![]() ![]() The server sends a unique/random 16-bytes challenge to the client. The client initiates a connection with the server. So we started looking into how the VNC challenge response authentication works and here is what we understood: Therefore, the following research was done.ĭuring client authentication on the VNC server, the server sends an Authentication challenge, and the client sends an Authentication response.Īuthentication challenge example (894443629f4a9675809cff5da2e84651):Īuthentication response example (271d94eb610b5c42588dc53506419e6a): There was a goal, using hashcat to crack a password from captured traffic of the VNC session (containing challenge and response), but it was not possible to find a complete guide on how to do this. The post is interested in every sense: firstly, as the authors rightly note, there is no ready-made solution for cracking the VNC password in hashcat secondly, the research process itself is curious.
0 Comments
Leave a Reply. |