Date: Tue, 7 Feb 2012 19:34:58 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: DES - not "traditional DES-based" - (VNC hash) with JtR On Sun, Feb 05, 2012 at 11:22:46PM -0500, Rich Rumble wrote: > VNC uses a fixed salt and TripleDes, you can get the key from the > windows registry or a the config file on a *nix server. The password > is easily reversed, no need for cracking. VNCdec.c is one of the > first "revealers" I saw for the VNC password. > http://packetstormsecurity.org/files/10159/vncdec.c BTW, this program appears to implement a single DES decryption with a fixed key. No idea why you mentioned "a fixed salt and TripleDes". Anyway, this is not what A BC referred to. > Now as far as sniffing the pass, Cain&Abel (oxid.it) has a sniffer > that allows you do that, Now this is closer, but still the question was about cracking already sniffed challenge/responses with JtR. We'll need to implement a new format for that. The vncdec.c program above is irrelevant to this. BTW, does Cain&Abel crack VNC challenge/responses? Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.