Home > Computer > Crack or Decrypt VNC Server encrypted password
Donation Goal
Donate Now Goal amount for this year: 799 USD, Received: 100 USD (13%)
Please donate to help support this website. The funds will be used to purchase owned license of LiteSpeed Web Server Enterprise (2-CPU). It provides superior performance in terms of raw speed, scalability and anti-DDoS capabilities.

Crack or Decrypt VNC Server encrypted password

Posted By Raymond In Category: Computer

Jun
25
2006

Forgotten your VNC Server’s password? Here’s an easy way to recover the encrypted VNC server password from your computer.
VNCPwdump by Patrik Karlsson can be used to dump and decrypt the registry key containing the encrypted VNC password in a few different ways.

It supports dumping and decrypting the password by:
- Dumping the current users registry key
- Retrieving it from a NTUSER.DAT file
- Decrypting a command line supplied encrypted password
- Injecting the VNC process and dumping the owners password

Here’s the test I did with RealVNC and VNCPwdump.


After installing the latest RealVNC, I set a password “raymond.cc” in the VNC Server properties.
Hack VNC Server encrypted password

I then run Command Prompt (cmd), changed to the extracted vncpwdump directory and run the command “vncpwdump -c
Crack VNC password
Notice that VNCPwdump only display “raymond.” What happened to the last 2 characters “cc”? Well if you didn’t know, VNC server only accepts a maximum of 8 characters for password. RealVNC Server allows you to enter more than 8 characters but when connecting, you only need to type in the first 8 characters password to connect.

RealVNC’s encrypted password is located at HKEY_CURRENT_USER\Software\RealVNC\WinVNC4 in your Registry.

I’ve tested VNCPwdump with other versions of VNC such as TightVNC, UltraVNC and it doesn’t work. Perhaps VNCPwdump only works with RealVNC eventhough I did not find any information saying so in the author’s website.

[ Download RealVNC ]
[ Download VNCPwdump v1.0.6 ]


Related posts:
  • FastPush to silently and remotely install VNC Server
  • RealVNC serious security issue with proof of concept
  • Remote Access Apple Mac OS X via Windows
  • Google 502 Server Error
  • Crack Legitlib.dll to install Windows Media Player 11 Beta
    • chandra

      i,m glad

    • http://qwerty.com.com.com qwerty

      yes, it works)

    • Pingback: האתר של שביט אילן » Blog Archive » האתר של Raymond

    • ali

      messenger kennw

    • Dean

      Some versions of VNC store the password in a different registry key:
      [HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default]
      “Password”=hex:xx,xx,xx,xx,xx,xx,xx,xx

      So just copy the Password key entry from there to this key and it will work fine.

      [HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]
      “Password”=hex:xx,xx,xx,xx,xx,xx,xx,xx

    • Clem

      Serait il possible de faire cette même chose, mais sans passer par Demarrer > Executer > CMD ?

    • Саша

      D:\\vncdump>vncpwdump -c

      VNCPwdump v.1.0.6 by patrik@cqure.net
      ————————————-
      ERROR: Found no password for current user

    • bruno

      cara muito bom o poste acho que vcs não vão intender nada do que eu escrevi mais parabns!!

    • Richard Walsh

      Is there any way of doing this with version 4.1.2 of RealVNC? There is no password stored in any of the registry locations above and the tool therefore returns no password

    • somebody

      A really great program ! Works fine !

    • http://tech-shinobi.com fr33mumia

      i’m saved =D

    • amal

      i cant make it ..
      at the cmd prompt: access is denied..
      Please help me..this is for the assignment using vncpwdump.exe..please~

    • booya

      I had kinda same problems like post#7 and post#9.

      Solution for Problem #9 (can’t find any password):
      I found the hex password in an *.ini within the program’s main directory (in my case …/UltraVNC/ultravnc.ini )

      Having the password i used post#5′s great tip and entered the password into the registry via creating a .reg file and pasting in the password from the .ini

      Running the script i went into the issue from post#7 (no password found for current user)

      Solution for post#7:
      I edited the .reg file and changed LOCAL_MACHINe to CURRENT_USER as follows:

      [HKEY_CURRENT_USER\SOFTWARE\RealVNC\WinVNC4]
      “Password”=hex:xx,xx,xx,xx,xx,xx,xx,xx

      (the x representing your password from ini. or anywhere else)

    • James Curtis

      you can also use vncpwdump -k I have used it to dump ultra/real/tight that I have gotted with remote registry to be able to access computers that I had admin rights to, but no documented vnc password.

    • Hans

      Leider sind die Sources defekt udn ein download ist nicht mehr möglich. gibt es nicht irgendwo nen mirror? ich such seit stunden

    • khir

      can someone help me, how to bypass vnc password when we want vnc to others pc

    • jeck

      Great programm can bupase allmoust any password. decrupting and crypting for me don’t work. But i’m not realy interested in it.

    • awesome

      Good tool!
      bt can you use this tool on a remove vnc server?if yes, how do u go about it?

    • sachin77

      Hey guys this doesn’t work on the latest version of RealVNC (v4.5.3). Big Dissappointment. If you have any ideas please post. Thanks!

    • http://leram.co.za Tebogo Letlalo

      There is no need to go through all this trouble unless you are trying to still someones vnc server password. If its your PC just reset the damn password….

    • igoriando

      Thanks Raymond for this tool,
      the UltraVNC password contains 1-byte checksum in the end, so in order to decrypt you need to pass the key to this tool without last two symbols. Tested and worked!

    Copyright © 2005-2012 - Raymond.CC Blog