module

ThinVNC Directory Traversal

Disclosed	Created
Oct 16, 2019	Oct 24, 2019

Disclosed

Oct 16, 2019

Created

Oct 24, 2019

Description

This module exploits a directory traversal vulnerability in ThinVNC
versions 1.0b1 and prior which allows unauthenticated users to retrieve
arbitrary files, including the ThinVNC configuration file.

This module has been tested successfully on ThinVNC versions 1.0b1
and "ThinVNC_Latest" (2018-12-07).

Authors

jinxbox
WarMarX
bcoles [email protected]

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use auxiliary/scanner/http/thinvnc_traversal
    msf auxiliary(thinvnc_traversal) > show actions
        ...actions...
    msf auxiliary(thinvnc_traversal) > set ACTION < action-name >
    msf auxiliary(thinvnc_traversal) > show options
        ...show and set options...
    msf auxiliary(thinvnc_traversal) > run

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today