Re: [PEN-TEST] PC Anywhere protocol

["Dunker, Noah" <NDunker () FISHNETSECURITY COM>]

Kind of on a side-note, I've noticed that with a quick sniffer i wrote
specifically to dump the TCP stream of VNC to a file, I was able to get
all sorts of data from VNC.  All typed text goes over in clear-text, but
mixed amongst a heap of other garbage (probably "video" data getting
transferred to "draw" the character on the remote screen).

It might be helpful with "Screenspy" (I know, you said not to hold my
breath)... The passwd does seem to get sent over in an encoded/encrypted
format... probably the same format it stores it in the file/registry...
Anyone remember a similar problem (hey dude, pass the hash, I'm jones-in')?


-----Original Message-----
From: Dug Song [mailto:dugsong () MONKEY ORG]
Sent: Wednesday, September 06, 2000 6:26 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: PC Anywhere protocol


On Wed, 6 Sep 2000, Oliver Friedrichs wrote:

> dsniff is the only place I've seen any sort of information on the
> protocol.  Doing the newer version could be more of a challenge
> however, since they incorporate MS Crypto API.

i'd be happy to try reversing the protocol from any packet dumps ppl have
of successful/failed logins for the latest version of pcAnywhere.

or any other interesting/proprietary protocol dsniff doesn't handle yet.

-d.

---
http://www.monkey.org/~dugsong/