PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Handle cases of no tunnels and no auth types for TightVNC

Browse Source
This commit is contained in:
dmiller
2017-03-15 16:19:54 +00:00
parent 772bd8d824
commit 8854d2e33a
1 changed files with 34 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
nselib/vnc.lua
View File

@@ -377,25 +377,34 @@ VNC = {
return false, "Failed to get number of tunnels" return false, "Failed to get number of tunnels"
end end
local pos, ntunnels = bin.unpack(">I", buf) local pos, ntunnels = bin.unpack(">I", buf)
status, buf = self.socket:receive_buf(match.numbytes(16 * ntunnels), true)
if not status then
return false, "Failed to get list of tunnels"
end
pos = 1
local tight = { local tight = {
tunnels = {}, tunnels = {},
types = {} types = {}
} }
for i=1, ntunnels do
local tunnel = {}
pos, tunnel.code, tunnel.vendor, tunnel.signature = bin.unpack(">IA4A8", buf, pos)
tight.tunnels[#tight.tunnels+1] = tunnel
end
if ntunnels > 0 then if ntunnels > 0 then
-- for now, just return the first one. TODO: choose a supported tunnel type status, buf = self.socket:receive_buf(match.numbytes(16 * ntunnels), true)
self.socket:send(bin.pack(">I", tight.tunnels[1].code)) if not status then
return false, "Failed to get list of tunnels"
end
local have_none_tunnel = false
pos = 1
for i=1, ntunnels do
local tunnel = {}
pos, tunnel.code, tunnel.vendor, tunnel.signature = bin.unpack(">IA4A8", buf, pos)
if tunnel.code == 0 then
have_none_tunnel = true
end
tight.tunnels[#tight.tunnels+1] = tunnel
end
if have_none_tunnel then
-- Try the "NOTUNNEL" tunnel, for simplicity, if it's available.
self.socket:send(bin.pack(">I", 0))
else
-- for now, just return the first one. TODO: choose a supported tunnel type
self.socket:send(bin.pack(">I", tight.tunnels[1].code))
end
end end
status, buf = self.socket:receive_buf(match.numbytes(4), true) status, buf = self.socket:receive_buf(match.numbytes(4), true)
@@ -403,16 +412,18 @@ VNC = {
return false, "Failed to get number of Tight auth types" return false, "Failed to get number of Tight auth types"
end end
local pos, nauth = bin.unpack(">I", buf) local pos, nauth = bin.unpack(">I", buf)
status, buf = self.socket:receive_buf(match.numbytes(16 * nauth), true) if nauth > 0 then
if not status then status, buf = self.socket:receive_buf(match.numbytes(16 * nauth), true)
return false, "Failed to get list of Tight auth types" if not status then
end return false, "Failed to get list of Tight auth types"
end
pos = 1 pos = 1
for i=1, nauth do for i=1, nauth do
local auth = {} local auth = {}
pos, auth.code, auth.vendor, auth.signature = bin.unpack(">IA4A8", buf, pos) pos, auth.code, auth.vendor, auth.signature = bin.unpack(">IA4A8", buf, pos)
tight.types[#tight.types+1] = auth tight.types[#tight.types+1] = auth
end
end end
self.tight = tight self.tight = tight