search

GoSecure / pyrdp

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
https://www.gosecure.net/blog/2020/10/20/announcing-pyrdp-1/
GNU General Public License v3.0
1.5k stars 242 forks source link

add option to statically configure SSP challenge #418

Closed spameier closed 1 year ago

spameier commented 1 year ago

@obilodeau, is that what you mean in #405? If yes this fixes #405.

spameier commented 1 year ago

Sure thing this cannot work when I overwrite the raw challenge with the PDU and then try to use it later again (It worked before renaming randomChallenge). Now it works:

bin/pyrdp-mitm.py:15: DeprecationWarning: There is no current event loop
  asyncioreactor.install(asyncio.get_event_loop())
[2022-11-16 07:35:45,707] - INFO - GLOBAL - pyrdp.mitm - Target: 192.168.254.12:3389
[2022-11-16 07:35:45,708] - INFO - GLOBAL - pyrdp.mitm - Output directory: /home/user/pyrdp-ssp/pyrdp_output
[2022-11-16 07:35:45,712] - INFO - GLOBAL - pyrdp - MITM Server listening on 0.0.0.0:3389
[2022-11-16 07:35:51,642] - INFO - Emma428026 - pyrdp.mitm.connections.tcp - New client connected from 192.168.254.107:4898
[2022-11-16 07:35:51,646] - INFO - Emma428026 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-16 07:35:51,652] - INFO - Emma428026 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-16 07:35:51,669] - INFO - Emma428026 - pyrdp.mitm.connections.x224 - Server requires CredSSP/NLA and we are not configured to support it. Attempting to capture client's NTLM hashes.
[2022-11-16 07:35:51,687] - INFO - Emma428026 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-16 07:35:51,702] - INFO - Emma428026 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-16 07:35:52,726] - INFO - Emma428026 - pyrdp.mitm.connections.cert - Using cached certificate for pyrdp-server.pyrdp.local
CLIENT_RANDOM 637484cb603ffffd2bb18ed2d7978e675836a6aba355a55120199eb18d59d8ef 5f52c26db3deb6259d9cf90b79d2e082ebb3daa8bd4470aa213d39a69ab4465bd80321c28897199fec03d300fa714bce
[2022-11-16 07:35:55,190] - INFO - Emma428026 - pyrdp.mitm.connections.ntlmssp - [!] NTLMSSP Hash: Administrator::PYRDP-CLIENT:1122334455667788:ab409a03ba70669655136d4272f6c09b:0101000000000000d974f1ad85f9d8019f279d48aca5656d0000000002000a00570049004e004e00540001000a00570049004e004e00540004000a00570049004e004e00540003000a00570049004e004e00540005000a00570049004e004e00540008003000300000000000000000000000002000003ff85b2c9f7f9d79d32a0e2655fb0a431cb6fdd1b225feb60e1cd9253d0c57320a00100000000000000000000000000000000000090034005400450052004d005300520056002f00700079007200640070002d007300650072007600650072002e006c006f00630061006c000000000000000000
[2022-11-16 07:35:55,194] - INFO - Emma428026 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion: Connection lost.
[2022-11-16 07:35:55,195] - INFO - Emma428026 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 3.551517963409424, totalInput: 0, totalOutput: 0, replayFilename: rdp_replay_20221116_07-35-51_639_Emma428026.pyrdp
[2022-11-16 07:35:58,860] - INFO - Peggy600554 - pyrdp.mitm.connections.tcp - New client connected from 192.168.254.107:4899
[2022-11-16 07:35:58,862] - INFO - Peggy600554 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-16 07:35:58,865] - INFO - Peggy600554 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-16 07:35:58,876] - INFO - Peggy600554 - pyrdp.mitm.connections.x224 - Server requires CredSSP/NLA and we are not configured to support it. Attempting to capture client's NTLM hashes.
[2022-11-16 07:35:58,877] - INFO - Peggy600554 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-16 07:35:58,883] - INFO - Peggy600554 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-16 07:35:59,902] - INFO - Peggy600554 - pyrdp.mitm.connections.cert - Using cached certificate for pyrdp-server.pyrdp.local
CLIENT_RANDOM 637484cf90ed6495e2c0aa1d42d9fe3ce03d42f8c95181b2df4b497a9a584aa7 fc16d4f90f2a807ced4357c39c4f1cbe5facb82a84bc65682f0c133fd08c4adbfc3d6a1de982f337fa0ba56f7c38f0e6
[2022-11-16 07:35:59,923] - INFO - Peggy600554 - pyrdp.mitm.connections.ntlmssp - [!] NTLMSSP Hash: Administrator::PYRDP-CLIENT:1122334455667788:fdf2a977cd0d200e165a8f763299a9bf:010100000000000027dcc3b085f9d801688bc78ec2a7128d0000000002000a00570049004e004e00540001000a00570049004e004e00540004000a00570049004e004e00540003000a00570049004e004e00540005000a00570049004e004e00540008003000300000000000000000000000002000003ff85b2c9f7f9d79d32a0e2655fb0a431cb6fdd1b225feb60e1cd9253d0c57320a00100000000000000000000000000000000000090034005400450052004d005300520056002f00700079007200640070002d007300650072007600650072002e006c006f00630061006c000000000000000000
[2022-11-16 07:35:59,927] - INFO - Peggy600554 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion: Connection lost.
[2022-11-16 07:35:59,928] - INFO - Peggy600554 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 1.0668704509735107, totalInput: 0, totalOutput: 0, replayFilename: rdp_replay_20221116_07-35-58_860_Peggy600554.pyrdp
obilodeau commented 1 year ago

Thanks for your contribution!