2
ettercap -- dissector VNC -- TCP 5900 5901 5902 5903
4
Copyright (C) 2001 ALoR <alor@users.sourceforge.net>, NaGA <crwm@freemail.it>
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or
9
(at your option) any later version.
11
This program is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with this program; if not, write to the Free Software
18
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20
$Id: ec_dissector_vnc.c,v 1.6 2002/10/01 17:10:14 alor Exp $
23
#include "include/ec_main.h"
25
#include "include/ec_dissector.h"
26
#include "include/ec_inet_structures.h"
30
FUNC_DISSECTOR(Dissector_vnc);
32
// --------------------
35
FUNC_DISSECTOR(Dissector_vnc)
43
if (data_to_ettercap->datalen == 0) return 0; // no data...
45
tcp = (TCP_header *) data;
47
payload = (char *)((int)tcp + tcp->doff * 4);
49
if ( (Dissector_StateMachine_GetStatus(data_to_ettercap, NULL) == 0) && sscanf(payload, "RFB %03d.%03d\n", &major, &minor) )
51
DEBUG_MSG("\tDissector_VNC %d %d", major, minor);
52
Dissector_StateMachine_SetStatus(data_to_ettercap, 1, NULL);
56
if ( (Dissector_StateMachine_GetStatus(data_to_ettercap, NULL) == 1) &&
57
ntohs(tcp->source) >= SERV_PORT && ntohs(tcp->source) <= SERV_PORT+4 ) // this is the challenge from the server
59
snprintf(data_to_ettercap->user, sizeof(data_to_ettercap->user), "On display :%d\n", ntohs(tcp->source)-SERV_PORT);
61
if (!memcmp(payload, "\x00\x00\x00\x01", 4)) // no auth ;)
63
sprintf(data_to_ettercap->pass, "no pass ;)\n");
64
sprintf(data_to_ettercap->type, "VNC");
65
Dissector_StateMachine_SetStatus(data_to_ettercap, 0, NULL); // finished
69
if (!memcmp(payload, "\x00\x00\x00\x02", 4)) // auth required
71
Dissector_StateMachine_SetStatus(data_to_ettercap, 2, NULL);
73
if(data_to_ettercap->datalen == 4) return 0;
77
if (Dissector_StateMachine_GetStatus(data_to_ettercap, NULL) == 2) // Get the challenge
79
sprintf(data_to_ettercap->info, "Server Challenge: ");
81
for (i = 0; i < 16; i++)
82
snprintf(data_to_ettercap->info + (i * 2) + 18, sizeof(data_to_ettercap->info), "%.2x", payload[i]);
84
Dissector_StateMachine_SetStatus(data_to_ettercap, 3, NULL);
88
if (Dissector_StateMachine_GetStatus(data_to_ettercap, NULL) == 3) // this is the client 3DES encripted response
90
sprintf(data_to_ettercap->pass, "\n");
91
sprintf(data_to_ettercap->info, " Client 3DES: ");
92
for (i = 0; i < 16; i++)
93
snprintf(data_to_ettercap->info + (i * 2) + 14, sizeof(data_to_ettercap->info), "%.2x", payload[i]);
95
strcat(data_to_ettercap->info, "\n");
97
sprintf(data_to_ettercap->type, "VNC");
98
Dissector_StateMachine_SetStatus(data_to_ettercap, 0, NULL); // finished
106
// vim:ts=3:expandtab