Open bontchev opened 4 years ago
I am also getting the error reported as item 5:
INFO: Connection from <ip>:1885
Unhandled Error
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 103, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 243, in doRead
return self._dataReceived(data)
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 249, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/core/layer.py", line 209, in dataReceived
self.recv(expectedData)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/tpkt.py", line 195, in readData
self._presentation.recv(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/x224.py", line 148, in recvData
self._presentation.recv(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/t125/mcs.py", line 542, in recvErectDomainRequest
raise InvalidExpectedDataException("Invalid MCS PDU : ERECT_DOMAIN_REQUEST expected")
rdpy.core.error.InvalidExpectedDataException: Invalid MCS PDU : ERECT_DOMAIN_REQUEST expected
I understand that some malformed traffic will be sent as a byproduct of port scanning/etc. but wanted to echo that this is in multiple environments. If anticipated, can we have a try/except
that catches and prints that it is malformed (with detail?)
Downgrade Twisted to 19.2.1, I was seeing these errors only in newer versions. Seems they changed something in newer versions and @citronneur does not appear to be active so upgrading probably won't be happening.
OK i will check soon. I'm working on the python 3 version.
Oh, man, nice to hear back from you!
I've started making an RDP honeypot of my own, based on this library. I'd like it to be able to run in Python3 too, so I and another guy have started porting the library. Man what a pain in the butt... We're nowhere near ready yet, but if you would like to take a look (maybe it would save you some time?), give me some e-mail address (could be a throw-away one) to which to send the invite. The repo is on GitLab and it isn't public yet.
Hi,
I also get the same error when scanning RDPY honeypot with nmap script.
The nmap command:
nmap -sC rdp-enum-encryption.nse 127.0.0.1
The error message :
Unhandled Error Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 103, in callWithLogger return callWithContext({"system": lp}, func, *args, kw) File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 86, in callWithContext return context.call({ILogContext: newCtx}, func, *args, *kw) File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 122, in callWithContext return self.currentContext().callWithContext(ctx, func, args, kw) File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 85, in callWithContext return func(*args,**kw) ---
--- File "/usr/local/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 597, in _doReadOrWrite why = selectable.doRead() File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 208, in doRead return self._dataReceived(data) File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 214, in _dataReceived rval = self.protocol.dataReceived(data) File "/usr/local/lib/python2.7/dist-packages/rdpy/core/layer.py", line 209, in dataReceived self.recv(expectedData) File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/tpkt.py", line 186, in readFastPath self._fastPathListener.recvFastPath(self._secFlag, data) File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/sec.py", line 510, in recvFastPath self._fastPathPresentation.recvFastPath(secFlag, fastPathS) exceptions.TypeError: recvFastPath() takes exactly 2 arguments (3 given)
I've tried to downgrade twisted to 19.2.1 , which @hackdefendr advised before. But it didn't works either. I know you are working on Python 3 version, so I just wonder if you have time to fix this.
@citronneur are there any news regarding a "new" python 3 version? I stumbled upon this project in search for a RDP honeypot for a school project, however I get the same error as some guys in here as soon as I start a RDP session to the honeypot.
[*] ERROR: Error during read <class 'rdpy.core.rss.UpdateEvent'>::data
[*] ERROR: Error during read <class 'rdpy.core.rss.Event'>::event
Unhandled Error
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 103, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/local/lib/python2.7/dist-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 243, in doRead
return self._dataReceived(data)
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 249, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/core/layer.py", line 209, in dataReceived
self.recv(expectedData)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/tpkt.py", line 195, in readData
self._presentation.recv(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/x224.py", line 148, in recvData
self._presentation.recv(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/t125/mcs.py", line 243, in recvData
self._channels[channelId].recv(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/core/layer.py", line 102, in <lambda>
callback = lambda x:self.__class__.recv(self, x)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/sec.py", line 470, in recv
self._presentation.recv(data)
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/pdu/layer.py", line 504, in recvClientFontListPDU
self._listener.onReady()
File "/usr/local/lib/python2.7/dist-packages/rdpy/protocol/rdp/rdp.py", line 480, in onReady
observer.onReady()
File "/usr/local/bin/rdpy-rdphoneypot.py", line 68, in onReady
self.start()
File "/usr/local/bin/rdpy-rdphoneypot.py", line 83, in start
self.loopScenario(self._rssFile.nextEvent())
File "/usr/local/bin/rdpy-rdphoneypot.py", line 106, in loopScenario
e = self._rssFile.nextEvent()
File "/usr/local/lib/python2.7/dist-packages/rdpy/core/rss.py", line 282, in nextEvent
self._s.readType(e)
File "/usr/local/lib/python2.7/dist-packages/rdpy/core/type.py", line 897, in readType
value.read(self)
File "/usr/local/lib/python2.7/dist-packages/rdpy/core/type.py", line 97, in read
self.__read__(s)
File "/usr/local/lib/python2.7/dist-packages/rdpy/core/type.py", line 477, in __read__
raise e
rdpy.core.error.InvalidSize: Impossible to read type <class 'rdpy.core.rss.UpdateEvent'> : read length is too small
Hello, I am having same issue. Any news on a fix or python 3 port?
I tried setting up an RDP honeypot using
rdpy-rdphoneypot.py
but it was an utter failure becauserdpy-rdphoneypot.py
is broken in multiple ways, essentially making it unusable.1) When connecting to the honeypot manually with a Windows 7 RDP client, it sort of works, in the sense that I am shown the recorded session. However, I am never asked for a password and no password is recorded in the log. Somebody has asked how to fix this problem in issue #93 but never got a reply.
2) When actual attackers connect to the honeypot, it seems that the RDP protocol is not quite compatible with theirs. As a result, the honeypot logs only the connection but no username, password, etc.:
3) Occasionally the honeypot crashes with the following error:
Issue #25 suggests that this happens when the attacking tool Hydra is used because of some kind of protocol incompatibility. Any chance of this problem being solved?
4) Occasionally the honeypot crashes with the following error:
Somebody has asked what it means in issue #66 but never got a reply.
5) Occasionally the honeypot crashes with the following error:
I have no idea what that means but it's probably again some kind of protocol incompatibility with some attacking tool.
Is there any chance of these problems ever getting fixed or should I give up on the idea of using this tool as an RDP honeypot?