Re: [PEN-TEST] Decrypting VNC passwords - Tool required

[Aviram Jenik <aviram () BEYONDSECURITY COM>]

Hi Erica.

There's a patch to the VNC client that can be used to brute-force the
server's password.
See:
http://www.securiteam.com/tools/Brute_forcing_VNC_passwords.html

Regarding securing VNC, see:
http://www.securiteam.com/unixfocus/Securing_VNC_for_the_Internet_environmen
t.html

(NOTE: URLs might be wrapped)

Aviram Jenik
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
http://www.AutomatedScanning.com


----- Original Message -----
From: "erica bernt" <erica_bbb () YAHOO COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, August 21, 2000 1:36 PM
Subject: Decrypting VNC passwords - Tool required


> Hi Everyone,
>
> I was doing an audit of some systems and managed to
> penetrate into the NT domain. I see that VNC is
> installed and so I picked up the DES encrypted
> password from the registry. As per :
http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_weak_password_pro
tection_mechanism.html
> My specific questions to you is what tool would you
> recommend to decrypt this password ? and are there any
> other ways to attack VNC ?
>
> On a more general level, what are the most formidable
> remote management tools that are out there that you
> have most difficulty to detect and penetrate ?
>
> regards Erica
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Mail – Free email you can access from anywhere!
> http://mail.yahoo.com/