Re: msf > use auxiliary/scanner/vnc/vnc_login

[Eric Schultz <fire0088 () gmail com>]

ToddAndMargo,

Error messages (or a lack of error messages) can vary depending on the
module used as each module is indivigually programmed. when you have
questions about a particular module, you should check out the online
documentation. The information page for the module you're asking about
is located here:
http://www.offensive-security.com/metasploit-unleashed/Scanner_VNC_Auxiliary_Modules

Notice the third dark-grey text box down from the top. This is a
sample of a typical run of the module (what you can expect to see on
your screen). Notice at the bottom, there is a message that says:

[*] Scanned 11 of 11 hosts (100% complete)
[*] Auxiliary module execution

Do you receive this message? This signifies that the module has
completed. If you do not see that message, your module is encountering
hangups or errors.
If valid credentials are discovered, the module does not make a shell
or establish a VNC connection. You can notice, based on the path for
the module, that the module is considered a "scanner." If valid
credentials are discovered they will appear as a green [+] symbols as
depicted in the grey text box from the link above.

If you want to know more about the metasploit module, feel free to
view the module's source code. On Kali, it can be located here:
/usr/share/metasploit-framework/modules/auxiliary/scanner/vnc

Good Luck.

On Thu, Oct 31, 2013 at 1:47 PM, ToddAndMargo <ToddAndMargo () zoho com> wrote:
> > > On Oct 31, 2013 1:34 PM, "ToddAndMargo" <ToddAndMargo () zoho com
> > >
> > > <mailto:ToddAndMargo () zoho com>> wrote:
> > >
> > >     Hi All,
> > >
> > >     I decided to test Metasploit against an open VNC
> > >     server, following the following directions:
> > >
> > >     https://www.rapid7.com/db/__modules/auxiliary/scanner/vnc/__vnc_login
> > > <https://www.rapid7.com/db/modules/auxiliary/scanner/vnc/vnc_login>
> > >
> > >
> > >     After entering at the msf prompt:
> > >         use auxiliary/scanner/vnc/vnc___login
> > >
> > >
> > >     I never get my prompt back.
> > >
> > >     According to the directions, I should
> > >     be able to enter:
> > >           msf auxiliary(vnc_login) > show actions
> > >
> > >     What am I missing?
> > >
> > >     Many thanks,
> > >     -T
>
> On 10/31/2013 09:17 AM, Ivan Carlos wrote:
> > This server is vulnerable against this exploit?
> >
> > Ivan Carlos
> > CISO, Consultant
> > +55 (11) 98112-0666
> > www.icarlos.net <http://www.icarlos.net>
>
> Hi Ivan,
>
>   I think I understand.  If the vnc server rejects the
> exploit, you never get the "msf" prompt back because
> it never proceeded far enough with the exploit.
>
>   So, this is good news?  Be nice if you got some
> feedback as to trying and not working.
>
> -T
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------