Open Fryyyyy opened 1 year ago
aarontp
commented
1 year ago Looks like it's a pretty trivial implementation outside of the DES code. Rather than adding a new dependency that hasn't been updated in a while, I wonder if we could easily reproduce this with pycrypto or something.
goldenkirbi
commented
11 months ago Working on this.
hacktobeer
commented
10 months ago @goldenkirbi are you still working on this?
goldenkirbi
commented
10 months ago @goldenkirbi are you still working on this?
Yes. Currently, I have a working implementation for decrypting VNC passwords stored in known locations in the Windows registry.
I still have to look into how to process Linux ~/.vnc/passwd
hacktobeer
commented
10 months ago Super, thanks. What maybe could help is adding the VNC password locations to the Digital Forensic artifact repository and using that in the Turbinia fileextraction task to get them. See below for an example how we do that for Tomcat files.
Tomcat artifacts defined -> https://github.com/ForensicArtifacts/artifacts/blob/main/data/tomcat.yaml#L75 Turbinia Tomcat Job with artifact extraction task -> https://github.com/google/turbinia/blob/5e3f2914d4cfc307d6c9e015679b727a4f9b4d1a/turbinia/jobs/tomcat.py#L54 Turbinia Tomcat analysis task - https://github.com/google/turbinia/blob/5e3f2914d4cfc307d6c9e015679b727a4f9b4d1a/turbinia/workers/tomcat.py#L29
A new analyser to use https://github.com/jeroennijhof/vncpwd to decode weak passwords, a seen cause of compromise