AdrianVollmer
commented
6 years ago You're not missing anything. If you (or rather the victim) would use the host name instead of the IP address to connect, you wouldn't notice a difference.
I realize that Windows does not warn about the name mismatch if you connect to the genuine host even if you use the IP address to connect. Not sure why, as the certificates are for sure identical (up to the public key). I'll have to investigate. It would be nice to have it behave exactly the same even when IP addresses are used.
djhohnstein
Hey there, recently tested the script in a lab between two unpatched Windows 10 boxes. Here's the setup:
Seth Server at 192.168.234.141 RDP Server at 192.168.234.128 Connecting Victim at 192.168.234.130
Without Seth running, the certificate warning should look as follows:
However, when I run Seth by:
root@kali:~/Seth# ./seth.sh eth0 192.168.234.141 192.168.234.130 192.168.234.128Then connect from the victim machine again, I see the following certificate error presented by Seth's fake cert:
Is there something that I'm missing in running this script, or something that's changed in Windows 10?