Penetration Testing mailing list archives
Re: [PEN-TEST] Decrypting VNC passwords - Tool required
From: Aj Effin ReznoR <aj () REZNOR COM>
Date: Mon, 21 Aug 2000 17:21:24 -0700
erica bernt wrote:
Hi Everyone, I was doing an audit of some systems and managed to penetrate into the NT domain. I see that VNC is installed and so I picked up the DES encrypted password from the registry. As per : http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_weak_password_protection_mechanism.html My specific questions to you is what tool would you recommend to decrypt this password ? and are there any other ways to attack VNC ?
I was looking into this recently, and couldn't find any actual utils. However, the above link is all you really need (I would also employ paper and pencil, but I like to doodle as I work sometimes. Seriously). The key is static, no SALTS. It's far from high tech, sadly.
On a more general level, what are the most formidable remote management tools that are out there that you have most difficulty to detect and penetrate ?
Flame all ya want, but I still like BO2k. Vidstream rate and size can be trimmed down for slow links, and the encryption modules yield a wide variety of options. All data from authentication through video and data streams are encrpyted. It can run on any port not in use. Given the port flexibility with a handful of encryption modules and a strong PW, it'd be *virtually* impossible for someone with a client to sweep a range of IPs *and* use the right encryption module *and* the proper password. Actually, that 'feature' was removed. I presume it was because it was too 'hackerish' and had no legitimate use for an admin. The footprint for both client and server is tiny compared to other packages I have used. -aj.
Current thread:
- [PEN-TEST] Decrypting VNC passwords - Tool required erica bernt (Aug 21)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aj Effin ReznoR (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Max Vision (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required David Jacoby (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required H D Moore (Aug 24)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aviram Jenik (Aug 26)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Domenico De Vitto (Aug 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Batten, Gerald (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 23)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Hyde, Mark (GEO) (Aug 24)