Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: bruteforce against vnc...

  1. #11
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    Quote Originally Posted by Nokia
    I think you need to look up the definition of Proof of Concept before you use the term.
    Please tell me ur talking about oofki?

  2. #12
    Member
    Join Date
    Oct 2006
    Posts
    63
    Quote Originally Posted by Nokia
    Im aware of what it means - Maybe my sarcasim isn't too clear -I was trying to say that a dictionary attck againt VNC is in no way POC.
    no it doesn't have to be dictionary attack.........if u know any other kind of attack against remote vnc........please share with us

    thanks

  3. #13
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Wow Nokia... Listen to what I am saying.

    Im asking if he just wants to setup hydra and dictonary attack his own vnc as a POC. OR if he is doing it just to recover the password and he is open to any means.

  4. #14
    Member
    Join Date
    Oct 2006
    Posts
    63
    Quote Originally Posted by oofki
    Wow Nokia... Listen to what I am saying.

    Im asking if he just wants to setup hydra and dictonary attack his own vnc as a POC. OR if he is doing it just to recover the password and he is open to any means.
    yes I'm open to any means I picked Hydra because it supports lots of protocols and it has worked for me before when bruteforcing FTP and telnet.

  5. #15
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    So I'm thinking that oofki meant "learning experience" since PoC stands for Proof of Concept (not Point of Concept) (as Nokia pointed out)

    Anyways... I'm guessing that oofki was going to point out the RealVNC password bypass from back in May if this was "legit"...

    That being said... I don't know how brute forcing could ever be used for learning... or really even for justifiable password recovery (at least in this day and age)... the only legit use would be perhaps writing your own brute force to see if you fully understand the protocol...

  6. #16
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Well, I suppose learning how to use a tools such as Hydra, Brutus, John etc could be considered a worthwhile reason to use use them. There are still plenty of elements around that would justify the use of a password cracker - that being said I personally don't consider VNC one of these elements.

    I'm just amused that oofki thinks launching a dictionary attack against a VNC server is PoC - makes me laugh everytime I read it.

    It funny the way skidies throw around the words 'Proof of Concept' without actually understanding what a PoC exploit/attack actually is.....10 posts later and he still doesn't get it...

  7. #17
    Member Alec Empire's Avatar
    Join Date
    Oct 2007
    Posts
    33
    without actually understanding what a PoC exploit/attack actually is
    Maybe people should stop needlessly abbreviating things. It kind of makes everyone look really idiotic. Um.. and I especially wouldn't have a huge hissy fit about it or its context.

  8. #18
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    A rule of thumb I have always found useful is that if you don't understand the acronym, then don't use it or involve yourself in conversations about it....and if you don't like acronyms then it's best not to work in IT....

  9. #19
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    I though POC was proof of concept, but what do I know.

    Is it only me that thinks this request isn't as innocent as it looks.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  10. #20
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    That is what it stands for and thats the point of the term people can release code to exploit software and claim it to be for educational purposes only...

Similar Threads

  1. Auditor possibly the best security auditing linux distro
    By acdspit00 in forum Operating Systems
    Replies: 5
    Last Post: March 15th, 2006, 04:53 PM
  2. How do hackers...
    By tampabay420 in forum Newbie Security Questions
    Replies: 4
    Last Post: January 31st, 2003, 07:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •