Re: password cracker for PCAnywhere and VNC (RFB 003.008)

From: jmk (jmk@foofus.net)
Date: Fri Mar 03 2006 - 15:13:35 EST

• Next message: Omar A. Herrera: "RE: Bank pen test"
• Previous message: Tim: "Re: PT Report delivery (caveats)"
• In reply to: 3 shool: "Re: password cracker for PCAnywhere and VNC (RFB 003.008)"
• Next in thread: 3 shool: "Re: password cracker for PCAnywhere and VNC (RFB 003.008)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 2006-03-03 at 23:10 +0530, 3 shool wrote:
> I recompiled (config,make & install) medusa with --enable-untested
> option. Now the modules directory is listing the modules for FTP and
> PCAnywhere. FTP is working very well but PCAnywhere is giving
> following issue:
>
> # medusa -h 192.168.0.28 -u administrator -p 98476swr -e ns -M pcanyhwere

Spelling things correctly usually helps. ;) Try "-M pcanywhere" rather
than "-M pcanyhwere".

> Joe, can u pls give inputs on how we could use the wrapper module for
> VNC and PCAnywhere.

The wrapper module doesn't really help you with VNC/PcAnywhere. It's
just a way of using Medusa to send/receive authentication data to
outside scripts which handle the actual protocol being tested. The main
thing I use it for is RDP (M$ Terminal Service) bruting. Building a
stand-alone RDP Medusa module would have been a major pain, so I decided
to just use rdesktop with the wrapper module instead. If anyone is
curious, the following documents a patch to rdesktop to allow
brute-forcing: http://www.foofus.net/jmk/rdesktop.html

The Medusa pcanywhere module should work for almost all installs of
PcAnywhere. I plan release the VNC module with Medusa 1.1 in a few
weeks. THC-Hydra does have modules for both of these protocols. However,
their PcAnywhere module is somewhat limited and supports only native PCA
authentication.

The Hydra VNC module may function against old VNC servers, however, my
experience has been that it gets confused and doesn't correctly report
valid passwords. Also, most VNC servers these days have some anti-brute
force functionality built-in. For example, RealVNC enforces a 10 second
delay after 5 failed attempts. It doubles that delay after each
subsequent attempt. The currently unreleased Medusa VNC module handles
this behavior, but actually using a long password list would be
painfully slow.

Joe

-- 
jmk <jmk@foofus.net>
Foofus Networks
------------------------------------------------------------------------------
This List Sponsored by: Lancope
"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed 
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) 
and Response solution, leverages Cisco NetFlow to provide scalable, 
internal network security. 
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response 
Systems in the Enterprise."
http://www.lancope.com/resource/
------------------------------------------------------------------------------

• Next message: Omar A. Herrera: "RE: Bank pen test"
• Previous message: Tim: "Re: PT Report delivery (caveats)"
• In reply to: 3 shool: "Re: password cracker for PCAnywhere and VNC (RFB 003.008)"
• Next in thread: 3 shool: "Re: password cracker for PCAnywhere and VNC (RFB 003.008)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:36 EDT