Land rapid7#5555, @Th3R3p0's support for for RFB Version 4

jvazquez-r7 · jvazquez-r7 · commit 34d5d926469f · 2015-06-19T14:15:04.000-05:00
diff --git a/lib/rex/proto/rfb/client.rb b/lib/rex/proto/rfb/client.rb
@@ -24,7 +24,7 @@ def initialize(sock, opts = {})
     @opts = opts
 
     @banner = nil
-    @majver = MajorVersion
+    @majver = MajorVersions
     @minver = -1
     @auth_types = []
   end
@@ -50,7 +50,7 @@ def handshake
 
     if @banner =~ /RFB ([0-9]{3})\.([0-9]{3})/
       maj = $1.to_i
-      if maj != MajorVersion
+      unless MajorVersions.include?(maj)
         @error = "Invalid major version number: #{maj}"
         return false
       end
@@ -61,7 +61,12 @@ def handshake
 
     @minver = $2.to_i
 
-    our_ver = "RFB %03d.%03d\n" % [MajorVersion, @minver]
+    # Forces version 3 to be used. This adds support  for version 4 servers.
+    # It may be necessary to hardcode minver as well.
+    # TODO: Add support for Version 4.
+    # Version 4 adds additional information to the packet regarding supported
+    # authentication types.
+    our_ver = "RFB %03d.%03d\n" % [3, @minver]
     @sock.put(our_ver)
 
     true
diff --git a/lib/rex/proto/rfb/constants.rb b/lib/rex/proto/rfb/constants.rb
@@ -19,7 +19,7 @@ module RFB
 DefaultPort = 5900
 
 # Version information
-MajorVersion = 3
+MajorVersions = [3, 4]
 # NOTE: We will emulate whatever minor version the server reports.
 
 # Security types
diff --git a/modules/auxiliary/scanner/vnc/vnc_login.rb b/modules/auxiliary/scanner/vnc/vnc_login.rb
@@ -21,7 +21,7 @@ def initialize
       'Description' => %q{
           This module will test a VNC server on a range of machines and
         report successful logins. Currently it supports RFB protocol
-        version 3.3, 3.7, and 3.8 using the VNC challenge response
+        version 3.3, 3.7, 3.8 and 4.001 using the VNC challenge response
         authentication method.
       },
       'Author'      =>
