Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Hacking RealVNC

  1. #1
    Just burned their ISO alienstargate's Avatar
    Join Date
    Mar 2010
    Posts
    16

    Default Hacking RealVNC

    Ok ppl have a question,

    i'm doing a pentest on a gov instance and founs some intresting stuff...

    For now i'm focusing on VNC, i was able to runs the vnc 4.1 bypass exploit so am able to get the login screen of a 2k3 server.

    My question is: is there a way to use some other exploit on the vnc or trough the vnc or inject something in there so i can get acces to the machine? think of a command shell or add users etc.

    pls advice!

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by alienstargate View Post
    Ok ppl have a question,

    i'm doing a pentest on a gov instance and founs some intresting stuff...

    For now i'm focusing on VNC, i was able to runs the vnc 4.1 bypass exploit so am able to get the login screen of a 2k3 server.

    My question is: is there a way to use some other exploit on the vnc or trough the vnc or inject something in there so i can get acces to the machine? think of a command shell or add users etc.

    pls advice!
    You're hacking the government?
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Just burned their ISO alienstargate's Avatar
    Join Date
    Mar 2010
    Posts
    16

    Default

    YES!!!!

    it's a project i've scored so i'm allowed to test their security (externaly)
    anyway any advice?

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Of what country ?
    Is it possible you could slip me a pm with the name of the company you work for so maybe I could apply for a job there too?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by archangel.amael View Post
    Of what country ?
    China, testing the US DOD.



    And it is just me, or are picture signatures one of the most annoying things people can do on a forum?
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    Code:
    net use \\ipaddress /u:user password
    Code:
    regread.exe \\ipaddress software\orl\winvnc3\default Password | grep -v [g-zG-Z] | tr -d [:blank:]
    This will get you the encrypted password. Then use vncpwdump.exe to decrypt it.

    William

  7. #7
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by Thorn View Post
    And it is just me, or are picture signatures one of the most annoying things people can do on a forum?
    Sorry, it's just you.

    I'd ban them if I could.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Thorn View Post
    China, testing the US DOD.
    Darn and I was hoping I good get a job and get rich quick or something.
    Not to mention the war stories I could tell.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Maybe I'm being overly harsh but I call BS.

    How do you land a Gov't contract with the skills (writing and technical) demonstrated in the original post?

    Quote Originally Posted by Thorn View Post
    And it is just me, or are picture signatures one of the most annoying things people can do on a forum?
    No it's not just you. I often end up adblocking things like that.

    Quote Originally Posted by theprez98 View Post
    Sorry, it's just you.

    I'd ban them if I could.
    Huh? It's just him but you'd ban them if you could?

    Oh looky looky, sig pic is in a list'able directory (as are the parent directories):
    http://home.hccnet.nl/ea.abbink/images/alien/

    Even better, seemingly way out of date apache server:
    Code:
    Apache/1.3.26 Server at home.hccnet.nl Port 80
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by thorin View Post
    Maybe I'm being overly harsh but I call BS.

    How do you land a Gov't contract with the skills (writing and technical) demonstrated in the original post?
    Well I thought the same thing, but I was hoping to get rich quick and be able to tell some tales of the ol' tiger team hax0rs the big bad gov.


    Oh looky looky, sig pic is in a list'able directory (as are the parent directories):
    http://home.hccnet.nl/ea.abbink/images/alien/

    Even better, seemingly way out of date apache server:
    Code:
    Apache/1.3.26 Server at home.hccnet.nl Port 80
    OOPS! Maybe that was not meant to be seen, or maybe it's part of a uber leet honeypot!
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •