Class: Metasploit::Framework::LoginScanner::VNC

Inherits:

Object

Object
Metasploit::Framework::LoginScanner::VNC

show all

Includes:: Base, RexSocket, Tcp::Client

Defined in:: lib/metasploit/framework/login_scanner/vnc.rb

Overview

This is the LoginScanner class for dealing with the VNC RFB protocol. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

LIKELY_PORTS = CONSTANTS

(5900..5910).to_a

LIKELY_SERVICE_NAMES =

[ 'vnc' ]

PRIVATE_TYPES =

[ :password ]

REALM_KEY =

nil

ULTRA_VNC_RETRY_ERROR = Error indicating retry should occur for UltraVNC

'connection has been rejected'

VNC4_SERVER_RETRY_ERROR = Error indicating retry should occur for VNC 4 Server

'Too many security failures'

RETRY_ERRORS = Known retry errors for all supported versions of VNC

[
    ULTRA_VNC_RETRY_ERROR,
    VNC4_SERVER_RETRY_ERROR
]

Instance Attribute Summary

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result

This method attempts a single login with a single credential against the target.

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#attempt_login(credential) ⇒ `Metasploit::Framework::LoginScanner::Result`

This method attempts a single login with a single credential against the target

Parameters:

credential (Credential) —

The credential object to attempt to login with

Returns:

(Metasploit::Framework::LoginScanner::Result) —

The LoginScanner Result object

# File 'lib/metasploit/framework/login_scanner/vnc.rb', line 39

def attempt_login(credential)
  result_options = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp',
      service_name: 'vnc'
  }

  begin
    # Make our initial socket to the target
    disconnect if self.sock
    connect

    # Create our VNC client overtop of the socket
    vnc = Rex::Proto::RFB::Client.new(sock, :allow_none => false)

    if vnc.handshake
      type = vnc.negotiate_authentication
      if type != Rex::Proto::RFB::AuthType::ARD
        credential.public = nil
      end
      if vnc_auth(vnc,type,credential.public,credential.private)
        result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
      else
        result_options.merge!(
          proof: vnc.error,
          status: Metasploit::Model::Login::Status::INCORRECT
        )
      end
    else
      result_options.merge!(
        proof: vnc.error,
        status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
      )
    end
  rescue ::EOFError, Errno::ENOTCONN, Rex::ConnectionError, ::Timeout::Error => e
    result_options.merge!(
        proof: e.message,
        status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    )
  ensure
    disconnect
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end