Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Evajux]

• ??? ??????? ????? ???? ? ... by Evajux
  [Today at 11:49:49 AM]
• semaine de relache 2024 l... by Veronahqb
  [Today at 04:52:59 AM]
• Sticky stuff. by WllkeiJocky
  [May 13, 2024, 01:22:29 PM]
• <a href="https://www.port... by agrohimgfu
  [May 11, 2024, 01:50:21 AM]
• Professional Advice: Reco... by Davidfak
  [May 10, 2024, 11:59:18 AM]
• <a href="https://www.port... by Davidfak
  [May 10, 2024, 03:21:43 AM]

Members

• Total Members: 4961
• Latest: 41si

Stats

• Total Posts: 129633
• Total Topics: 7189
• Online Today: 168
• Online Ever: 1013
• (January 12, 2023, 01:18:11 AM)

[Demosthenes]

FYI

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369


I have to wonder how a virus could really exploit something like VNC.  So you script a virus that bypasses VNC's authentication.  Great.  What then?  It's not like it can script mouse movements or access the file system.

 

About the only use I could see in something like this for a black hat would be to gain access to a machine one at a time, with a human.  A "virus" wouldn't be able to do anything, and therefore wouldn't be able to replicate.

[pbsaurus]

What about gaining access to a box with VNC and then using remote desktop to get to other boxes on the network?

[Demosthenes]

Sure, that's definitely a possibility... but not something a virus could do.

Don't get me wrong, a person could definitely wreak any manner of havoc with a vulnerability such as this... but I don't see how a virus could really exploit it.

[pbsaurus]

But couldn't one exploit a box on the network and have it spread viruses?  Or better yet, get into the exchange or other email server on a network and eliminate email spamware, virus protection and then send out a message from the CEO with said server containing a disquised .pdf attachment with a bonus information or some such?

[12AX7]

Or better yet, get into the exchange or other email server on a network and eliminate email spamware, virus protection and then send out a message from the CEO with said server containing a disquised .pdf attachment with a bonus information or some such?

OSHIT!! Was that you, man? I never did cash mine, (didnt trust it) so I'm still all good. Nice j0rb!

[pbsaurus]

OSHIT!! Was that you, man? I never did cash mine, (didnt trust it) so I'm still all good. Nice j0rb!

Wasn't me.  I wouldn't know how to do that.

[12AX7]

Wasn't me.  I wouldn't know how to do that.

Ah! ok, gotcha.

[Demosthenes]

But couldn't one exploit a box on the network and have it spread viruses?  Or better yet, get into the exchange or other email server on a network and eliminate email spamware, virus protection and then send out a message from the CEO with said server containing a disquised .pdf attachment with a bonus information or some such?

Sure... but not without a user sitting at a machine somewhere actually doing that.  My point is, without a user moving the mouse, a virus that breaks VNC authentication can't actually do anything, much less replicate itself.

Which, by definition, means it can't be a virus.

[pbsaurus]

point taken.

[Crystalmonkey]

Sure... but not without a user sitting at a machine somewhere actually doing that.  My point is, without a user moving the mouse, a virus that breaks VNC authentication can't actually do anything, much less replicate itself.

Which, by definition, means it can't be a virus.

Not true, you certainly know how to use a keyboard to get around, right?

Send a command for windows key > Up Arrow > Enter  (To be mean)

or whatever, the point is you don't need to move a mouse.

Heck, send them to a site that installs a virus! (And accept it automagically!)

[Demosthenes]

While technically true, I don't think something like that would be very successful as viruses go.