#!/bin/bashUSER=kangPASSWORD=toorHOST=$1# LICENSED under the terms of the

1. #!/bin/bash
2.  
3. USER=kang
4. PASSWORD=toor
5. HOST=$1
6.  
7. # LICENSED under the terms of the MPLv2 license.
8. # Copyright (c) 2016 Mozilla Corporation
9. # kang@mozilla.com
10. #
11. # What is this abomination you ask?
12. # This is an "expect" script for X11/Xorg that calls the official REALVNC client and attempts to authenticate, and reports the results
13. # This could be made nicer (the script that is), and of course reverse engineering the protocol for SecurityTypes like ARD (30, 35 in RFB-lango) would be much nicer and more efficient
14. # To my knowledge the 30 and 35 SecurityTypes have not been publicly fully reversed (though wireshark has a disector for some of it)
15. # However when theres no time, automating the user interface in X11 works fine
16. # Take this as an example of how to automate the X11 UI, or, well, if you need, as a VNC password checker.
17. # Call it like (after setting the variables in this ugly script):
18. # for i in $(cat listofips.txt); do ./thisscript $1; done | tee results.txt
19. # grep CONNECTION results.txt
20. # that's all folks!
21.  
22. function debug()
23. {
24. echo "D: $*"
25. }
26.  
27. function get_win_name()
28. {
29. local wid name
30. wid=$(xdotool getactivewindow)
31. name=$(xdotool getwindowname $wid)
32. echo $name
33. }
34.  
35. function get_win_handle()
36. {
37. local wid name
38. wid=$(xdotool getactivewindow)
39. name=$(xdotool getwindowname $wid)
40. [[ "$name" == "$1" ]] && echo $wid
41. }
42.  
43. function wait_for_win()
44. {
45. local WINNAME TIMEOUT PID t
46. t=0
47. WINNAME=$1
48. TIMEOUT=$2
49. while true; do
50. n=$(get_win_name)
51. [[ "$n" == "$WINNAME" ]] && {
52. debug "Window found $WINNAME"
53. return 0
54. }
55. debug "Waiting for $WINNAME... current is $n"
56. xdotool sleep 1
57. t=$((t+1))
58. [[ $t -gt $TIMEOUT ]] && {
59. debug "Timed out waiting for window"
60. return 1
61. }
62. done
63. }
64.  
65. function wait_for_win2()
66. {
67. local WINNAME WINNAME2 TIMEOUT PID t
68. t=0
69. WINNAME=$1
70. WINNAME2=$2
71. TIMEOUT=$3
72. while true; do
73. n=$(get_win_name)
74. [[ "$n" == "$WINNAME" ]] && {
75. debug "Window found $WINNAME"
76. return 0
77. }
78. [[ "$n" == "$WINNAME2" ]] && {
79. debug "Window found $WINNAME2"
80. return 0
81. }
82. debug "Waiting for $WINNAME... current is $n"
83. xdotool sleep 1
84. t=$((t+1))
85. [[ $t -gt $TIMEOUT ]] && {
86. debug "Timed out waiting for window"
87. return 1
88. }
89. done
90. }
91.  
92. function wait_for_win_or_death()
93. {
94. local WINNAME TIMEOUT PID t
95. WINNAME=$1
96. TIMEOUT=$2
97. PID=$3
98. t=0
99. while true; do
100. n=$(get_win_name)
101. # Exact name match means we're not connected ;-)
102. [[ "$n" == "VNC Viewer" ]] && {
103. kill $PID
104. return 1
105. }
106. [[ "$n" == *"$WINNAME"* ]] && {
107. echo "+ CONNECTION SUCCESS FOR $HOST $USER $PASSWORD"
108. kill $PID
109. return 0
110. }
111.  
112. kill -0 $PID || {
113. debug "process gone, exiting"
114. return 1
115. }
116.  
117. t=$((t+1))
118. xdotool sleep 1
119. [[ $t -gt $TIMEOUT ]] && {
120. debug "Timeout waiting for $WINNAME or death"
121. return 1
122. }
123. done
124. }
125.  
126. vncviewer HideCloseAlert=1 WarnUnencrypted=0 UserName=${USER} ${HOST} &
127. PID=$!
128. #WID=$(xdotool search --title "VNC Viewer")
129. #xdotool windowfocus --sync $WID
130. wait_for_win "VNC Viewer - Identity check" 1
131. [[ $? -eq 0 ]] && {
132. debug "Identity check bypass"
133. xdotool key Down
134. xdotool sleep 0.1
135. xdotool key Return
136. }
137. wait_for_win2 "VNC Viewer - Authentication" "VNC Viewer - Identity check" 10
138. xdotool type "${PASSWORD}"
139. xdotool sleep 0.1
140. xdotool key Return
141. wait_for_win_or_death "VNC Viewer" 5 $PID
142. exit $?