I was launching a remote vnc dictionary attack against one of my machine using hydra GTK, but I keep getting connection problem and haven't been successful so far....are there any other tools that support remote vnc dictionarry attack?
thanks
Printable View
I was launching a remote vnc dictionary attack against one of my machine using hydra GTK, but I keep getting connection problem and haven't been successful so far....are there any other tools that support remote vnc dictionarry attack?
thanks
Depending on the version and type of VNC application you are trying to access, 3 consecutive failed connection attempts will result in a time out and you will have to wait a while while before you can reconnect.
I think it usually is 3 by default. There is something out there to bypass needing a password all together... If you are doing this for POC then that doesnt help but if you want it just PM me.
POC??? A dictionary attack againt VNC .....
POC = point of concept
What is a...point of concept? Are you dazzling us with brilliance or baffling us with BS?
:confused:
I believe he is talking about a binder... that is the VNC exploit that most people try to use, just a buffer overflow
either that or he means proof of concept which is just a flaw tester for VNC... either way
Im aware of what it means - Maybe my sarcasim isn't too clear -I was trying to say that a dictionary attck againt VNC is in no way POC.Quote:
POC = point of concept
Quote:
If you are doing this for POC then that doesnt help but if you want it just PM me.
I was asking if he just needs access to the box via VNC no matter what or if he is doing a dictonary attack just as a POC to maybe test if it is possible to crack his password via a dict. attack.
Basicially its me asking if he is open to alternative methods of getting into the box or if he needs the dict. attack because he is interested in how it works.
I think you need to look up the definition of Proof of Concept before you use the term. A dictionary attack against VNC is not POC.
Please tell me ur talking about oofki?Quote:
Originally Posted by Nokia
no it doesn't have to be dictionary attack.........if u know any other kind of attack against remote vnc........please share with usQuote:
Originally Posted by Nokia
thanks
Wow Nokia... Listen to what I am saying.
Im asking if he just wants to setup hydra and dictonary attack his own vnc as a POC. OR if he is doing it just to recover the password and he is open to any means.
yes I'm open to any means I picked Hydra because it supports lots of protocols and it has worked for me before when bruteforcing FTP and telnet.Quote:
Originally Posted by oofki
So I'm thinking that oofki meant "learning experience" since PoC stands for Proof of Concept (not Point of Concept) (as Nokia pointed out)
Anyways... I'm guessing that oofki was going to point out the RealVNC password bypass from back in May if this was "legit"...
That being said... I don't know how brute forcing could ever be used for learning... or really even for justifiable password recovery (at least in this day and age)... the only legit use would be perhaps writing your own brute force to see if you fully understand the protocol...
Well, I suppose learning how to use a tools such as Hydra, Brutus, John etc could be considered a worthwhile reason to use use them. There are still plenty of elements around that would justify the use of a password cracker - that being said I personally don't consider VNC one of these elements.
I'm just amused that oofki thinks launching a dictionary attack against a VNC server is PoC - makes me laugh everytime I read it.
It funny the way skidies throw around the words 'Proof of Concept' without actually understanding what a PoC exploit/attack actually is.....10 posts later and he still doesn't get it...
Maybe people should stop needlessly abbreviating things. It kind of makes everyone look really idiotic. Um.. and I especially wouldn't have a huge hissy fit about it or its context.Quote:
without actually understanding what a PoC exploit/attack actually is
A rule of thumb I have always found useful is that if you don't understand the acronym, then don't use it or involve yourself in conversations about it....and if you don't like acronyms then it's best not to work in IT....
I though POC was proof of concept, but what do I know.
Is it only me that thinks this request isn't as innocent as it looks.
Steve
That is what it stands for and thats the point of the term people can release code to exploit software and claim it to be for educational purposes only...
You said it stood for point of concept in an earlier post - make your mind up dood.Quote:
That is what it stands for
Not really oofki, like I said:Quote:
the point of the term people can release code to exploit software and claim it to be for educational purposes only
PoC has nothing to do with the code being for educational purposes, malicious purposes or downright illegal purposes. The clue is in the words Proof of ConceptQuote:
if you don't understand the acronym, then don't use it or involve yourself in conversations about it
Loosely speaking if you are proving a concept it means you are tyring to do something that no one has done before, as otherwise the concept would have already been proven. Therefore if I release a program that preforms a VNC dictionary attack I am not proving any concept (other than if my code works but that is using PoC in a different context), as someone has already proven this concept a long time ago.
In very general terms - If I find a flaw that can be exploited in VNC that no one else knows about or has discovered before, that I have could have a PoC exploit. If I then code an app that exploits this bug then I will have released a PoC attack - if 5 years later someone releases a program that does they same thing for educational purposes, then this is not a PoC attack as I would have already proven the concept 5 years previously.
So my original point which went over your head and does not even seem relevant anymore, was that the OP can't release a PoC attack that preforms a dictionary attack against VNC.
Now, now Nokia:Quote:
Originally Posted by Nokia
Don't you know it's Extremely l337 to use acronyms?
My favorites are MGD, THC, LSD, and HCl (for the enemies)
/tangent
I love acronyms
Some of my favs
Lart
Dilligaf
RTFM
MLF
The LART manual page.
Written by Tim Bandy < timn8r[at]risk.cs.umn.edu >
LART(1M) MISC. REFERENCE MANUAL PAGES LART(1M) NAME lart - Luser Attitude Readjustment Tool - use a lart to adjust lusers' attitudes
SYNOPSIS lart [ -use tool ] [ -bBfFgklp ] <lusername>
DESCRIPTION lart adjusts the attitudes of those pesky, clueless people who rely upon their admins for everything from picking their mice off of the floor to turning on their monitors; namely, the luser(8). Running lart with the appropriate arguments will cause the specified luser to run away screaming in agony. Alternatively, you can make the luser buy you a beer, after killing all of their processes.
OPTIONS -use tool Choose your weapon. If this option is not specified, the enviroment variable LART is used. If neither is set, a default value will be used, which is set at compile time
-b Used to increase the size of your lart
-B The BOFH option. Removes a users files and kills all their processes. If used in conjunction with -p this will also cause syslog to make entries proving that <lusername> was the second gunman behind the grassy knoll
-f Only fake luser's attitude readjustment session. Provided primarily for testing purposes. Mutually exclusive with -B
-F fsck <lusername> as a raw device. Note that this option has not been tested, as it is rather difficult to find volunteers
-g Graphic violence. Uses curses to monitor <lusername> during the beating.
-k Kill. A rather permanent option, and as such is not highly recommended. Can only be invoked once per <lusername>
-p See -B
SEE ALSO sysadmin(1), guru(8), luser(8)