mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
3e4cd2466e
fscan/Plugins/services/vnc/exploiter.go
ZacharyZcR 3e4cd2466e feat: 实现完整的VNC插件支持 
- 新增VNC远程桌面协议检测和利用插件
- 实现RFB协议连接器支持版本识别和认证
- 支持无认证访问检测和弱密码暴力破解
- 添加VNC服务风险评估和信息收集功能
- 支持标准VNC端口范围(5900-5909)
- 在插件注册系统中集成VNC服务扫描

功能特性: 服务识别、安全检测、利用验证、风险评估
2025-08-12 12:08:30 +08:00

155 lines
3.9 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package vnc
import (
"context"
"fmt"
"github.com/shadow1ng/fscan/common"
"github.com/shadow1ng/fscan/common/i18n"
"github.com/shadow1ng/fscan/plugins/base"
)
// VNCExploiter VNC利用器
type VNCExploiter struct {
connector *VNCConnector
}
// NewVNCExploiter 创建VNC利用器
func NewVNCExploiter() *VNCExploiter {
return &VNCExploiter{
connector: NewVNCConnector(),
}
}
// Exploit 执行VNC利用
func (e *VNCExploiter) Exploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 尝试连接VNC服务
conn, err := e.connector.Connect(ctx, info)
if err != nil {
return &base.ExploitResult{
Success: false,
Error: fmt.Errorf("VNC连接失败: %v", err),
}, nil
}
// 尝试认证
authErr := e.connector.Authenticate(ctx, conn, creds)
if authErr != nil {
return &base.ExploitResult{
Success: false,
Error: authErr,
}, nil
}
// 认证成功,收集信息
connectionInfo := conn.(map[string]interface{})
version := connectionInfo["version"].(string)
exploitData := map[string]interface{}{
"service": "VNC",
"target": target,
"version": version,
"credentials": map[string]string{
"username": creds.Username,
"password": creds.Password,
},
"access_type": e.getAccessType(creds),
"description": "VNC远程桌面访问",
}
// 尝试获取更多信息
e.gatherVNCInfo(ctx, info, exploitData)
common.LogSuccess(i18n.GetText("exploit_success", "VNC", target))
return &base.ExploitResult{
Success: true,
Output: fmt.Sprintf("VNC利用成功 - %s", target),
Data: exploitData,
}, nil
}
// IsExploitSupported 检查是否支持指定的利用类型
func (e *VNCExploiter) IsExploitSupported(exploitType base.ExploitType) bool {
switch exploitType {
case base.ExploitDataExtraction:
return true
case base.ExploitUnauthorized:
return true
default:
return false
}
}
// getAccessType 获取访问类型描述
func (e *VNCExploiter) getAccessType(creds *base.Credential) string {
if creds.Password == "" {
return "无认证访问"
}
return "密码认证访问"
}
// gatherVNCInfo 收集VNC相关信息
func (e *VNCExploiter) gatherVNCInfo(ctx context.Context, info *common.HostInfo, data map[string]interface{}) {
// 添加端口信息
if portNum := info.Ports; portNum != "" {
data["port"] = portNum
// VNC端口通常对应显示器编号
if len(portNum) >= 4 && portNum[:2] == "59" {
if displayNum := portNum[2:]; len(displayNum) >= 2 {
data["display_number"] = displayNum
data["display_info"] = fmt.Sprintf("VNC显示器 :%s", displayNum)
}
}
}
// 添加安全信息
data["security_info"] = map[string]interface{}{
"encryption_support": "取决于VNC版本",
"authentication_types": []string{"None", "VNC Authentication", "RA2", "RA2ne", "Tight", "ARD"},
"common_vulnerabilities": []string{
"弱密码",
"无认证访问",
"未加密传输",
"DES加密漏洞",
},
}
// 添加建议的后续操作
data["next_steps"] = []string{
"尝试连接VNC客户端进行远程控制",
"检查VNC服务配置",
"查看可用的安全设置",
"评估网络流量加密状态",
}
// 添加风险评估
risk := "中等"
if data["access_type"] == "无认证访问" {
risk = "高"
}
data["risk_level"] = risk
}
// GetSupportedExploits 获取支持的利用类型
func (e *VNCExploiter) GetSupportedExploits() []base.ExploitType {
return []base.ExploitType{
base.ExploitDataExtraction,
base.ExploitUnauthorized,
}
}
// GetExploitDescription 获取利用描述
func (e *VNCExploiter) GetExploitDescription(exploitType base.ExploitType) string {
switch exploitType {
case base.ExploitDataExtraction:
return "收集VNC服务信息包括版本、认证类型等"
case base.ExploitUnauthorized:
return "尝试无认证访问或弱密码攻击VNC服务"
default:
return "未知的利用类型"
}
}
Reference in New Issue View Git Blame Copy Permalink