PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` local nmap = require "nmap" local shortport = require "shortport" description = [[ Checks if a VNC server is vulnerable to the RealVNC authentication bypass (CVE-2006-2369). ]] author = "Brandon Enright" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" --- -- @output -- PORT STATE SERVICE VERSION -- 5900/tcp open vnc VNC (protocol 3.8) -- |_realvnc-auth-bypass: Vulnerable categories = {"auth", "default", "safe"} portrule = shortport.port_or_service(5900, "vnc") action = function(host, port) local socket = nmap.new_socket() local result local status = true socket:connect(host, port) status, result = socket:receive_lines(1) if (not status) then socket:close() return end socket:send("RFB 003.008\n") status, result = socket:receive_bytes(2) if (not status or result ~= "\001\002") then socket:close() return end socket:send("\001") status, result = socket:receive_bytes(4) if (not status or result ~= "\000\000\000\000") then socket:close() return end socket:close() return "Vulnerable" end