Penetration Testing mailing list archives
Re: [PEN-TEST] Decrypting VNC passwords - Tool required
From: Max Vision <vision () WHITEHATS COM>
Date: Mon, 21 Aug 2000 18:00:48 -0700
On Mon, 21 Aug 2000, erica bernt wrote:
My specific questions to you is what tool would you recommend to decrypt this password ? and are there any other ways to attack VNC ?
quick dump at: http://whitehats.com/vnc/
On a more general level, what are the most formidable remote management tools that are out there that you have most difficulty to detect and penetrate ?
BO2K when properly configured can be extremely difficult to detect or crack. Detection is usually accomplished on a LAN by analysis of the TCPIO structure (there is a header that correlates to packet structure, as well as a reliable way to decrypt the packet) (0xCDC31337, heh). Remote detection is pretty much out of the question though. Cracking could probably be accomplished through dictionary/bruteforce as long as xor is used, I haven't tried it myself but there are unix clients that I'm sure could be turned into cracking machines quickly (boclient). But finding the UDP port in use is not going to be easy, and smarties use blowfish, cast, or other fun crypto anyway. BO2K has really taken off too - I was surprised to see it as the top download at sourceforge.net right now. Max Vision http://whitehats.com
Current thread:
- [PEN-TEST] Decrypting VNC passwords - Tool required erica bernt (Aug 21)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aj Effin ReznoR (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Max Vision (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required David Jacoby (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required H D Moore (Aug 24)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aviram Jenik (Aug 26)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Domenico De Vitto (Aug 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Batten, Gerald (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 23)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Hyde, Mark (GEO) (Aug 24)