VNCrush is a VNC server fuzzing utility.
8eb9127ad1376a76157468f0e39b8c0356bd8b9858a0403259920b3f5a8af4e3#!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# VNCrush - VNC Server Fuzzer
# How many more elaborate names for fuzzing tools can I come up with? Short answer: the imagination is limitless :)
# Some servers will throw out some of the fuzz strings, some won't ;)
use Net::VNC;
use Getopt::Std;
# FUZZ DATA BEGIN HERE
@overflows = ('A' x 2200, 'A' x 4200, 'A' x 8400, 'A' x 12000, 'A' x 22000, 'A' x 52000, 'A' x 102000, 'A' x 500500,
'A' x 1002000, 'A' x 5005000, 'A' x 12000000, '//AAAA' x 8500, '\\\AAAA' x 8500, '\0x99' x 12000);
@fmtstring = ('%n%n%n%n%n', '%p%p%p%p%p', '%s%s%s%s%s', '%d%d%d%d%d', '%x%x%x%x%x',
'%s%p%x%d', '%.1024d', '%.1025d', '%.2048d', '%.2049d', '%.4096d', '%.4097d',
'%99999999999s', '%08x', '%%20n', '%%20p', '%%20s', '%%20d', '%%20x',
'%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%', '\0xCD' x 50, '\0xCB' x 50);
@numbers = ('0', '-0', '1', '-1', '32767', '-32768', '2147483647', '-2147483647', '2147483648', '-2147483648',
'4294967294', '4294967295', '4294967296', '357913942', '-357913942', '536870912', '-536870912',
'1.79769313486231E+308', '3.39519326559384E-313', '99999999999', '-99999999999', '0x100', '0x1000',
'0x3fffffff', '0x7ffffffe', '0x7fffffff', '0x80000000', '0xffff', '0xfffffffe', '0xfffffff', '0xffffffff',
'0x10000', '0x100000', '0x99999999', '65535', '65536', '65537', '16777215', '16777216', '16777217', '-268435455');
@miscbugs = ('test|touch /tmp/FU_ZZ_ED|test', 'test`touch /tmp/FU_ZZ_ED`test', 'test\'touch /tmp/FU_ZZ_ED\'test',
'test;touch /tmp/FU_ZZ_ED;test', 'test&&touch /tmp/FU_ZZ_ED&&test', 'test|C:/WINDOWS/system32/calc.exe|test',
'test`C:/WINDOWS/system32/calc.exe`test', 'test\'C:/WINDOWS/system32/calc.exe\'test', 'test;C:/WINDOWS/system32/calc.exe;test',
'C:/WINDOWS/system32/calc.exe"', '`/bin/sh`', '%0xa', '%u000');
# FUZZ DATA END HERE
getopts('t:p:', \%opts);
$target = $opts{'t'};
$password = $opts{'p'};
if(!defined($target))
{
print "\n VNCrush - VNC Server Fuzzer";
print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";
print "\n Usage: $0 -t <target> -p <password>\n\n";
exit(0);
}
print "\n VNCrush - VNC Server Fuzzer";
print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";
print "\nFuzzing VNC Server @ $target/$password... GOOD LUCK!\n";
print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/overflow]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }
print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/overflow]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }
print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/overflow]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }
print "\nFuzzing Complete. No faults? Try another server!\n\n";
exit;
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed