October 18th, 2007, 07:35 AM
Please tell me ur talking about oofki?
Originally Posted by Nokia
October 19th, 2007, 10:55 PM
no it doesn't have to be dictionary attack.........if u know any other kind of attack against remote vnc........please share with us
Originally Posted by Nokia
October 19th, 2007, 11:06 PM
Wow Nokia... Listen to what I am saying.
Im asking if he just wants to setup hydra and dictonary attack his own vnc as a POC. OR if he is doing it just to recover the password and he is open to any means.
October 20th, 2007, 12:41 AM
yes I'm open to any means I picked Hydra because it supports lots of protocols and it has worked for me before when bruteforcing FTP and telnet.
Originally Posted by oofki
October 25th, 2007, 05:29 AM
So I'm thinking that oofki meant "learning experience" since PoC stands for Proof of Concept (not Point of Concept) (as Nokia pointed out)
Anyways... I'm guessing that oofki was going to point out the RealVNC password bypass from back in May if this was "legit"...
That being said... I don't know how brute forcing could ever be used for learning... or really even for justifiable password recovery (at least in this day and age)... the only legit use would be perhaps writing your own brute force to see if you fully understand the protocol...
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
November 3rd, 2007, 05:37 PM
Well, I suppose learning how to use a tools such as Hydra, Brutus, John etc could be considered a worthwhile reason to use use them. There are still plenty of elements around that would justify the use of a password cracker - that being said I personally don't consider VNC one of these elements.
I'm just amused that oofki thinks launching a dictionary attack against a VNC server is PoC - makes me laugh everytime I read it.
It funny the way skidies throw around the words 'Proof of Concept' without actually understanding what a PoC exploit/attack actually is.....10 posts later and he still doesn't get it...
November 3rd, 2007, 06:44 PM
Maybe people should stop needlessly abbreviating things. It kind of makes everyone look really idiotic. Um.. and I especially wouldn't have a huge hissy fit about it or its context.
without actually understanding what a PoC
exploit/attack actually is
November 4th, 2007, 01:12 AM
A rule of thumb I have always found useful is that if you don't understand the acronym, then don't use it or involve yourself in conversations about it....and if you don't like acronyms then it's best not to work in IT....
November 4th, 2007, 01:07 AM
I though POC was proof of concept, but what do I know.
Is it only me that thinks this request isn't as innocent as it looks.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
November 5th, 2007, 02:41 AM
That is what it stands for and thats the point of the term people can release code to exploit software and claim it to be for educational purposes only...
By acdspit00 in forum Operating Systems
Last Post: March 15th, 2006, 04:53 PM
By tampabay420 in forum Newbie Security Questions
Last Post: January 31st, 2003, 07:59 PM