Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Mar 2012 11:18:34 -0400
From: Rich Rumble <>
Subject: Re: VNC Pcap's for cracking

On Mon, Mar 19, 2012 at 10:47 AM, Dhiru Kholia <> wrote:
> On Mon, Mar 19, 2012 at 7:57 PM, Rich Rumble <> wrote:
>> Very nice! Sorry about the mislabel, I was doing so much that day
>> I may have forgotten to reset it properly and or label it right. Great
>> test of the module though :)
>> I can't wait to see it in jumbo or the main branch!
> I have just committed a new version of vncpcap2john which is able to
> crack 3.7 and 3.8 protocols (both TightVNC and RealVNC supported). I
> have tested it with your pcap files and it works fine.
> There is something strange about 05-vnc-openwall-3.3.pcap and
> 06-vnc-openwall-3.3.pcap. For 05-vnc-openwall-3.3.pcap, VNC server is
> at and client is at Then why is the
> authentication challenge being sent form to
> (see wireshark). Shouldn't it be the other way round? (rest of the
> pcap files are *correct* though). Any ideas?
I was doing it to and from both machines, but yeah if one is the server
and the other the client, I'd think the sever would issue the challenge.
I can get you some additional pcap's later this week if you like.
For the 3.3 protocol I use RealVNC's check box to "revert" to that
protocol... I don't recall if I captured it or not, but I was also using the
Java VNC (port 5800 as opposed to 5900) viewer, maybe this was
one of those. Sorry I don't have time to look into it more currently
but perhaps later tonight.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ