jetlib.sec » Tags » vnc-server

Feeds

133445 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

8 items tagged "vnc server"

Related tags: vnc [+], denial of service [+], linux security [+], server [+], security [+], kevin chen [+], debian [+], advisory [+], windows [+], tcp [+], smartcode [+], shikata ga nai [+], shell [+], serverx [+], realvnc [+], rand [+], password [+], nbsp [+], mysql oracle [+], metasploit [+], logiciel [+], don [+], dictionary attack [+], bsides [+], atlanta [+], adresse mail [+], admin [+], Support [+],  mysql [+]

• April 20, 2012
• 5:00

  From LOW to PWNED [1] Exposed Services and Admin Interfaces

   » ‎ Carnal0wnage
  
  Several (tm) months back I did my talk on "From LOW to PWNED" at hashdays and BSides Atlanta.
  
  The slides were published here and the video from hashdays is here, no video for BSides ATL.
  
  I consistently violate presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
  
  Post [1] Exposed Services and Admin Interfaces
  
  Exposed Services:
  
  An example of exposed services and making sure you check for default and common passwords. so first example is a VNC server with  no password. This gives us a HIGH severity finding
  
   The following is a VNC server with a password of "password"
  
  see the problem? Same thing goes for SSH, Telnet, FTP, etc.  Don't forget about databases as well, MS SQL, MySQL, Oracle, Postgres listening out to the Internet at large.
  
  
  
  Admin Interfaces:
  
  Admin interfaces can be gold. the problem is 1) you have to find them on the random ass port they are running on and 2) you have to get eyes on them. this can be a hassle/problem/hard to do.
  
  So to bring the "low" to it.  some random HTTP server gets you this in Nessus
  
  Now, to be fair this could be totally accurate, but the point is you need to look at what is being served on this HTTP server, could be something could be nothing, no way to know unless you look.  Finding useful HTTP pages on all the random ports can be challenging.
  
  Here is a possible methodology for doing it:
  
  
  

  1. Nmap your range
  2. Import your nmap results into metasploit
  3. Use the db_ searches to pull out a list of hosts & ports
  4. With the magic of scripting languages make that list into an html page(s)
  5. Use linky to open all those links

  Kinda goes like this:
  after you have imported your nmap results, uses the services option.
  If its populated you'll get a list or results like the below
  Output that stuff to a CSV
  
  msf > services -o /tmp/demo.csv
  
  Take that CSV and run some ruby on it
  
  
  The above code will output an html file that you can open with linky
  linky will open each link in a new tab allowing you a way to get eyes on each of those random HTTP(S) services.
  
  You can now start intelligently trying default passwords or viewing exposed content.
  
  Thoughts?
  
  -CG
  
  

  Tags:  nbsp admin server don atlanta bsides mysql-oracle vnc-server  

• May 19, 2011
• 20:31

  Debian Security Advisory 2238-1

   » ‎ Packet Storm Security Advisories
  Debian Linux Security Advisory 2238-1 - Kevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service.

  Tags:  advisory debian security kevin-chen vnc-server denial-of-service linux-security  

• 20:31

  Debian Security Advisory 2238-1

   » ‎ Packet Storm Security Recent Files
  Debian Linux Security Advisory 2238-1 - Kevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service.

  Tags:  advisory debian security kevin-chen vnc-server denial-of-service linux-security  

• 20:31

  Debian Security Advisory 2238-1

   » ‎ Packet Storm Security Misc. Files
  Debian Linux Security Advisory 2238-1 - Kevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service.

  Tags:  vnc-server denial-of-service linux-security  

• December 17, 2010
• 12:24

  Metasploit and VNC Password Bruteforcing

   » ‎ Carnal0wnage
  You probably missed it but jduck recently snuck in a VNC mixin and vnc_login module to the trunk.
  
  This is awesome because before that I had to use Immunity's VAAseline to do VNC bruteforcing. But now you can just use vnc_login.
  
  So the scenario is you find yourself on the other end of a VNC server.
  
  Its tedious to password guess like this
  
  Instead let's use the metasploit module
  
  
  and throw a dictionary attack against the VNC server
  
  Looks like the VNC no auth module had been ported and stuck in there too :-)
  
  
  -CG

  Tags:  vnc password metasploit vnc-server dictionary-attack vnc  

• August 13, 2010
• 15:58

  SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS

  Tags:  vnc smartcode serverx vnc-server  

• May 04, 2010
• 1:00

  RealVNC VNC Server Free Edition 4.1.3 Denial of Service

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  RealVNC VNC Server Free Edition 4.1.3 Denial of Service

  Tags:  vnc server realvnc denial-of-service vnc-server  

• January 23, 2010
• 2:29

  probleme social-engineering toolkit 0.3

   » ‎ remote-exploit & backtrack
  salut voila en utilsant set toolkit je ne comprend pas pourquoi il me donne des adresse mail russe espagnole avec leur code je lutilise sur backtrack 4
  en fesant cette exemple
  
  
  
  
  
  1. Automatic E-Mail Attacks (UPDATED)
  2. Website Java Applet Attack (UPDATED)
  3. Update Metasploit
  4. Update SET
  5. Create a Payload and Listener
  6. Help
  7. Exit the Toolkit
  
  Enter your choice: 2 ok
  °°°°°°°°°°et
  Website Attack Vectors
  
  1. Let SET create a website for you
  2. Clone and setup a fake website (NEW)
  3. Import your own website (NEW)
  4. Return to main menu.
  
  Enter number: 1 ok
  °°°°°°°°°°et
  What payload do you want to generate:
  
  Name: Description:
  
  1. Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker.
  2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker.
  3. Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker.
  4. Windows Bind Shell Execute payload and create an accepting port on remote system.
  5. Windows Bind Shell X64 Windows x64 Command Shell, Bind TCP Inline
  6. Windows Shell Reverse_TCP X64 Windows X64 Command Shell, Reverse TCP Inline
  7. Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter
  8. Import your own executable Specify a path for your own executable
  
  Enter choice (example 1-4): 1 7 ok
  °°°°°°°°°°et
  Select one of the below, Shikata_Ga_Nai is typically the best.
  
  1. avoid_utf8_tolower
  2. shikata_ga_nai
  3. alpha_mixed
  4. alpha_upper
  5. call4_dword_xor
  6. countdown
  7. fnstenv_mov
  8. jmp_call_additive
  9. nonalpha
  10. nonupper
  11. unicode_mixed
  12. unicode_upper
  13. alpha2
  14. No Encoding
  
  Enter your choice (enter for default): 2 ok
  °°°°°°°°°°et
  Usually 1 to 4 does the trick, if you get an
  error messsage, some encoders don't like
  more than one. Specify 0 if you want.
  
  How many times do you want to encode the payload: 1 ok
  °°°°°°°°°°et
  Enter the PORT of the listener: 443 ok
  and
  Enter the PORT of the listener: 443
  
  [-] Encoding the payload 1 times to get around pesky Anti-Virus. [-]
  [*] x86/shikata_ga_nai succeeded with size 46 (iteration=1)
  
  [*] ARP Cache Poisoning is set to ON.
  
  What IP Address do you want to poison: 192.168.1.21 ok
  and
  Filter created...
  Compiling Ettercap filter...
  
  etterfilter NG-0.7.3 copyright 2001-2004 ALoR & NaGA
  
  
  12 protocol tables loaded:
  DECODED DATA udp tcp gre icmp ip arp wifi fddi tr eth
  
  11 constants loaded:
  VRRP OSPF GRE UDP TCP ICMP6 ICMP PPTP PPPoE IP ARP
  
  Parsing source file 'src/program_junk/ettercap.filter' done.
  
  Unfolding the meta-tree done.
  
  Converting labels to real offsets done.
  
  Writing output to 'src/program_junk/ettercap.ef' done.
  
  -> Script encoded into 16 instructions.
  
  Filter compiled...Running Ettercap and poisoning target...ok
  
  voila donc apres sa je lance ettercap-gtk en visant le pc sur mon reseau et voici se que j obtient je ne comprend pas car l attack que j utilise n ai pas faite pour sa ! je cherche des explication sur se soft mais je trouve toujours la meme video sur le net ne parlant pas trop bien anglais je ne peut pas contacter kennedyD013@gmail.com
  
  HTTP : 116.122.36.184:80 -> USER: pwoyaeu@hct.w.com PASS: RAND#a#8 INFO: PHP¿Í MySQLÀ» È°¿ëÇÑ °Ô½ÃÆÇ
  HTTP : 217.69.130.41:80 -> USER: alijahhali096 PASS: Pob7Qrm2Kl INFO: my.mail.ru/cgi-bin/auth
  c est quoi le soucie ??????????????????????????????,

  Tags:  tcp shell windows -mysql rand vnc-server shikata-ga-nai adresse-mail Support logiciel