Hacking RealVNC

[alienstargate]

Ok ppl have a question,

i'm doing a pentest on a gov instance and founs some intresting stuff...

For now i'm focusing on VNC, i was able to runs the vnc 4.1 bypass exploit so am able to get the login screen of a 2k3 server.

My question is: is there a way to use some other exploit on the vnc or trough the vnc or inject something in there so i can get acces to the machine? think of a command shell or add users etc.

pls advice!

[wyze]

Quote:

Originally Posted by alienstargate

Ok ppl have a question,

i'm doing a pentest on a gov instance and founs some intresting stuff...

For now i'm focusing on VNC, i was able to runs the vnc 4.1 bypass exploit so am able to get the login screen of a 2k3 server.

My question is: is there a way to use some other exploit on the vnc or trough the vnc or inject something in there so i can get acces to the machine? think of a command shell or add users etc.

pls advice!

You're hacking the government?

[alienstargate]

YES!!!!

it's a project i've scored so i'm allowed to test their security (externaly)
anyway any advice?

[archangel.amael]

Of what country ?
Is it possible you could slip me a pm with the name of the company you work for so maybe I could apply for a job there too?

[Thorn]

Quote:

Originally Posted by archangel.amael

Of what country ?

China, testing the US DOD.



And it is just me, or are picture signatures one of the most annoying things people can do on a forum?

[williamc]

Code:

net use \\ipaddress /u:user password

Code:

regread.exe \\ipaddress software\orl\winvnc3\default Password | grep -v [g-zG-Z] | tr -d [:blank:]

This will get you the encrypted password. Then use vncpwdump.exe to decrypt it.

William

[theprez98]

Quote:

Originally Posted by Thorn

And it is just me, or are picture signatures one of the most annoying things people can do on a forum?

Sorry, it's just you.

I'd ban them if I could.

[archangel.amael]

Quote:

Originally Posted by Thorn

China, testing the US DOD.

Darn and I was hoping I good get a job and get rich quick or something.
Not to mention the war stories I could tell.

[thorin]

Maybe I'm being overly harsh but I call BS.

How do you land a Gov't contract with the skills (writing and technical) demonstrated in the original post?

Quote:

Originally Posted by Thorn

And it is just me, or are picture signatures one of the most annoying things people can do on a forum?

No it's not just you. I often end up adblocking things like that.

Quote:

Originally Posted by theprez98

Sorry, it's just you.

I'd ban them if I could.

Huh? It's just him but you'd ban them if you could?

Oh looky looky, sig pic is in a list'able directory (as are the parent directories):
http://home.hccnet.nl/ea.abbink/images/alien/

Even better, seemingly way out of date apache server:

Code:

Apache/1.3.26 Server at home.hccnet.nl Port 80

[archangel.amael]

Quote:

Originally Posted by thorin

Maybe I'm being overly harsh but I call BS.

How do you land a Gov't contract with the skills (writing and technical) demonstrated in the original post?

Well I thought the same thing, but I was hoping to get rich quick and be able to tell some tales of the ol' tiger team hax0rs the big bad gov.

Quote:

Oh looky looky, sig pic is in a list'able directory (as are the parent directories):
http://home.hccnet.nl/ea.abbink/images/alien/

Even better, seemingly way out of date apache server:

Code:

Apache/1.3.26 Server at home.hccnet.nl Port 80

OOPS! Maybe that was not meant to be seen, or maybe it's part of a uber leet honeypot!