Re: [PEN-TEST] Decrypting VNC passwords - Tool required

[Aj Effin ReznoR <aj () REZNOR COM>]

erica bernt wrote:
> Hi Everyone,
>
> I was doing an audit of some systems and managed to
> penetrate into the NT domain. I see that VNC is
> installed and so I picked up the DES encrypted
> password from the registry. As per :
>
> http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_weak_password_protection_mechanism.html
>
> My specific questions to you is what tool would you
> recommend to decrypt this password ? and are there any
> other ways to attack VNC ?

I was looking into this recently, and couldn't find any actual utils.
However, the above link is all you really need (I would also employ paper and
pencil, but I like to doodle as I work sometimes.  Seriously).  The key is
static, no SALTS.  It's far from high tech, sadly.

> On a more general level, what are the most formidable
> remote management tools that are out there that you
> have most difficulty to detect and penetrate ?

Flame all ya want, but I still like BO2k.  Vidstream rate and size can be
trimmed down for slow links, and the encryption modules yield a wide variety
of options.  All data from authentication through video and data streams are
encrpyted.

It can run on any port not in use.  Given the port flexibility with a handful
of encryption modules and a strong PW, it'd be *virtually* impossible for
someone with a client to sweep a range of IPs *and* use the right encryption
module *and* the proper password.  Actually, that 'feature' was removed.  I
presume it was because it was too 'hackerish' and had no legitimate use for an
admin.

The footprint for both client and server is tiny compared to other packages I
have used.

-aj.