Brute force VNC crack

James ''Wez'' Weatherall jnw22 "at" cam.ac.uk
Thu, 17 Aug 2000 13:20:10 +0000


> To crack VNC passwords is as easy as going to the source code and analise
> the VNCAUTH.C
>
> Then in a windows machine you just go to the registry and patch it.
>
> I have done it !

You appear to have missed the point.  The registry entry is only encrypted
to prevent it from being readable if you happen to have it up on your screen
in regedit for some reason, not to provide security (that should be done
using registry security under WinNT).  If you have access to the Windows
machine then obviously you can change the password, or decrypt it, but since
you already have access to the machine, why on earth would you need to?

The issue people are discussing is the possibility of remote brute-force
cracks against the password.

Hope that helps,

James "Wez" Weatherall
--
          "Xenophobes should go back to Xenophobia"
Laboratory for Communications Engineering, Cambridge - Tel : 766513
AT&T Labs Cambridge, UK                              - Tel : 343000
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------