Penetration Testing mailing list archives
Re: password cracker for PCAnywhere and VNC (RFB 003.008)
From: jmk <jmk () foofus net>
Date: Fri, 03 Mar 2006 14:13:35 -0600
On Fri, 2006-03-03 at 23:10 +0530, 3 shool wrote:
I recompiled (config,make & install) medusa with --enable-untested option. Now the modules directory is listing the modules for FTP and PCAnywhere. FTP is working very well but PCAnywhere is giving following issue: # medusa -h 192.168.0.28 -u administrator -p 98476swr -e ns -M pcanyhwere
Spelling things correctly usually helps. ;) Try "-M pcanywhere" rather than "-M pcanyhwere".
Joe, can u pls give inputs on how we could use the wrapper module for VNC and PCAnywhere.
The wrapper module doesn't really help you with VNC/PcAnywhere. It's just a way of using Medusa to send/receive authentication data to outside scripts which handle the actual protocol being tested. The main thing I use it for is RDP (M$ Terminal Service) bruting. Building a stand-alone RDP Medusa module would have been a major pain, so I decided to just use rdesktop with the wrapper module instead. If anyone is curious, the following documents a patch to rdesktop to allow brute-forcing: http://www.foofus.net/jmk/rdesktop.html The Medusa pcanywhere module should work for almost all installs of PcAnywhere. I plan release the VNC module with Medusa 1.1 in a few weeks. THC-Hydra does have modules for both of these protocols. However, their PcAnywhere module is somewhat limited and supports only native PCA authentication. The Hydra VNC module may function against old VNC servers, however, my experience has been that it gets confused and doesn't correctly report valid passwords. Also, most VNC servers these days have some anti-brute force functionality built-in. For example, RealVNC enforces a 10 second delay after 5 failed attempts. It doubles that delay after each subsequent attempt. The currently unreleased Medusa VNC module handles this behavior, but actually using a long password list would be painfully slow. Joe -- jmk <jmk () foofus net> Foofus Networks ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Re: password cracker for PCAnywhere and VNC (RFB 003.008), (continued)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) tcpandip (Mar 03)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Christine Kronberg (Mar 06)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) pagvac (Mar 07)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Neil (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Sean M. Krause (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) jmk (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Mark Owen (Mar 03)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 04)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Message not available
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 04)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) jmk (Mar 04)