void service_vnc(unsigned long int ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) {
int run = 1, next_run, sock = -1;
int myport = PORT_VNC, mysslport = PORT_VNC_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while(1) {
switch(run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
usleep(300000);
if ((options & OPTION_SSL) == 0) {
if (port != 0) myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0) mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
fprintf(stderr, "Error: Child with pid %d terminating, can not connect\n", (int)getpid());
hydra_child_exit();
}
buf = hydra_receive_line(sock);
if (buf == NULL) { /* check the first line */
fprintf(stderr,"Error: Not an VNC protocol or service shutdown: %s\n", buf);
hydra_child_exit();
exit(-1);
}
hydra_send(sock, buf, strlen(buf), 0);
free(buf);
buf = hydra_receive_line(sock);
if (buf == NULL) { /* check the first line */
fprintf(stderr,"Error: Not an VNC protocol or service shutdown: %s\n", buf);
hydra_child_exit();
exit(-1);
}
next_run = 2;
switch(buf[3]) {
case 0:
fprintf(stderr,"Error: VNC server told us to quit\n");
hydra_child_exit();
exit(-1);
case 1:
fprintf(fp, "VNC server does not require authentication.\n");
printf("VNC server does not require authentication.\n");
hydra_child_exit();
exit(-1);
case 2:
break;
default:
fprintf(stderr,"Error: unknown VNC authentication type\n");
hydra_child_exit();
exit(-1);
}
free(buf);
break;
case 2: /* run the cracking function */
next_run = start_vnc(sock, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0) sock = hydra_disconnect(sock);
hydra_child_exit();
return;
default: fprintf(stderr,"Caught unknown return code, exiting!\n");
hydra_child_exit();
exit(-1);
}
run = next_run;
}
}
void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_VNC, mysslport = PORT_VNC_SSL;
hydra_register_socket(sp);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
while (1) {
switch (run) {
case 1: /* connect and service init function */
if (sock >= 0)
sock = hydra_disconnect(sock);
if ((options & OPTION_SSL) == 0) {
if (port != 0)
myport = port;
sock = hydra_connect_tcp(ip, myport);
port = myport;
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
port = mysslport;
}
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid());
hydra_child_exit(1);
}
usleep(300000);
buf = hydra_receive_line(sock);
if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */
hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf);
hydra_child_exit(2);
}
if (strstr(buf, " security failures") != NULL) { /* check the first line */
/*
VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts.
The IP address is initially blocked for ten seconds,
but this doubles for each unsuccessful attempt thereafter.
A successful connection from an IP address resets the blacklist timeout.
This is built in to VNC Server and does not rely on operating system support.
*/
failed_auth++;
hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n");
sleep(12 * failed_auth);
free(buf);
next_run = 1;
break;
}
if (verbose)
hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf);
if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) {
//using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8
vnc_client_version = RFB37;
free(buf);
buf = strdup("RFB 003.007\n");
} else {
//for RFB 3.3 and fake 3.5
vnc_client_version = RFB33;
free(buf);
buf = strdup("RFB 003.003\n");
}
hydra_send(sock, buf, strlen(buf), 0);
next_run = 2;
break;
case 2: /* run the cracking function */
next_run = start_vnc(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(0);
return;
case 4:
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
return;
default:
hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
hydra_child_exit(0);
}
run = next_run;
}
}
