Security Basics mailing list archives

Re: msf > use auxiliary/scanner/vnc/vnc_login

From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Fri, 01 Nov 2013 14:30:08 -0700

On 11/01/2013 01:38 PM, Eric Schultz wrote:

The module is not an exploit.


I got the "exploit" from "Metasploit". I read somewhere
in the documentation that Metasploit tries to break in
and install some harmless code to prove a point.

Of course, each module will be different.

Its a scanner for valid
username/passwords. The hopeful out put will look like this:

[+] 192.168.1.203:5900, VNC server password : "s3cr3t"

If you do not see that message, and you are returned to the msfconole
prompt (msf auxiliary(vnc_login) >), then no valid credentials were
discovered.


Never returned to the console.


If the VNC server is not properly working, perhaps you've locked an
account out, or there was an unrelated event on the server that caused
a change. If there are a bunch of port changes, it sounds like an
administrator


That would be me and I didn't change anything.

made some changes, as the tool is not responsible for
the opening/closing of ports.


Next test, I going to log in with Go To Assist Express, as well as Open
VPN so I can see what is happening on the target.

My advice to you would be to slow down and read some documentation
before you proceed,


That is what I was doing at
https://www.rapid7.com/db/__modules/auxiliary/scanner/vnc/__vnc_login
I read something; I try something.

as it seems you dont even know the epected output
of the module. Please ask if you're still confused about anything.


The reason why I went after VNC was that I have it open.  Everything
else is closed (except Open VPN).

Thank you for the help.

-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 01)
- RE: msf > use auxiliary/scanner/vnc/vnc_login Ben Ten (Nov 01)
  - Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 04)
- Re: msf > use auxiliary/scanner/vnc/vnc_login Eric Schultz (Nov 01)
  - Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 03)
    - Message not available
    - Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 03)
    - Message not available
    - Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 04)
- <Possible follow-ups>
- Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 04)
  - Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 04)
  - [Solved] Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 04)
    - Re: [Solved] Re: msf > use auxiliary/scanner/vnc/vnc_login jason m (Nov 05)
- Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 04)
  - Message not available
    - Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 04)
    - Re: msf > use auxiliary/scanner/vnc/vnc_login Eric Schultz (Nov 05)
    - Re: msf > use auxiliary/scanner/vnc/vnc_login ToddAndMargo (Nov 05)