search

SySS-Research / Seth

Perform a MitM attack and extract clear text credentials from RDP connections
MIT License
1.38k stars 325 forks source link

Not using RC4-SHA because of SSL Error: ('No cipher can be selected.',) #26

Open DAWIDOW23 opened 5 years ago

DAWIDOW23 commented 5 years ago

root@kali:~/soft/Seth-master# SETH_DEBUG=1 ./seth.sh wlan1 192.168.1.{2,4,3} ███████╗███████╗████████╗██╗ ██╗ ██╔════╝██╔════╝╚══██╔══╝██║ ██║ by Adrian Vollmer ███████╗█████╗ ██║ ███████║ seth@vollmer.syss.de ╚════██║██╔══╝ ██║ ██╔══██║ SySS GmbH, 2017 ███████║███████╗ ██║ ██║ ██║ https://www.syss.de ╚══════╝╚══════╝ ╚═╝ ╚═╝ ╚═╝ [] Spoofing arp replies... [] Turning on IP forwarding... [] Set iptables rules for SYN packets... [] Waiting for a SYN packet to the original destination... [+] Got it! Original destination is 192.168.1.3 [] Clone the x509 certificate of the original destination... [] Adjust the iptables rule for all packets... [] Run RDP proxy... Listening for new connection Connection received from 192.168.1.4:50100 From client: 00000000: 03 00 00 13 0E E0 00 00 00 00 00 01 00 08 00 03 ................ 00000010: 00 00 00 ... Listening for new connection From server: 00000000: 03 00 00 13 0E D0 00 00 12 34 00 02 01 08 00 02 .........4...... 00000010: 00 00 00 ... Enable SSL Not using RC4-SHA because of SSL Error: ('No cipher can be selected.',) From client: 00000000: 30 37 A0 03 02 01 02 A1 30 30 2E 30 2C A0 2A 04 07......00.0,.. 00000010: 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 B7 82 08 (NTLMSSP........ 00000020: E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000030: 00 06 01 B1 1D 00 00 00 0F ......... TLS alert internal error received, make sure to use RC4-SHA

root@kali:~/soft/Seth-master# sslscan 192.168.1.3:3389 Version: 1.11.11-static OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 192.168.1.3

Testing SSL server 192.168.1.3 on port 3389 using SNI name 192.168.1.3

TLS Fallback SCSV: Server does not support TLS Fallback SCSV

TLS renegotiation: Secure session renegotiation supported

TLS Compression: Compression disabled

Heartbleed: TLS 1.2 not vulnerable to heartbleed TLS 1.1 not vulnerable to heartbleed TLS 1.0 not vulnerable to heartbleed

Supported Server Cipher(s): Preferred TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 Accepted TLSv1.0 128 bits RC4-MD5

SSL Certificate: Signature Algorithm: sha1WithRSAEncryption RSA Key Strength: 2048

Subject: Net-PC2 Issuer: Net-PC2

Not valid before: Sep 29 17:07:54 2018 GMT Not valid after: Mar 31 17:07:54 2019 GMT

AdrianVollmer commented 5 years ago

For completeness: what's the output of openssl ciphers? Also, what Linux distribution are you using?

I suspect your openssl does not support RC4 anymore. That may be a bit of a problem for this tool...

DAWIDOW23 commented 5 years ago

At first I was on a clean KALI LINU x64. Out of the box was installed opensl 1.1.1h - erred old version error client. I installed openssl 1.0.0; 1.1.1; and other . Version error has disappeared. and described above.

I have no opportunity to test.

lovebair2022 commented 5 years ago

I have meet a same problem.

███████╗███████╗████████╗██╗ ██╗ ██╔════╝██╔════╝╚══██╔══╝██║ ██║ by Adrian Vollmer ███████╗█████╗ ██║ ███████║ seth@vollmer.syss.de ╚════██║██╔══╝ ██║ ██╔══██║ SySS GmbH, 2017 ███████║███████╗ ██║ ██║ ██║ https://www.syss.de ╚══════╝╚══════╝ ╚═╝ ╚═╝ ╚═╝ [] Spoofing arp replies... [] Turning on IP forwarding... [] Set iptables rules for SYN packets... [] Waiting for a SYN packet to the original destination... [+] Got it! Original destination is 192.168.43.33 [] Clone the x509 certificate of the original destination... [] Adjust the iptables rule for all packets... [*] Run RDP proxy... Listening for new connection Connection received from 192.168.43.254:3525 Downgrading authentication options from 11 to 3 Listening for new connection Enable SSL Not using RC4-SHA because of SSL Error: ('No cipher can be selected.',) TLS alert internal error received, make sure to use RC4-SHA Connection received from 192.168.43.254:3528 Downgrading authentication options from 11 to 3 Listening for new connection Enable SSL Not using RC4-SHA because of SSL Error: ('No cipher can be selected.',) TLS alert internal error received, make sure to use RC4-SHA

zprytka commented 5 years ago

In my case says: Warning: RC4 not avaiable on client. Attack might not work. Everything works perfect except can't see what the victim is typing.

boh97 commented 5 years ago

I meet this problem too.

marksteward commented 4 years ago

The client has stopped sending RC4-SHA in its ClientHello.