Re: VNC game

On Fri, 29 Nov 2002 rsmc@tid.es wrote:

>In it, we got to fake entries in the DNS server of the machines

You haven't really bypassed it - you're acting as a passive man-in-the-middle. It's not a trojan.

> /* we must send VNC version number (from protocol) */

No, you have the challenge DES-encrypted by the password. Not the password DES-encrypted by the challenge. See section 5.1.2 of http://www.realvnc.com/docs/rfbproto.pdf.

> /* we send the encrypted password to the VNC server */

I claim no particular expertise in crypto code, but I don't think there's anything here which helps you learn the password. Of course, you've hijacked the data stream, so you could read keystrokes, make screengrabs etc.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The VNC site contains a page on wrapping up VNC inside SSH, for proper secure tunnelling.

Cheers,

Phil Received on Mon Dec 2 03:03:14 2002