Home page logo
/

basics logo Security Basics mailing list archives

Re: msf > use auxiliary/scanner/vnc/vnc_login
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Fri, 01 Nov 2013 14:30:08 -0700

On 11/01/2013 01:38 PM, Eric Schultz wrote:
The module is not an exploit.

I got the "exploit" from "Metasploit". I read somewhere
in the documentation that Metasploit tries to break in
and install some harmless code to prove a point.

Of course, each module will be different.

Its a scanner for valid
username/passwords. The hopeful out put will look like this:

[+] 192.168.1.203:5900, VNC server password : "s3cr3t"

If you do not see that message, and you are returned to the msfconole
prompt (msf auxiliary(vnc_login) >), then no valid credentials were
discovered.

Never returned to the console.


If the VNC server is not properly working, perhaps you've locked an
account out, or there was an unrelated event on the server that caused
a change. If there are a bunch of port changes, it sounds like an
administrator

That would be me and I didn't change anything.

made some changes, as the tool is not responsible for
the opening/closing of ports.

Next test, I going to log in with Go To Assist Express, as well as Open
VPN so I can see what is happening on the target.

My advice to you would be to slow down and read some documentation
before you proceed,

That is what I was doing at
https://www.rapid7.com/db/__modules/auxiliary/scanner/vnc/__vnc_login
I read something; I try something.

as it seems you dont even know the epected output
of the module. Please ask if you're still confused about anything.

The reason why I went after VNC was that I have it open.  Everything
else is closed (except Open VPN).

Thank you for the help.

-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault