VNC passwords - Tool required erica bernt (Aug 21)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aj Effin ReznoR (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Max Vision (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required David Jacoby (Aug 22)
  - Re: [PEN-TEST] Decrypting VNC passwords - Tool required H D Moore (Aug 24)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aviram Jenik (Aug 26)
  - Re: [PEN-TEST] Decrypting VNC passwords - Tool required Domenico De Vitto (Aug 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Batten, Gerald (Aug 22)
  - Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 23)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Hyde, Mark (GEO) (Aug 24)