Please tell me ur talking about oofki?Quote:
Originally Posted by Nokia
Printable View
Please tell me ur talking about oofki?Quote:
Originally Posted by Nokia
no it doesn't have to be dictionary attack.........if u know any other kind of attack against remote vnc........please share with usQuote:
Originally Posted by Nokia
thanks
Wow Nokia... Listen to what I am saying.
Im asking if he just wants to setup hydra and dictonary attack his own vnc as a POC. OR if he is doing it just to recover the password and he is open to any means.
yes I'm open to any means I picked Hydra because it supports lots of protocols and it has worked for me before when bruteforcing FTP and telnet.Quote:
Originally Posted by oofki
So I'm thinking that oofki meant "learning experience" since PoC stands for Proof of Concept (not Point of Concept) (as Nokia pointed out)
Anyways... I'm guessing that oofki was going to point out the RealVNC password bypass from back in May if this was "legit"...
That being said... I don't know how brute forcing could ever be used for learning... or really even for justifiable password recovery (at least in this day and age)... the only legit use would be perhaps writing your own brute force to see if you fully understand the protocol...
Well, I suppose learning how to use a tools such as Hydra, Brutus, John etc could be considered a worthwhile reason to use use them. There are still plenty of elements around that would justify the use of a password cracker - that being said I personally don't consider VNC one of these elements.
I'm just amused that oofki thinks launching a dictionary attack against a VNC server is PoC - makes me laugh everytime I read it.
It funny the way skidies throw around the words 'Proof of Concept' without actually understanding what a PoC exploit/attack actually is.....10 posts later and he still doesn't get it...
Maybe people should stop needlessly abbreviating things. It kind of makes everyone look really idiotic. Um.. and I especially wouldn't have a huge hissy fit about it or its context.Quote:
without actually understanding what a PoC exploit/attack actually is
A rule of thumb I have always found useful is that if you don't understand the acronym, then don't use it or involve yourself in conversations about it....and if you don't like acronyms then it's best not to work in IT....
I though POC was proof of concept, but what do I know.
Is it only me that thinks this request isn't as innocent as it looks.
Steve
That is what it stands for and thats the point of the term people can release code to exploit software and claim it to be for educational purposes only...