Security Basics
Re: msf > use auxiliary/scanner/vnc/vnc_login Nov 01 2013 09:30PM
ToddAndMargo (ToddAndMargo zoho com)
On 11/01/2013 01:38 PM, Eric Schultz wrote:
> The module is not an exploit.

I got the "exploit" from "Metasploit". I read somewhere
in the documentation that Metasploit tries to break in
and install some harmless code to prove a point.

Of course, each module will be different.

> Its a scanner for valid
> username/passwords. The hopeful out put will look like this:
>
> [+] 192.168.1.203:5900, VNC server password : "s3cr3t"
>
> If you do not see that message, and you are returned to the msfconole
> prompt (msf auxiliary(vnc_login) >), then no valid credentials were
> discovered.

Never returned to the console.

>
> If the VNC server is not properly working, perhaps you've locked an
> account out, or there was an unrelated event on the server that caused
> a change. If there are a bunch of port changes, it sounds like an
> administrator

That would be me and I didn't change anything.

> made some changes, as the tool is not responsible for
> the opening/closing of ports.

Next test, I going to log in with Go To Assist Express, as well as Open
VPN so I can see what is happening on the target.

> My advice to you would be to slow down and read some documentation
> before you proceed,

That is what I was doing at
https://www.rapid7.com/db/__modules/auxiliary/scanner/vnc/__vnc_login
I read something; I try something.

> as it seems you dont even know the epected output
> of the module. Please ask if you're still confused about anything.

The reason why I went after VNC was that I have it open. Everything
else is closed (except Open VPN).

Thank you for the help.

-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus