RE: Brute force VNC crack

From: Ingecom - SERRE Jean-Christophe ()
Date: Wed Aug 16 2000 - 15:16:51 EDT

Next message: Ingecom - SERRE Jean-Christophe: "Re: VNC review in Network Computing article"

Previous message: jeff: "Re: AW: Disconnect of users after close"
Maybe in reply to: Ernie Oporto: "Brute force VNC crack"
Next in thread: Kenneth Foster: "RE: Brute force VNC crack"
Next in thread: Kenneth Foster: "changing VNC password. Windows specific."
Reply: Kenneth Foster: "RE: Brute force VNC crack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Kenneth Foster" <> wrote:
>
> brute forcing of passwords will always work. There are two ways to do stop
> this.
>
> 1: Use passwords that don't show up in dictionaries. This may be more
> difficult to remember, but it makes it less likely to be cracked. The code,
> as written, uses a dictionary attack. Not quite what it says in the title
> of the crack.

Yes and no: in "hacker toolz" you'll find a lot of little programs for
generating you a (huge) textfile with the complete list of possible
passwords based on your provided character set and mini/maxi lengths --
then, using that textfile as the "dictionnary" will actually perform the
brute-force attack.

This kind of attack tool often just provide support for an external
textfile, because it allows to reuse the wealth of available
dictionnaries as well as a brute-force generated textfile, while being a
simple quick-n-dirty program...

> 2: The other way to stop this is to change the encryption key used by your
> company and recompile your server and client tools. By changing the key no
> password, even the correct one, from a non-company VNCviewer will work. At
> least from my testing.

As a note, since most people don't have VC++6 or time for recompiling
VNC, this can also be easily done, as always, by a mere hex-patch.

>From the WinVNC source file "vncauth.c" we see that VNC's DES key is:
unsigned char fixedkey[8] = {23,82,107,6,35,78,88,7};
which is, in hex:
17 52 6B 06 23 4E 58 07

Using any hex-editor, one will find a unique occurence of that hex
pattern in the WINVNC.EXE and VNCVIEWER.EXE binaries, and will be able
to hex-change it for a custom key w/o any recompilation.

-- JCS - Jean-Christophe SERRE - INGECOM France - +33 (0)1.48.34.12.34 Microsoft: the 51st State of America -- 52nd coming soon! --------------------------------------------------------------------- To unsubscribe, send a message with the line: unsubscribe vnc-list to See also: ---------------------------------------------------------------------

----------------------------------------- TridiaVNC - http://www.tridiavnc.com/

Next message: Ingecom - SERRE Jean-Christophe: "Re: VNC review in Network Computing article"
Previous message: jeff: "Re: AW: Disconnect of users after close"
Maybe in reply to: Ernie Oporto: "Brute force VNC crack"
Next in thread: Kenneth Foster: "RE: Brute force VNC crack"
Next in thread: Kenneth Foster: "changing VNC password. Windows specific."
Reply: Kenneth Foster: "RE: Brute force VNC crack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by : Wed Aug 16 2000 - 15:32:29 EDT