Re: [PEN-TEST] Decrypting VNC passwords - Tool required

[Loki <loki.loa () SUBDIMENSION COM>]

I too am looking for more pen-testing tools for VNC. I am seeing a large
amount of uprising in the use of it at different companies. Its recent
widespread use has sparked my curiosity in wanting to learn more about it.

Please advise.


----------------------------------------------------------------------
Loki [LoA]
loki.loa () subdimension com

"A verse from Saint Paul stays with me. It is perhaps the strangest
passage in the Bible in which he writes: Even now in Heaven there were
angels carrying savage weapons."

----------------------------------------------------------------------
PGP Key fingerprint =  67 1D 12 BE 61 D6 63 B2  6A 8C F8 A1 80 88 1B 4
[jbrill () nasa gov]# ./crack /etc/passwd > passwd.cr
[jbrill () nasa gov]# su - root
[root () nasa gov]#
----------------------------------------------------------------------


-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of erica bernt
Sent: Monday, August 21, 2000 4:37 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Decrypting VNC passwords - Tool required


Hi Everyone,

I was doing an audit of some systems and managed to
penetrate into the NT domain. I see that VNC is
installed and so I picked up the DES encrypted
password from the registry. As per :

http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_weak_password_pro
tection_mechanism.html

My specific questions to you is what tool would you
recommend to decrypt this password ? and are there any
other ways to attack VNC ?

On a more general level, what are the most formidable
remote management tools that are out there that you
have most difficulty to detect and penetrate ?

regards Erica


__________________________________________________
Do You Yahoo!?
Yahoo! Mail  Free email you can access from anywhere!
http://mail.yahoo.com/