vncspy Code
Status: Beta
Brought to you by:
smilindog2000
Menu
▾
▴
Tree [r1] / History
| File | Date | Author | Commit |
|---|---|---|---|
| doc | 2006-10-25 | smilindog2000 | [r1] /home/bill/projects/vncspy: Initial files |
| README | 2006-10-25 | smilindog2000 | [r1] /home/bill/projects/vncspy: Initial files |
| makefile | 2006-10-25 | smilindog2000 | [r1] /home/bill/projects/vncspy: Initial files |
| makerel | 2006-10-25 | smilindog2000 | [r1] /home/bill/projects/vncspy: Initial files |
| postweb | 2006-10-25 | smilindog2000 | [r1] /home/bill/projects/vncspy: Initial files |
| vncspy.c | 2006-10-25 | smilindog2000 | [r1] /home/bill/projects/vncspy: Initial files |
| vncspyd | 2006-10-25 | smilindog2000 | [r1] /home/bill/projects/vncspy: Initial files |
Read Me
Most people are unaware that VNC is HIGHLY INSECURE. To help them understand, I wrote this tiny
program, vncspy. All it does is sniff network traffic, and report VNC key strokes that it sees.
So, for example, if an engineer insists on using VNC to log in from his Windows machine into your
network whenever he wants from home, try leaving vncspy running for a while. I like to use the
command:
sudo vncspy eth0 | tee keylog
Note that you need to run vncspy as root. You can either su root, or sudo.
This will sniff all keystrokes he enters from home to his VNC server. Assuming he has to enter
his user name and password to log-on, you should see his user name in the keylog, followed by his
password. It's that simple!
When you get his password, try writing it on a sticky-note, and pasting it on his monitor. I've
found showing people their passwords to be very effective at improving their security habits.
Usage
-----
vncspy must be run as root. It takes only one optional parameter, the interface to sniff on. If
left out, it will use the first interface on your system, typically eth0.
Compling
--------
The only major dependency for vncspy is the pcap development library. On Debian or Ubuntu, you
may issue a command like:
sudo apt-get install libpcap0.8-dev
If your system does not have libpcap available, you can install it from source from:
http://www.tcpdump.org.
Once you have libpcap, compiling vncspy is simple. Just type:
make
It should create the vncspy program. Let me know if you need help.
Installing as a demon
---------------------
The vncspyd file is a script that can be be executed at boot time to enable logging VNC keystrokes
to /var/log/vncspy. To enable it, first copy it to /etc/init.d, and copy vncspy to /sbin:
su
cp vncspy /sbin
cp vncspyd /etc/init.d
cd /etc/init.d
On Debian/Ubuntu, enable it with:
update-rc.d vncspyd defaults
On Fedora/RedHat, enable it with:
chkconfig --add vncspyd
Note that if you have more than one network card, you can edit vncspyd to pick a specific one.
Author
------
Bill Cox
bill@billrocks.org
I copied most of this code from the Internet, and now can't remeber who I copied from!
Thanks, whoever you are!
