AdrianVollmer
commented
5 years ago This is a duplicate of #29, no? It shouldn't occur in the current version
Closed ospf10 closed 4 years ago
AdrianVollmer
commented
5 years ago This is a duplicate of #29, no? It shouldn't occur in the current version
ospf10
commented
5 years ago Yes. Same thing. I was hoping it was fixed, but it appears the issue still lingers.
Thanks
On Thu, Mar 7, 2019, 2:27 AM Adrian Vollmer notifications@github.com wrote:
This is a duplicate of #29 https://github.com/SySS-Research/Seth/issues/29, no? It shouldn't occur in the current version
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/SySS-Research/Seth/issues/33#issuecomment-470416422, or mute the thread https://github.com/notifications/unsubscribe-auth/AM1YUyTP5sf-Qz0DBusqjyiyEvort9imks5vUL9OgaJpZM4bh3Ts .
AdrianVollmer
commented
5 years ago Can you try again with this commit?
ospf10
commented
5 years ago Still doing the same thing. This time, I'm trying to this on my home lab. So easy setup. Just my kali box, a test box running RDP (windows 7) and a victim Windows 7). that's it. Getting "Connection lost (file descriptor cannot be a negative integer (-1))" error.
ospf10
commented
5 years ago i SOOOOOO much want this to work. However, I still get the same error....
[] Spoofing arp replies... [] Turning on IP forwarding... [] Set iptables rules for SYN packets... [] Waiting for a SYN packet to the original destination... [+] Got it! Original destination is 10.0.0.101 [] Clone the x509 certificate of the original destination... unable to load certificate 140463085323328:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE [!] Failed to clone certificate, create bogus self-signed certificate... [] Adjust the iptables rule for all packets... [*] Run RDP proxy... Listening for new connection Connection received from 10.0.0.210:43361 Warning: RC4 not available on client, attack might not work Downgrading authentication options from 11 to 3 Listening for new connection Enable SSL Connection lost Connection lost (file descriptor cannot be a negative integer (-1)) Connection lost (file descriptor cannot be a negative integer (-1)) Connection lost (file descriptor cannot be a negative integer (-1)) Connection lost (file descriptor cannot be a negative integer (-1)) Connection lost (file descriptor cannot be a negative integer (-1))
AdrianVollmer
commented
4 years ago Good news! I was finally able to reproduce this. Unsurprisingly, this is a reoccurring issue which I first encountered two years ago: https://bugs.python.org/issue31453
This has finally hit Kali Linux, which is why you are all now experiencing this. On recent systems, openssl can only use TLS1.2 or newer by default. This is incompatible with old SSL implementations, such as the one used by windows 7. As far as I know, there is no way to force TLS1.0 from within python. You have to change the openssl config on your system.
tl;dr:
Make sure that the line MinProtocol = TLSv1.0 is contained in /etc/ssl/openssl.cnf. This one-liner should work on Kali (and may or may not work on other systems):
$ sed -i 's/TLSv1.2/TLSv1.0/' /etc/ssl/openssl.cnf
tfriesen
commented
4 years ago Hey Adrian
Good to hear that there's a workaround. Any plan to implement a fix using the functionality from https://github.com/python/cpython/commit/4c842b09209ccf1b4f853106b1f58bb888da02ef ?
AdrianVollmer
commented
4 years ago That would make sense, right? Since it appears that my bug report triggered this patch.
However, I don't seem to be able to override the system setting with the python bindings. At least this doesn't work:
#!/usr/bin/env python3
import ssl, socket
hostname = '10.40.1.8'
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
context.minimum_version = ssl.TLSVersion.TLSv1
with socket.create_connection((hostname, 3389)) as sock:
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
print(ssock.version())
ssock.send(b'foo')
Adrian, I get this error after a connection has been created: (This is off of a Kali box)
[] Spoofing arp replies... [] Turning on IP forwarding... [] Set iptables rules for SYN packets... [] Waiting for a SYN packet to the original destination... [+] Got it! Original destination is 10.5.190.84 [] Clone the x509 certificate of the original destination... unable to load certificate 140399066473536:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE [!] Failed to clone certificate, create bogus self-signed certificate... [] Adjust the iptables rule for all packets... [*] Run RDP proxy... Listening for new connection Connection received from 10.5.6.69:18437 Warning: RC4 not available on client, attack might not work Listening for new connection Enable SSL Connection lost Exception in thread Thread-1: Traceback (most recent call last): File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner self.run() File "/opt/Seth/seth/main.py", line 54, in run self.forward_data() File "/opt/Seth/seth/main.py", line 170, in forwarddata readable, , _ = select.select([self.lsock, self.rsock], [], []) ValueError: file descriptor cannot be a negative integer (-1)
Connection received from 10.5.6.69:18563 Warning: RC4 not available on client, attack might not work Listening for new connection Enable SSL Connection lost Exception in thread Thread-2: Traceback (most recent call last): File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner self.run() File "/opt/Seth/seth/main.py", line 54, in run self.forward_data() File "/opt/Seth/seth/main.py", line 170, in forwarddata readable, , _ = select.select([self.lsock, self.rsock], [], []) ValueError: file descriptor cannot be a negative integer (-1)