Penetration Testing mailing list archives

RE: New VNC Attack tutorial

From: "Password Crackers, Inc." <pwcrack () pwcrack com>
Date: Thu, 22 Jun 2006 15:14:54 -0400

At the securigo site mentioned below, it is reported that this vulnerability
affects versions 4.0 to 4.2.2.  The most recent Free version available from
RealVNC is 4.1.2, which appears to have been released in response to this
disclosure in May.  The Enterprise edition appears to be at 4.2.5 and there
is also a Personal edition.  Can someone clarify which editions/versions are
affected?  Is it the case that Free edition 4.1.1 and earlier are
vulnerable, but that 4.1.2 patches the flaw?

Bob Weiss
Password Crackers, Inc.

-----Original Message-----
From: moty () netvision net il [mailto:moty () netvision net il] 
Sent: Wednesday, June 14, 2006 10:05 AM
To: pen-test () securityfocus com
Subject: New VNC Attack tutorial

Hi All 

Step by step - Finding un-patched VNC machines 


http://www.securigo.com/VNC-advisory.htm


Useful for penetration tests to check internal client network from
outside/inside.


Regards

Moty  (CEH,CISSP,CCSE,CCSA,CCNA,MCSE)

Penetration tests by Real hackers 

http://www.securigo.com

----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise, you need to proactively protect your applications from hackers. Cenzic
has the most comprehensive solutions to meet your application security
penetration testing and vulnerability management needs. You have an option
to go with a managed service (Cenzic ClickToSecure) or an enterprise
software (Cenzic Hailstorm). Download FREE whitepaper on how a managed
service can help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
----------------------------------------------------------------------------
--



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------

Current thread:

New VNC Attack tutorial moty (Jun 14)
- RE: New VNC Attack tutorial Password Crackers, Inc. (Jun 22)
  - Re: New VNC Attack tutorial Morning Wood (Jun 22)
- <Possible follow-ups>
- Re: New VNC Attack tutorial leoneri (Jun 16)
  - Re: New VNC Attack tutorial skarvin (Jun 16)
    - Re: New VNC Attack tutorial leoneri (Jun 18)
  - Re: New VNC Attack tutorial Luchino - Samel (Jun 16)
    - Re: New VNC Attack tutorial Utmost Bastard (Jun 18)
    - Product Security Assements sec nerd (Jun 18)
    - Re[2]: New VNC Attack tutorial Thierry Zoller (Jun 18)
- Re: New VNC Attack tutorial faz (Jun 16)