RE: Brute force VNC crack

From:
Date: Thu Aug 17 2000 - 06:45:52 EDT

  • Next message: Kapusta Gerhard: "Firewall question"

    To crack VNC passwords is as easy as going to the source code and analise
    the VNCAUTH.C

    Then in a windows machine you just go to the registry and patch it.

    I have done it !

    -----Original Message-----
    From: Kenneth Foster [mailto:]
    Sent: quarta-feira, 16 de Agosto de 2000 22:54
    To:
    Subject: RE: Brute force VNC crack

    cool idea about the hex editor. I didn't even think of that.

    As far as generating a dictionary of possible password, that would require
    about 10828567056280801 possible passwords in a dictionary. That is a huge
    file and would be very large in respect to hard drive space. Not saying it
    couldn't be done, but I wouldn't want to do it.

    Ken

    -----Original Message-----
    From:
    [mailto:]On Behalf Of Ingecom - SERRE
    Jean-Christophe
    Sent: Wednesday, August 16, 2000 3:17 PM
    To:
    Subject: RE: Brute force VNC crack

    "Kenneth Foster" <> wrote:
    >
    > brute forcing of passwords will always work. There are two ways to do
    stop
    > this.
    >
    > 1: Use passwords that don't show up in dictionaries. This may be
    more
    > difficult to remember, but it makes it less likely to be cracked. The
    code,
    > as written, uses a dictionary attack. Not quite what it says in the title
    > of the crack.

    Yes and no: in "hacker toolz" you'll find a lot of little programs for
    generating you a (huge) textfile with the complete list of possible
    passwords based on your provided character set and mini/maxi lengths --
    then, using that textfile as the "dictionnary" will actually perform the
    brute-force attack.

    This kind of attack tool often just provide support for an external
    textfile, because it allows to reuse the wealth of available
    dictionnaries as well as a brute-force generated textfile, while being a
    simple quick-n-dirty program...

    > 2: The other way to stop this is to change the encryption key used by
    your
    > company and recompile your server and client tools. By changing the key
    no
    > password, even the correct one, from a non-company VNCviewer will work. At
    > least from my testing.

    As a note, since most people don't have VC++6 or time for recompiling
    VNC, this can also be easily done, as always, by a mere hex-patch.

    >From the WinVNC source file "vncauth.c" we see that VNC's DES key is:
      unsigned char fixedkey[8] = {23,82,107,6,35,78,88,7};
    which is, in hex:
      17 52 6B 06 23 4E 58 07

    Using any hex-editor, one will find a unique occurence of that hex
    pattern in the WINVNC.EXE and VNCVIEWER.EXE binaries, and will be able
    to hex-change it for a custom key w/o any recompilation.

    --
    JCS - Jean-Christophe SERRE - INGECOM France - +33 (0)1.48.34.12.34
    

    Microsoft: the 51st State of America -- 52nd coming soon! --------------------------------------------------------------------- To unsubscribe, send a message with the line: unsubscribe vnc-list to See also: --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, send a message with the line: unsubscribe vnc-list to See also: --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, send a message with the line: unsubscribe vnc-list to See also: ---------------------------------------------------------------------

    ----------------------------------------- TridiaVNC - http://www.tridiavnc.com/



    This archive was generated by : Thu Aug 17 2000 - 07:17:39 EDT