Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Mar 2012 11:18:34 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: VNC Pcap's for cracking

On Mon, Mar 19, 2012 at 10:47 AM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Mon, Mar 19, 2012 at 7:57 PM, Rich Rumble <richrumble@...il.com> wrote:
>> Very nice! Sorry about the mislabel, I was doing so much that day
>> I may have forgotten to reset it properly and or label it right. Great
>> test of the module though :)
>> I can't wait to see it in jumbo or the main branch!
>
> I have just committed a new version of vncpcap2john which is able to
> crack 3.7 and 3.8 protocols (both TightVNC and RealVNC supported). I
> have tested it with your pcap files and it works fine.
>
> There is something strange about 05-vnc-openwall-3.3.pcap and
> 06-vnc-openwall-3.3.pcap. For 05-vnc-openwall-3.3.pcap, VNC server is
> at 192.168.1.10 and client is at 192.168.1.123. Then why is the
> authentication challenge being sent form 192.168.1.123 to 192.168.1.10
> (see wireshark). Shouldn't it be the other way round? (rest of the
> pcap files are *correct* though). Any ideas?
I was doing it to and from both machines, but yeah if one is the server
and the other the client, I'd think the sever would issue the challenge.
I can get you some additional pcap's later this week if you like.
For the 3.3 protocol I use RealVNC's check box to "revert" to that
protocol... I don't recall if I captured it or not, but I was also using the
Java VNC (port 5800 as opposed to 5900) viewer, maybe this was
one of those. Sorry I don't have time to look into it more currently
but perhaps later tonight.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ