w00giving 99 -5- |
||||
|
http://www.roses-labs.com
Discovered and authored by: Conde Vampiro (Roses Labs) INTRODUCTION VNC is a software package that permits a user to view a remote desktop in real-time. It's a very nice GNU tool that runs on Windows (9x/NT) and *nix (Linux, BSD). To protect intruder to access the remote desktop, VNC has a password protection. This encryption is done using 3DES, but this encryption is very poor and can be attacked (through brute-force). PROBLEM ONE When we install the VNC server on a Windows box, we can find the password encrypted at the following registry keys (look for "password"): \HKEY_CURRENT_USER\Software\ORL\WinVNC3 \HKEY_USERS\.DEFAULT\SOftware\ORL\WinVNC3 When we introduce a password of arbitrary length, the VNC server will encrypt our password, but it will drop (null) all bytes after 8. This is demonstrated here: Imput password -> micasaesazul Key -> 23 82 107 6 35 78 88 7 Encrypted password -> 1f f1 6f 1a cc 34 64 f0 Imput password -> micasaesroja Key -> 23 82 107 6 35 78 88 7 Encrypted password -> 1f f1 6f 1a cc 34 64 f0 In both cases, the VNC server interpretted the password as "micasaes." Eight characters is small. PROBLEM TWO When the VNC server encrypt a password it always uses the same fixed key, so the output password are always the same. For example, if we imput "conde" as password, the output password is: df 6b 7e e8 94 26 d8 b5. Imput password -> conde Key -> 23 82 107 6 35 78 88 7 Encrypted password -> df 6b 7e e8 94 26 d8 b5 Imput password -> 2621 Key -> 23 82 107 6 35 78 88 7 Encrypted password -> 73 05 1d 22 49 b6 05 1c The VNC server always use this key ("23 82 107 6 35 78 88 7") in [at least] the current version. New contributors: Conde Vampiro and Roses Labs (http://www.roses-labs.com)
|
Page d'accueil Nous écrire By mail Nous envoyer des commentaires By la page de le Feed-Back |
Nouveautés
et... |
Le Sommaire de Kitetoa (orientation...) Sommaire général du site |
Les
rubriques! Les
livres publiés par Kitetoa |
Les
rubriques! (suite) Les Let-R-s Des Images On s'en fout! KitEcout' KessTaVu? -KiteToile Voyages |
Les dossiers : Precision [ZataZ] Le monde fou des Admins Defcon Le hack le plus bizarre Guerre de l'info Convention contre la cyber-criminalité Hack |
Questionnaire visant à améliorer le contenu de ce site si c'est possible et pas trop compliqué |
Rechercher sur le site ...et sur le Net Des liens et D'autres choses du Ouèb |