what commands did you use; please post them
thank you
medusa -h 192.168.2.1 -u "" -P /mnt/sdb2/Dic/dictlist -M https
but as i said this module does not exist, and i do not see one viable in /usr/local/lib/medusa/modules
the hydra command i used successfully was
hydra -l "" -P /[dict path] -e ns -vV 192.168.2.1 https-get /
Wow imagine that null user and not http-get, somehow both those details seem familiar.Originally Posted by techemically
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
If you notice I explained the command I originally posted was in error. I was always using null username and the method that I used successfully was not one you suggested. I appreciate any help I can get in these matters as this is a new field for me; but if your infomation was not what lead me to achieve my goal then I fail to see where you find the right to be smug about any of this...
Yup you did.Actually you specifically stated in your first post that this is not the case "I am trying the username admin because none is used"I was always using null username
That would have to be true since I didn't provide a solution, I simply provided details.and the method that I used successfully was not one you suggested.Excellent!I appreciate any help I can get in these matters as this is a new field for me;Your right the fact that you were provided the needed details in various posts on the first day of the thread is I suppose somehow irrelevant when someone spoonfed you an answer on day two or three ... It's not smugness. It's amazement at the fact that people can't put simple details together to come up with solutions. It's not as if anyone refused to help you or provide details. Is it smug to hope that people will draw on provided facts and come to reasonable and useful conclusions?but if your infomation was not what lead me to achieve my goal then I fail to see where you find the right to be smug about any of this...
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Nobody spoonfed me anything, I came across this by testing various attack methods; and after I did I posted my results so others could benefit. I am in this forum to learn; not to be patronized by people with too little in their lives to feel sufficent in their own accomplishments. If you are here to help then your presence is appreciated. If, on the other hand, your purpose is to talk down to those who have spent a fraction of the time on these topics that you have invested so you have the opportunity to feel like you have meaning or substance in life then do me a favor and ignore my posts. Just dont help me! That'll show meThen you can feel all high and mighty all by yourself while I wallow in my ignorance...doesn't that make you feel good...
Well done!I came across this by testing various attack methods; and after I did I posted my results so others could benefit.
As much as people enjoy saying "if you're not going to help me simply don't answer". Things simply don't work that way. For one, the idea that you may not feel that a particular answer or post has helped you, does not invalidate said answer or post. For further discussion on why this simply doesn't work I'll provide the following reference link (which is only one of many, this discussion has come up more than once recently).If, on the other hand, your purpose is to talk down to those who have spent a fraction of the time on these topics that you have invested so you have the opportunity to feel like you have meaning or substance in life then do me a favor and ignore my posts. Just dont help me! That'll show me
http://forums.remote-exploit.org/new...have-idea.html
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
I am not invalidating your answers (as if I had the power to) and I appreciate anyone that takes time out of their day to even best a guess toward something that may stir my thought processes. I appreciate your willingness to respond and your depth of knowledge. What I could do without is the disrespctful fashion in which your responses are delivered. A little sarcasm never hurt anyone and I do not mean to come off thin skinned; but I have only ever posted on this thread and every response I received from you was insulting in nature. I agree my understanding of these things is limited. This is why I am here. You coming off harsh toward people who are doing things they should not (as your signature notes) is totally understandable and justified. I am not one of those individuals and I believe you can understand why being insulted for simply not knowing something would rub me the wrong way. I am young and have a family that I alone support; I do not have a great deal of time to study these things, although I do spend quite a bit of what time I have doing just that. My intention is to become a pentester for the company that employs me currently and the more I can learn the better...also the faster the better.
I have still not found any functional way to run the scan against the belkin router with medusa. Since https-get worked with hydra i tried -M https with medusa; this is not a module and failed. I tried medusa 1.5 and it is not a module there either. Does medusa then not have 443 capacity?
When testing out the VNC method/modules of hydra and medusa against a box I have a VNC server running on I am getting the following results (all fails to crack password and the password is DEFINITELY in the list):
HYDRA RESULTS
hydra -l "" -P /mnt/sdb2/Dic/FULLlist.txt -e ns -vV -t 4 192.168.1.103 vnc
WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
Hydra v5.4 (c) 2006 by van Hauser / THC - use allowed only for legal purposes.
Hydra
starting at 2010-01-07 19:51:48
[DATA] 4 tasks, 1 servers, 47024907 login tries (l:1/p:47024907), ~11756226 tries per task
[DATA] attacking service vnc on port 5900
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target 192.168.1.103 - login "" - pass "" - child 0 - 1 of 47024907
[ATTEMPT] target 192.168.1.103 - login "" - pass "AAA&Colucci" - child 1 - 3 of 47024907
[ATTEMPT] target 192.168.1.103 - login "" - pass "AAA-BBBB" - child 2 - 4 of 47024907
[ATTEMPT] target 192.168.1.103 - login "" - pass "AAA-CHIPSET" - child 3 - 5 of 47024907
Warning: protocol RFB 003.007
is not verified to work. Please report if not.
Warning: protocol RFB 003.007
is not verified to work. Please report if not.
Warning: protocol RFB 003.007
is not verified to work. Please report if not.
Warning: protocol RFB 003.007
is not verified to work. Please report if not.
[ATTEMPT] target 192.168.1.103 - login "" - pass "AAA-CHiPSET" - child 0 - 6 of 47024907
[ATTEMPT] target 192.168.1.103 - login "" - pass "AAA-MACHINE" - child 1 - 7 of 47024907
Error: Not an VNC protocol or service shutdown: (null)
[VERBOSE] Retrying connection for child 0
[ATTEMPT] target 192.168.1.103 - login "" - pass "AAA-CHiPSET" - child 0 - 7 of 47024907
[STATUS] 7.00 tries/min, 7 tries in 00:01h, 47024900 todo in 111964:03h
[VERBOSE] Retrying connection for child 2
[ATTEMPT] target 192.168.1.103 - login "" - pass "AAA-BBBB" - child 2 - 7 of 47024907
[VERBOSE] Writing restore file... done (at this I stopped the scan)
MEDUSA RESULTS:
medusa -h 192.168.1.103 -u "" -P /mnt/sdb2/Dic/FULLlist.txt -v 6 -M vnc
GENERAL: Parallel Hosts: 1 Parallel Logins: 1
GENERAL: Total Hosts: 1
GENERAL: Total Users: 1
GENERAL: Passwords: 47024904
GENERAL: [audit] 1 addresses completed.
GENERAL: Medusa has finished.
medusa stopped by itself after just a few moments with only what is above on screen
Please use the edit button on your posts, instead of making multiple consecutive posts.
Furthermore do not make multiple threads on the same subject.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
my apologies, since this question was about vnc scanning as opposed to router scanning i thought it was considered a different topic
Posting Permissions
