BUG Fix: VNC, better handling of RFB 3.3

[Mauriceter]

Description

Fix for issue: #942, when error on connection is not about security types not being supported, it tries RFB 3.3 to check if it is a VNC service and the security types used.

I also updated the printed host info to indicate if security type 1 (no password) is supported.

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Deprecation of feature or functionality
• This change requires a documentation update
• This requires a third party update (such as Impacket, Dploot, lsassy, etc)

Setup guide for the review

Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
In particular:

• Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
• Added Feature/Enhancement: Please specify what setup is needed in order to test the changes. E.g. is additional software needed? GPO changes required? Specific registry settings that need to be changed?

Screenshots (if appropriate):

Before:

After:

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

• I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
• I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
• New and existing e2e tests pass locally with my changes
• If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

[NeffIsBack]

Thanks for the bug fix!

Any advice on the setup? Do you know how i can configure a machine to test that PR?

[Mauriceter]

Hi @NeffIsBack, you can easily setup a VNC server with x11vnc (apt install x11vnc)
start a vnc server with x11vnc -forever -rfbversion 3.X
use -nopw for security type 1
use -passwd toto fro security type 2

But:

• -rfbversion 3.X is only for for the server banner, it will still accept other versions and I haven't found a way to only support 3.3 for example (which was the goal of this PR...)
• When testing with x11vnc, I also noticed an other bug, nxc hangs indefinitely if secure type 1 and rfb3.8 is supported. I am not sure if it is related to the lib used or to x11vnc. (x11vnc -forever -rfbversion 3.X -nopw and nxc vnc $IPVNC)

So going forward, what could be done is:

1. Find the cause of the indefinite hanging, but may be time consuming and may require a PR to the lib used for VNC
2. Handle the first connection for RFB 3.8 as I did for RFB 3.3 and only use the lib if : RFB 3.8 and secure type 2. That way it would be possible to check if secure type 1 is supported for RFB 3.3 and 3.8. It would be the easiest but nxc would loose the capability to screenshot for RFB 3.8 and secure type 1 (which currently not working due to the bug)

There are probably other obvious possibilities that I missed, but let me know what are your thoughts on this. :)

[NeffIsBack]

Thanks for the explanation! I'll take a deeper look at this soon so i can comment on it properly.