Nmap Development mailing list archives
ncrack vnc
From: Ryan Hayward <rhhayward () att net>
Date: Tue, 28 Sep 2010 10:41:00 -0500
Attached is a patch for a rough version of a VNC module for ncrack. There are several TODO's remaining, mostly involving error checking.
To get the patch to work, I had to do the following: 1. patch < ncrack_vnc.patch2. since modules/modules.h failed to patch, I added the line 'void ncrack_rdp(nsock_pool nsp, Connection *con);' at the end of the modules list.
3. mv d3des.cc ncrack_vnc.cc modules/ 4. ./configure 5. patch < ncrack_vnc_makefiles.patch6. modules/Makefile didn't patch, so I added 'd3des.cc ncrack_vnc.cc' to the end of the SRCS line and 'd3des.o ncrack_vnc.o' to the end of the OBJS line.
7. make That got me a version that would make, and run. A couple of other notes:1. User doesn't matter, as VNC auth just uses a password. I've been calling it with '--user whatever' just to make it not try a bunch of different users.
2. Currently the patch only adds 5901 to the ncrack-services. I've tested adding 5900, 5901 and 5902 to the ncrack-services, and it works fine. A range would be nice, though.
3. On the tightvncserver version I was testing against, a run-away brute force would lead to many
"vnc://127.0.0.1:5901 Too many authentication failures" messages. I'm currently just doing the following in that case:if (memsearch((const char *)con->inbuf->get_dataptr(), "Too many authentication failures", con->inbuf->get_len())) {
error("%s Too many authentication failures\n", serv->HostInfo()); return ncrack_module_end(nsp, con); }But it seems to me that when the vnc thread receives that, it should suspend for some amount of time before trying that pass again, or trying a different pass. I don't know what that would be, nor was I able to find an example of how to suspend a thread in a polite manner.
Attachment:
ncrack_vnc.patch
Description:
Attachment:
ncrack_vnc_makefiles.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ncrack vnc Ryan Hayward (Sep 28)
- Re: ncrack vnc ithilgore (Sep 29)