Date: Mon, 19 Mar 2012 11:18:34 -0400 From: Rich Rumble <richrumble@...il.com> To: john-dev@...ts.openwall.com Subject: Re: VNC Pcap's for cracking On Mon, Mar 19, 2012 at 10:47 AM, Dhiru Kholia <dhiru.kholia@...il.com> wrote: > On Mon, Mar 19, 2012 at 7:57 PM, Rich Rumble <richrumble@...il.com> wrote: >> Very nice! Sorry about the mislabel, I was doing so much that day >> I may have forgotten to reset it properly and or label it right. Great >> test of the module though :) >> I can't wait to see it in jumbo or the main branch! > > I have just committed a new version of vncpcap2john which is able to > crack 3.7 and 3.8 protocols (both TightVNC and RealVNC supported). I > have tested it with your pcap files and it works fine. > > There is something strange about 05-vnc-openwall-3.3.pcap and > 06-vnc-openwall-3.3.pcap. For 05-vnc-openwall-3.3.pcap, VNC server is > at 192.168.1.10 and client is at 192.168.1.123. Then why is the > authentication challenge being sent form 192.168.1.123 to 192.168.1.10 > (see wireshark). Shouldn't it be the other way round? (rest of the > pcap files are *correct* though). Any ideas? I was doing it to and from both machines, but yeah if one is the server and the other the client, I'd think the sever would issue the challenge. I can get you some additional pcap's later this week if you like. For the 3.3 protocol I use RealVNC's check box to "revert" to that protocol... I don't recall if I captured it or not, but I was also using the Java VNC (port 5800 as opposed to 5900) viewer, maybe this was one of those. Sorry I don't have time to look into it more currently but perhaps later tonight.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ