扫描 VNC 的脚本

  老外那里搞得  貌似是扫描空口令的。

#!/usr/bin/perl

use IO::Socket;

if($ARGV[0])
{
  open(IN,"< $ARGV[0]") || die "[-] Can't open $ARGV[0]!\n"; @ips = <IN>; close(IN);

  foreach $ip (@ips)
  {
    chomp($ip);
    if(!fork())
    {
      local $SIG{ALRM} = sub { die("-\n"); };
      alarm(4);
      $socket=IO::Socket::INET->new(  PeerAddr => $ip,PeerPort => 5900, Proto => "tcp", Timeout=>2);
      if($socket)
      {
        $socket->read($protocol, 12 ); 
        $socket->print($protocol);

        $socket->read($NoOfSecTypes, 1 );
        $nost=unpack("H2", $NoOfSecTypes);

        if($nost !='00')
        {
          $socket->read($chal, $nost );
          $resp=pack("H2", '01');
          $socket->print($resp);
          $socket->read( $result, 4 );
          $r=unpack("H8", $result);
          if($r eq "00000000") 
          {
            print("->$ip <<VULN>>\n");
            open (VL, ">> vuln.txt") || die "[-] Can't open vuln.txt!\n";
            print VL "$ip\n";
            close (VL);
          }
        }
      }
      alarm 0;
      exit(0);
    }
    wait;
  }
}