Home » Security & Privacy » Crack or Decrypt VNC Server Encrypted Password

Crack or Decrypt VNC Server Encrypted Password

Security & Privacy 11 Comments

Virtual Network Computing or mostly people just calls it VNC is a system to remotely control a computer as if you are sitting in front of the PC even though you are away from it. Although Windows comes with remote desktop feature that accomplishes the same thing as VNC, most server administrators still prefers to use VNC due to cross platform compatibility plus they are also free unless you are using the Personal or Enterprise version of RealVNC for extra security and features such as the deployment tool. The VNC comes in two modules which is the Viewer that is used to control the Server module.

Just like any other remote control software, the VNC server can be password protected to prevent unauthorized users from controlling the server. The password that is saved on the server is encrypted with DES but unfortunately the algorithm has already been cracked long ago. There are quite a number of third party tools that claims to automatically decrypt and display the VNC server password but most of them are not updated to work with the latest versions of VNC. From what we’ve tested, VNCPassView by Nirsoft can only display UltraVNC password, VNCPwdump by Patrik Karlsson failed to display RealVNC password with either the -s or -c switch, and VNC Password Decryptor too failed to fetch and decrypt VNC passwords on a local computer.

These automated VNC password recovery tool doesn’t work because the location of the DES encrypted password that is saved on the computer has changed and they are not updated to read from the new paths. Here we will guide you on how to locate the VNC encrypted password and also how to manually decrypt them either through web based or locally via command line tool.

Locating the encrypted VNC password

Most of the VNCs encrypted password are saved in registry while only UltraVNC is saved in an INI file. Here is an example on how to get the encrypted password for RealVNC based on the registry location provided below.

1. Click the Start button, type regedit in the Search programs and files bar followed by pressing Enter.

2. Expand the HKEY_LOCAL_MACHINE folder by double clicking on it and continue doing that for SOFTWARE, RealVNC and until you reach vncserver.

3. At the right pane, you should see a registry name called Password with the type as REG_SZ and random characters for the data. The random characters you see for Password is the encrypted password for RealVNC and please take note of it for decryption.

RealVNC Encrypted Password

RealVNC
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\vncserver
Value: Password

TightVNC
HKEY_CURRENT_USER\Software\TightVNC\Server
Value: Password or PasswordViewOnly

TigerVNC
HKEY_LOCAL_USER\Software\TigerVNC\WinVNC4
Value: Password

UltraVNC
C:\Program Files\UltraVNC\ultravnc.ini
Value: passwd or passwd2

Once you’ve got the encrypted VNC password, the next step is to decrypt it. Here we offer two choices which is the web based that is very easy to use but requires an internet connection to access it or a command line tool that works on an offline computer but requires to run from command prompt.

Decrypting the encrypted VNC password

Method #1: Web based

VNC password decoder

The online VNC password decoder at Tools88.com has been online since 1997 and is still working today. All you need to do is paste the encrypted password at the Input box, click the button with two Chinese characters and the real password will be instantly displayed at the Result box.

Visit VNC Password Decoder

Method #2: Command line tool

vncpwd

The VNC Password Decoder (vncpwd) tool by Luigi Auriemma can decrypt classic VNC DES encryption method. Simply embed the encrypted password after the command line tool and the real password will be displayed. To use vncpwd, click Start button, type cmd at search bar and press Enter. Change to the directory where vncpwd.exe is located and run the following commnad line:

vncpwd.exe ENCRYPTEDPASSWORD

Download VNC Password Decoder (vncpwd)

You might also like:

firefox password icon3 Tools to Decrypt and Recover Passwords Saved in Firefox recover wlm password6 Tools to Recover Saved Windows Live Messenger Password apple remote desktop icon5 Ways to Remotely Access Apple Mac OS X from Windows login recovery iconRecover Windows Login Password Online with LoginRecovery ftp password iconFTP Password Recovery Tools: 3 Best to Use in 2023

11 Comments - Write a Comment

  1. Israel 2 years ago

    Method #2 works with the UltraVNC server 1.1.6 password saved in C:\Program Files\UltraVNC\ultravnc.ini

    Reply
  2. Martin 3 years ago

    Great job! Method #2 worked like a charm!
    Thank you very very much!

    Reply
  3. ali 3 years ago

    thank you

    Reply
  4. ali 4 years ago

    worked
    thanks

    Reply
  5. Somebody Else 5 years ago

    Awesome, worked here too!!!
    2019

    Reply
  6. Martin Sauer 7 years ago

    very useful!
    Is it possible to do the other way?
    Encrypt a password like Real VNC does?

    Reply
  7. Dontsov E 8 years ago

    You can use common DES encryption (ECB) alghorithm with some changes:
    You should mirror hard secret key of VNC:
    vnc_key = [23, 82, 107, 6, 35, 78, 88, 7]
    new key for “normal” DES:
    vnc_key_for_classic_DES = [232, 74, 214, 96, 196, 114, 26, 224]
    No password changing needed.

    Reply
  8. awesome 14 years ago

    Good tool!

    Reply
  9. fr33mumia 15 years ago

    i’m saved =D

    Reply
  10. somebody 15 years ago

    A really great program ! Works fine !

    Reply
  11. qwerty 17 years ago

    yes, it works.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Your comment is subject to approval. Read our Terms of Use. If you are seeking additional information on this article, please contact us directly.