search

SySS-Research / Seth

Perform a MitM attack and extract clear text credentials from RDP connections
MIT License
1.39k stars 324 forks source link

SSLError #3

Closed n1841175 closed 7 years ago

n1841175 commented 7 years ago

After "connection received" and "downgrading authentication";

[*] Spoofing arp replies...
[*] Turning on IP forwarding...
[*] Set iptables rules for SYN packets...
[*] Waiting for a SYN packet to the original destination...
[+] Got it! Original destination is 192.168.2.106
[*] Clone the x509 certificate of the original destination...
[*] Adjust the iptables rule for all packets...
[*] Run RDP proxy...
Waiting for connection
Connection received from 192.168.2.111
Downgrading authentication options from 11 to 3
Enable SSL
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:2090)
Waiting for connection
|
AdrianVollmer commented 7 years ago

Thanks for your help!

I can't reproduce this with any of the Windows test machines I have available. What is the version of the RDP host and the client?

Please pull again and run seth.sh again with -d at the end (and install the right hexdump module). What's the output then?

n1841175 commented 7 years ago

WS2008R2 and still same output.

o-o-x commented 7 years ago

same here

AdrianVollmer commented 7 years ago

I'm afraid I can't solve this without the debug output. I decided to use hexlify if hexdump is not available. It's not pretty but I can work with it.

Also, I changed the way the debug flag is set in seth.sh.

Please pull again, run SETH_DEBUG=1 ./seth.sh eth0 .... and post the ouput. Use something like pastebin if it is too large.

Also, you could try to change the downgrade level by running SETH_DEBUG=1 SETH_DOWNGRADE=1 ./seth.sh eth0 ....

armin884 commented 7 years ago

Got the same Error SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:2178) I tried the script under different OS (debian/ubuntu/windows) same error.. Under which linux distro / python version / open-ssl version are you running script? I attached debug log from error...

Waiting for connection
Connection received from XXX.XXX.XXX.XXX
From client:
00000000: 03 00 00 2F 2A E0 00 00  00 00 00 43 6F 6F 6B 69  .../*......Cooki
00000010: 65 3A 20 6D 73 74 73 68  61 73 68 3D 41 64 6D 69  e: mstshash=Admi
00000020: 6E 69 73 74 72 0D 0A 01  00 08 00 0B 00 00 00     nistr..........
Downgrading authentication options from 11 to 3
From client: (modified)
00000000: 03 00 00 2F 2A E0 00 00  00 00 00 43 6F 6F 6B 69  .../*......Cooki
00000010: 65 3A 20 6D 73 74 73 68  61 73 68 3D 41 64 6D 69  e: mstshash=Admi
00000020: 6E 69 73 74 72 0D 0A 01  00 08 00 03 00 00 00     nistr..........
From server:
00000000: 03 00 00 13 0E D0 00 00  12 34 00 02 09 08 00 02  .........4......
00000010: 00 00 00                                          ...
Enable SSL
From client:
00000000: 30 37 A0 03 02 01 03 A1  30 30 2E 30 2C A0 2A 04  07......00.0,.*.
00000010: 28 4E 54 4C 4D 53 53 50  00 01 00 00 00 B7 82 08  (NTLMSSP........
00000020: E2 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
00000030: 00 0A 00 5A 29 00 00 00  0F                       ...Z)....
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:2178)
AdrianVollmer commented 7 years ago

Thanks!

My info is:

$ python3 --version
Python 3.5.2+
$ openssl version
OpenSSL 1.0.2h  3 May 2016
$ uname -a
Linux kali 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux

My RDP server is a Windows Server 2012 R2. I'm working on setting up an 2008R2 server to test this.

AdrianVollmer commented 7 years ago

I'm able to reproduce the problem, but I don't understand it yet. It works if the RDP host is newer.

armin884 commented 7 years ago

I tried different client/server variations. I attached different client/server tests with debug logs maybe that helps you...

Client: Windows 10 (10.0.10586) (32 Bit) Server: Windows 2012 R2 / Windows 2016 (Preview) - (Without NLA) (x64) Proxy mode: -g 0 or -g 1

Client: Windows 10 (10.0.10586) (32 Bit) Server: Windows 2012 R2 / Windows 2016 (Preview) - (With NLA enabled) (x64) Proxy mode: -g 0 or -g 1

Client: Windows 10 (10.0.10586) (32 Bit) Server: Windows 2012 R2 / Windows 2016 (Preview) - (With/Without NLA enabled) (x64) Proxy mode: -g 3

Debug Log Windows 2016 -> https://pastebin.com/97ExCLnW Debug Log Windows 2012 R2 -> https://pastebin.com/FcbFtLsk

Debug Log -> https://pastebin.com/X1kgfxF2

Client: Windows 7 SP1 (6.1.7601) (32 Bit) Server: Windows 2012 R2 / Windows 2016 (Preview) - (Without NLA) (x64) Proxy mode: -g 3

Debug Log -> https://pastebin.com/gp7xMDsn

Client: Windows 7 SP1 (6.1.7601) (32 Bit) Server: Windows 2012 R2 / Windows 2016 (Preview) - (With NLA enabled) (x64) Proxy mode: -g 3

Debug Log -> https://pastebin.com/QtihZwku

AdrianVollmer commented 7 years ago

That's great, I appreciate the work you put in. I'm on it, but time is scarce ;) stay tuned

AdrianVollmer commented 7 years ago

I figured out the problem. I tried to connect with openssl s_client to the RDP service on Windows 7 and got the internal error as soon as data was transmitted. When forcing the cipher to RC4-SHA, it worked. There seems to be an issue when connecting to Windows 7 with OpenSSL using an AES cipher.

Please try again with the latest commit and report back. (This is solely regarding the problem with a Win7/Win2012 host and a newer client.)

armin884 commented 7 years ago

Thanks for your work, but seems when the server has NLA enabled still nothing working. Did you test it with a standalone server which has NLA enabled (no domain controller) ? This is the error from client (windows 10) when server has NLA enabled: NLA Error I used a tool to check the protocols https://labs.mwrinfosecurity.com/assets/BlogFiles/rdp-check-ciphers.zip

ENCRYPTION PROTOCOLS
Supported:
CredSSP

Unsupported:
SSL
Native RDP

Received error messages
HYBRID_REQUIRED_BY_SERVER

Server Windows 10 10 10.0.14393 Certificate TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384: Debug Log (Windows 10 Client 10.0.10586 rdp 10.0) (Server Windows 10 10.0.14393 + NLA) (Login: admin / admin123456) -> https://pastebin.com/pGPMxemG Hash cracking with jtr not working... Debug Log (Windows 7 Client 6.3.9600 rdp 8.1) (Server Windows 10 10.0.14393 + NLA) (Login: admin / admin123456) -> https://pastebin.com/A9RNLEKx Hash cracking with jtr also working...

Server 2008 R2 6.1.7601 Certificate TLSv1 + AES128-SHA: Debug Log (Client Windows 7 / 10) -> https://pastebin.com/SWbUEEK4 Hash cracking with jtr works...

Server Windows 2012 R2 6.3.9600 TLSv1.2 + ECDHE-RSA-AES256-SHA384: Debug Log (Client Windows 7 / 10 Login: Administrator / admin-123456) -> https://pastebin.com/Ar8Lb8pK Hash cracking with jtr not working...

Also when i get TLS alert internal error received, trying RC4-SHA the client hangs, he has to interrupt but when the client connects again its working.... Debug Log (Windows 7 / 10 Client) (Server Windows 2008 R2 6.1.7601 NO NLA Certificate TLSv1 + AES128-SHA) -> https://pastebin.com/K8S6Mz36 Hash cracking with jtr works...

Also most time i get TLS alert access denied, Downgrading CredSSP and after that client disconnects, maybe the client gets always wrong username/password error...

AdrianVollmer commented 7 years ago

This is great information, but we need to make separate issues for this.

As I said, here I was focusing on the SSLError, I didn't expect the other issues to be solved.

Also, in my test lab, all servers had NLA enabled (but not enforced).

AdrianVollmer commented 7 years ago

I consider this fixed by 2e35a2aa