Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Feb 2012 19:34:58 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Sun, Feb 05, 2012 at 11:22:46PM -0500, Rich Rumble wrote:
> VNC uses a fixed salt and TripleDes, you can get the key from the
> windows registry or a the config file on a *nix server. The password
> is easily reversed, no need for cracking. VNCdec.c is one of the
> first "revealers" I saw for the VNC password.
> http://packetstormsecurity.org/files/10159/vncdec.c

BTW, this program appears to implement a single DES decryption with a
fixed key.  No idea why you mentioned "a fixed salt and TripleDes".
Anyway, this is not what A BC referred to.

> Now as far as sniffing the pass, Cain&Abel (oxid.it) has a sniffer
> that allows you do that,

Now this is closer, but still the question was about cracking already
sniffed challenge/responses with JtR.  We'll need to implement a new
format for that.  The vncdec.c program above is irrelevant to this.

BTW, does Cain&Abel crack VNC challenge/responses?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.