1

I'm trying to get started with PANDA RE, a framework developed by MIT Lincoln Lab for Reverse Engineering. Their website says that beginners should try the tool through docker first. Therefore, I pulled their image and got it to run with the command docker run -p 5900:5900 --rm pandare/panda panda-system-i386. The log says VNC server running on 127.0.0.1:5900.

However, if I use Remmina to connect via VNC, it says "VNC server closed connection."

Any tips on fixing this?

If it helps, docker container ls prints 0.0.0.0:5900->5900/tcp for this container

Moltres
  • 600
  • 4
  • 21
  • The issue may be related to `127.0.0.1:5900`, this indicates that the VNC server is listening for only traffic from inside the container. The sever needs to be listening on `0.0.0.0:5900` for your port forwarding to work – Tarun Lalwani Mar 06 '21 at 10:26
  • Anyway I can confirm that it's listening on `0.0.0.0:5900`? If it helps, `docker container ls` prints `0.0.0.0:5900->5900/tcp` for this container. – Moltres Mar 06 '21 at 10:30
  • 1
    Nope, that is on your system, not inside the container. I would suggest you use `5901` port from outside `docker run -p 5901:5901 --rm pandare/panda panda-system-i386`, do a exec into the container and install `socat` first and then run `socat tcp-listen:5901,reuseaddr,fork tcp:127.0.0.1:5900`, then try and connect on VNC using `127.0.0.1:5901` and see if it works – Tarun Lalwani Mar 06 '21 at 11:04

1 Answers1

2

If you run the --help you will get

The default display is equivalent to
    "-vnc localhost:0,to=99,id=default"

So, in order to get the panda to listen to 0.0.0.0 you will need to run it with

docker run -p 5900:5900 -ti --rm pandare/panda panda-system-i386 -vnc 0.0.0.0:0,to=99,id=default
jordanvrtanoski
  • 5,104
  • 1
  • 20
  • 29