Hello

can you help me if i send a code can you decrypt what the password is?

have code from ini file but can not work out what the password is?


Quote Originally Posted by Tedob1 View Post
RealVNC is a much used and pretty secure program as far as remote attacks go as long as a strong password is set. But it's only as secure as the computer its on

Its password is stored locally and is very easily cracked.

To illustrate this I used a program called x4 which is made spcefically for decoding vnc paswords.

after i set the password to "my_pass" (so i can put back my real password when im finished) i retrieve it from the registry where it is stored in hexadecimal format

HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default

password b8 1e ac 6a ed f4 36 30

After starting the program using the -W flag for 'windows interactive' each pair of charecters gets entered one at a time until all eight are entered

C:\Pwd>x4 -W
b8
1e
ac
6a
ed
f4
36
30
Entered HEX String: b8 1e ac 6a ed f4 36 30
VNC Password: my_pass

C:\Pwd>

The decrypted password immeditally appears.

Do not use vnc on a computer where others that you shouldn't trust have access to it and change the password often. Also keep in mind that the registry is accessable to anyone who gains a remote shell on your computer so keep it patched and firewalled. In earlier version vnc was vulnerable to session hi-jacking and although thats been fixed a weak password can still be brute forced.