Do you remember Real VNC Vulnerability ?! in this case An attacker can bypass authentication and allows access to the remote system without requiring knowledge of the VNC password. When Vulnerbility and exploit published in public , i said to myself "this is a good target for Botnet Masters to infect big range of computers" , Real VNC runing on some of The Organization and Sensitive Networks . well, Common one of the Nepenthes project leader (Low Interaction Honeypot) Published a module which Displayed the screen of Microsoft OS desktop for Capture real vnc attacks from fool hackers or malwares. i managed RealVNC vuln on Virtual Machines for capturing real malwares . After one month i saw many attacks in my honeypots . Many attackers try to download malwares from Run menu and then install them on Honeypots Machines. Or others manually open the IE or firefox and download Binary file and runing that and in the end clean Browser History ...or FTP command from CMD on windows machine... But over 80 precent did that from RUN menu .
My honeypots structures and tricks :
VMware and Images of clear OS (XP , NT , 2000 or linux base oS)Installed Vulnerable Version or RealVNC Captured Network Traffics and locate HoneyPots behind the NAT and firewall (DOnt forget to enbale Realvnc incoming ports on firewall or NAT)Take SnapShot in vmware from clear OS
My honeypots structures and tricks :
VMware and Images of clear OS (XP , NT , 2000 or linux base oS)Installed Vulnerable Version or RealVNC Captured Network Traffics and locate HoneyPots behind the NAT and firewall (DOnt forget to enbale Realvnc incoming ports on firewall or NAT)Take SnapShot in vmware from clear OS
But for this time you can not find any interesting activity for RealVNC vuln .Np so its better fo you to wait for the next interesting Vuln !
Screenshot
Screenshot
Resources:
No comments:
Post a Comment