Penetration Testing mailing list archives
Re: [PEN-TEST] Decrypting VNC passwords - Tool required
From: "Hyde, Mark (GEO)" <Mark.Hyde () COMPAQ COM>
Date: Thu, 24 Aug 2000 09:51:07 +0200
Loki, These passwords are stored in an encrypted form in the registry. The tools discussed decrypt the password. It is not a brute force. If you have remote registry access then you may be able to retreive the password. Taking a typical VNC implementation scenario - ie Admins use VNC on workstations - to support user problems and on servers - for remote admin. A workstation user would have very little difficulty to get hold of the VNC password in his local registry and decrypt it. There is a very good chance that the same password is used for all workstations & servers on the net and so you are potentially putting the keys to the domain on every workstation.
From a penetration point of view it would be much simpler to attack a
workstation (with less chance of being detected), then move to the servers. If I have time I would like to check if the VNC password goes in clear over the net. If so then the workstation user would just have ask for admin to provide remote support and then sniff the session and not bother about decryting. But I'm sure someone has already checked this... Mark -----Original Message----- From: Loki [mailto:loki.loa () SUBDIMENSION COM] Sent: Wednesday, August 23, 2000 3:58 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: Decrypting VNC passwords - Tool required Is their a method of retreiving those same VNC passwords remotely? Or are we just talking about a simple brute-force? ---------------------------------------------------------------------- Loki [LoA] loki.loa () subdimension com "A verse from Saint Paul stays with me. It is perhaps the strangest passage in the Bible in which he writes: Even now in Heaven there were angels carrying savage weapons." ---------------------------------------------------------------------- PGP Key fingerprint = 67 1D 12 BE 61 D6 63 B2 6A 8C F8 A1 80 88 1B 4 [jbrill () nasa gov]# ./crack /etc/passwd > passwd.cr [jbrill () nasa gov]# su - root [root () nasa gov]# ---------------------------------------------------------------------- -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Batten, Gerald Sent: Tuesday, August 22, 2000 8:00 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Decrypting VNC passwords - Tool required There's a tool called vnccrack. You can find a copy of it here: http://www.phenoelit.de/ If you give it the encrypted password, it will decrypt it for you as well. I find this usefull when customers ask me if VNC is safe to use as an administration tool. Gerald Batten Security Consultant EXOCOM *Note: views expressed in this communication are not those of my employer's. *Note2: They're not necessarily mine either.
-----Original Message----- From: erica bernt [mailto:erica_bbb () YAHOO COM] Sent: Monday, August 21, 2000 5:37 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Decrypting VNC passwords - Tool required Hi Everyone, I was doing an audit of some systems and managed to penetrate into the NT domain. I see that VNC is installed and so I picked up the DES encrypted password from the registry. As per : http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_wea k_password_protection_mechanism.html My specific questions to you is what tool would you recommend to decrypt this password ? and are there any other ways to attack VNC ? On a more general level, what are the most formidable remote management tools that are out there that you have most difficulty to detect and penetrate ? regards Erica __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- [PEN-TEST] Decrypting VNC passwords - Tool required erica bernt (Aug 21)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aj Effin ReznoR (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Max Vision (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required David Jacoby (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required H D Moore (Aug 24)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aviram Jenik (Aug 26)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Domenico De Vitto (Aug 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Batten, Gerald (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 23)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Hyde, Mark (GEO) (Aug 24)