void service_vnc(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { int run = 1, next_run, sock = -1; int myport = PORT_VNC, mysslport = PORT_VNC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while(1) { switch(run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { fprintf(stderr, "Error: Child with pid %d terminating, can not connect\n", (int)getpid()); hydra_child_exit(); } buf = hydra_receive_line(sock); if (buf == NULL) { /* check the first line */ fprintf(stderr,"Error: Not an VNC protocol or service shutdown: %s\n", buf); hydra_child_exit(); exit(-1); } hydra_send(sock, buf, strlen(buf), 0); free(buf); buf = hydra_receive_line(sock); if (buf == NULL) { /* check the first line */ fprintf(stderr,"Error: Not an VNC protocol or service shutdown: %s\n", buf); hydra_child_exit(); exit(-1); } next_run = 2; switch(buf[3]) { case 0: fprintf(stderr,"Error: VNC server told us to quit\n"); hydra_child_exit(); exit(-1); case 1: fprintf(fp, "VNC server does not require authentication.\n"); printf("VNC server does not require authentication.\n"); hydra_child_exit(); exit(-1); case 2: break; default: fprintf(stderr,"Error: unknown VNC authentication type\n"); hydra_child_exit(); exit(-1); } free(buf); break; case 2: /* run the cracking function */ next_run = start_vnc(sock, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(); return; default: fprintf(stderr,"Caught unknown return code, exiting!\n"); hydra_child_exit(); exit(-1); } run = next_run; } }
void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { int run = 1, next_run = 1, sock = -1; int myport = PORT_VNC, mysslport = PORT_VNC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; sock = hydra_connect_tcp(ip, myport); port = myport; } else { if (port != 0) mysslport = port; sock = hydra_connect_ssl(ip, mysslport); port = mysslport; } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); hydra_child_exit(1); } usleep(300000); buf = hydra_receive_line(sock); if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } if (strstr(buf, " security failures") != NULL) { /* check the first line */ /* VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts. The IP address is initially blocked for ten seconds, but this doubles for each unsuccessful attempt thereafter. A successful connection from an IP address resets the blacklist timeout. This is built in to VNC Server and does not rely on operating system support. */ failed_auth++; hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n"); sleep(12 * failed_auth); free(buf); next_run = 1; break; } if (verbose) hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { //using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8 vnc_client_version = RFB37; free(buf); buf = strdup("RFB 003.007\n"); } else { //for RFB 3.3 and fake 3.5 vnc_client_version = RFB33; free(buf); buf = strdup("RFB 003.003\n"); } hydra_send(sock, buf, strlen(buf), 0); next_run = 2; break; case 2: /* run the cracking function */ next_run = start_vnc(sock, ip, port, options, miscptr, fp); break; case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } }