Penetration Testing mailing list archives
Re: [PEN-TEST] Decrypting VNC passwords - Tool required
From: Loki <loki.loa () SUBDIMENSION COM>
Date: Tue, 22 Aug 2000 19:58:17 -0700
Is their a method of retreiving those same VNC passwords remotely? Or are we just talking about a simple brute-force? ---------------------------------------------------------------------- Loki [LoA] loki.loa () subdimension com "A verse from Saint Paul stays with me. It is perhaps the strangest passage in the Bible in which he writes: Even now in Heaven there were angels carrying savage weapons." ---------------------------------------------------------------------- PGP Key fingerprint = 67 1D 12 BE 61 D6 63 B2 6A 8C F8 A1 80 88 1B 4 [jbrill () nasa gov]# ./crack /etc/passwd > passwd.cr [jbrill () nasa gov]# su - root [root () nasa gov]# ---------------------------------------------------------------------- -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Batten, Gerald Sent: Tuesday, August 22, 2000 8:00 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Decrypting VNC passwords - Tool required There's a tool called vnccrack. You can find a copy of it here: http://www.phenoelit.de/ If you give it the encrypted password, it will decrypt it for you as well. I find this usefull when customers ask me if VNC is safe to use as an administration tool. Gerald Batten Security Consultant EXOCOM *Note: views expressed in this communication are not those of my employer's. *Note2: They're not necessarily mine either.
-----Original Message----- From: erica bernt [mailto:erica_bbb () YAHOO COM] Sent: Monday, August 21, 2000 5:37 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Decrypting VNC passwords - Tool required Hi Everyone, I was doing an audit of some systems and managed to penetrate into the NT domain. I see that VNC is installed and so I picked up the DES encrypted password from the registry. As per : http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_wea k_password_protection_mechanism.html My specific questions to you is what tool would you recommend to decrypt this password ? and are there any other ways to attack VNC ? On a more general level, what are the most formidable remote management tools that are out there that you have most difficulty to detect and penetrate ? regards Erica __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- [PEN-TEST] Decrypting VNC passwords - Tool required erica bernt (Aug 21)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aj Effin ReznoR (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Max Vision (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required David Jacoby (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required H D Moore (Aug 24)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Aviram Jenik (Aug 26)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Domenico De Vitto (Aug 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Batten, Gerald (Aug 22)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Loki (Aug 23)
- Re: [PEN-TEST] Decrypting VNC passwords - Tool required Hyde, Mark (GEO) (Aug 24)