search

citronneur / rdpy

Remote Desktop Protocol in Twisted Python
GNU General Public License v3.0
1.69k stars 546 forks source link

rdpy.core.error.InvalidSize in rdp-rdpclient.py #14

Closed adepasquale closed 9 years ago

adepasquale commented 9 years ago

I'm connecting to a test VM, when I use rdesktop is all fine but with rdpy-rdpclient here's what I got. I tried removing some options, changing width&height, but no luck. :-(

% rdpy-rdpclient.py -u username -p password -w 800 -l 600 -r test.rss 192.168.1.102
INFO : keyboard layout set to en
ERROR : Error during read <class 'rdpy.protocol.rdp.gcc.ServerCoreData'>::clientRequestedProtocol
ERROR : Error during read <class 'rdpy.protocol.rdp.gcc.DataBlock'>::dataBlock
ERROR : Error during read <class 'rdpy.protocol.rdp.gcc.Settings'>::settings
Unhandled Error
Traceback (most recent call last):
  File "/usr/lib64/python2.7/site-packages/twisted/python/log.py", line 88, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib64/python2.7/site-packages/twisted/python/log.py", line 73, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib64/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib64/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext
    return func(*args,**kw)
--- <exception caught here> ---
  File "/usr/lib64/python2.7/site-packages/qtreactor/qt4base.py", line 100, in _read
    data = w.doRead()
  File "/usr/lib64/python2.7/site-packages/twisted/internet/tcp.py", line 214, in doRead
    return self._dataReceived(data)
  File "/usr/lib64/python2.7/site-packages/twisted/internet/tcp.py", line 220, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "/usr/lib64/python2.7/site-packages/rdpy/core/layer.py", line 209, in dataReceived
    self.recv(expectedData)
  File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/tpkt.py", line 195, in readData
    self._presentation.recv(data)
  File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/x224.py", line 147, in recvData
    self._presentation.recv(data)
  File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/mcs.py", line 372, in recvConnectResponse
    self._serverSettings = gcc.readConferenceCreateResponse(data)
  File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/gcc.py", line 581, in readConferenceCreateResponse
    s.readType(serverSettings)
  File "/usr/lib64/python2.7/site-packages/rdpy/core/type.py", line 894, in readType
    value.read(self)
  File "/usr/lib64/python2.7/site-packages/rdpy/core/type.py", line 97, in read
    self.__read__(s)
  File "/usr/lib64/python2.7/site-packages/rdpy/core/type.py", line 477, in __read__
    raise e
rdpy.core.error.InvalidSize: Impossible to read type <class 'rdpy.protocol.rdp.gcc.ServerCoreData'> : read length is too small
citronneur commented 9 years ago

fix in last commit on hotfix branch can you test it? Else you can modify this file /usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/gcc.py line 271: class ServerCoreData(CompositeType): """ @summary: Server side core settings structure @see: http://msdn.microsoft.com/en-us/library/cc240517.aspx """ TYPE = MessageType.SC_CORE

def __init__(self, readLen = None):
    CompositeType.__init__(self, readLen = readLen)
    self.rdpVersion = UInt32Le(Version.RDP_VERSION_5_PLUS)
    self.clientRequestedProtocol = UInt32Le(optional = True)
    self.earlyCapabilityFlags = UInt32Le(optional = True)

Sorry but RDP have a lot of implementation, all differents. Thanks to test it.

citronneur commented 9 years ago

Sorry but this fix is not enough. You really need to checkout the hotfix branch. Sorry. Sylvain

adepasquale commented 9 years ago

No problem. I checked out that branch, but here's what I'm getting now. Should I open a new issue or continue on this one?

P.S. I'm using an old WinXP SP3, should I try with Win7 maybe?

% rdpy-rdpclient.py -u username -p password -w 800 -l 600 -r test.rss 192.168.1.102
INFO : keyboard layout set to en
WARNING : cannot verify server identity
ERROR : Error during read <class 'rdpy.protocol.rdp.lic.LicenseBinaryBlob'>::wBlobType
ERROR : Error during read <class 'rdpy.protocol.rdp.lic.LicensingErrorMessage'>::blob
ERROR : Error during read <class 'rdpy.protocol.rdp.lic.LicPacket'>::licensingMessage
Unhandled Error
Traceback (most recent call last):
  File "5.0.0-py2.7-linux-x86_64.egg/twisted/python/log.py", line 88, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "venv/lib/python2.7/site-packages/Twisted-15.0.0-py2.7-linux-x86_64.egg/twisted/python/log.py", line 73, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "venv/lib/python2.7/site-packages/Twisted-15.0.0-py2.7-linux-x86_64.egg/twisted/python/context.py", line 118, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "venv/lib/python2.7/site-packages/Twisted-15.0.0-py2.7-linux-x86_64.egg/twisted/python/context.py", line 81, in callWithContext
    return func(*args,**kw)
--- <exception caught here> ---
  File "venv/lib/python2.7/site-packages/qt4reactor-1.6-py2.7.egg/qtreactor/qt4base.py", line 100, in _read
    data = w.doRead()
  File "venv/lib/python2.7/site-packages/Twisted-15.0.0-py2.7-linux-x86_64.egg/twisted/internet/tcp.py", line 215, in doRead
    return self._dataReceived(data)
  File "venv/lib/python2.7/site-packages/Twisted-15.0.0-py2.7-linux-x86_64.egg/twisted/internet/tcp.py", line 221, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "build/bdist.linux-x86_64/egg/rdpy/core/layer.py", line 209, in dataReceived

  File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/tpkt.py", line 195, in readData

  File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/x224.py", line 147, in recvData

  File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/mcs.py", line 243, in recvData

  File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/sec.py", line 583, in recvLicenceInfo

  File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/lic.py", line 274, in recv

  File "build/bdist.linux-x86_64/egg/rdpy/core/type.py", line 897, in readType

  File "build/bdist.linux-x86_64/egg/rdpy/core/type.py", line 97, in read

  File "build/bdist.linux-x86_64/egg/rdpy/core/type.py", line 477, in __read__

rdpy.core.error.InvalidExpectedDataException: <class 'rdpy.core.type.UInt16Le'> const value expected 4 != 39616
citronneur commented 9 years ago

I think win 7 works but this bug is very interesting!

citronneur commented 9 years ago

Ok i fix in last commit plus a side effect on heneypot. Now all is ok for me. Microsoft was not clear when it use MUST keyword on spec: ex : this field MUST equal to 4 ( a,nd in real life of xp sp3 may be a random value ;-) )

All is ok for me i'm waiting your go and release the 1.2.2 version.

adepasquale commented 9 years ago

Fix confirmed, thanks! Now rdp-rdpclient.py works with both Win7 and WinXP.

javiermarcon commented 8 years ago

I have the same error running rdpy-rdpclient.py on an Ubuntu 14.04, having intalled todya the hotfix branch of rdpy and triying to connect to a Virtualbox vm. Connecting with rdesktop to same vm works ok.

javier@javier-System-Product-Name:~/proyectos/securework/resources_testing$ rdpy-rdpclient.py 127.0.0.1:5001 /usr/lib/python2.7/dist-packages/pkg_resources.py:1031: UserWarning: /home/javier/.python-eggs is writable by group/others and vulnerable to attack when used with get_resource_filename. Consider a more secure location (set with .set_extraction_path or the PYTHON_EGGCACHE environment variable). warnings.warn(msg, UserWarning) [] INFO: keyboard layout set to en Unhandled Error Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 88, in callWithLogger return callWithContext({"system": lp}, func, args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 73, in callWithContext return context.call({ILogContext: newCtx}, func, _args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, _args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext return func(args,*kw) --- --- File "/usr/local/lib/python2.7/dist-packages/qtreactor/qt4base.py", line 100, in _read data = w.doRead() File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 215, in doRead return self._dataReceived(data) File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 221, in _dataReceived rval = self.protocol.dataReceived(data) File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/nla/cssp.py", line 208, in dataReceived

File "build/bdist.linux-x86_64/egg/rdpy/core/layer.py", line 209, in dataReceived

File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/tpkt.py", line 195, in readData

File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/x224.py", line 199, in recvConnectionConfirm

rdpy.core.error.RDPSecurityNegoFail: negotiation failure code 3 [] INFO: due to security nego error back to standard RDP security layer [] WARNING: [_] WARNING: * RDP Security selected [_] WARNING: * [] ERROR: Error during read <class 'rdpy.protocol.rdp.pdu.data.FontMapDataPDU'>::numberEntries [] ERROR: Error during read <class 'rdpy.protocol.rdp.pdu.data.DataPDU'>::pduData [_] ERROR: Error during read <class 'rdpy.protocol.rdp.pdu.data.PDU'>::pduMessage Unhandled Error Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 88, in callWithLogger return callWithContext({"system": lp}, func, args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 73, in callWithContext return context.call({ILogContext: newCtx}, func, _args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, _args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext return func(args,*kw) --- --- File "/usr/local/lib/python2.7/dist-packages/qtreactor/qt4base.py", line 100, in _read data = w.doRead() File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 215, in doRead return self._dataReceived(data) File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 221, in _dataReceived rval = self.protocol.dataReceived(data) File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/nla/cssp.py", line 208, in dataReceived

File "build/bdist.linux-x86_64/egg/rdpy/core/layer.py", line 209, in dataReceived

File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/tpkt.py", line 195, in readData

File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/x224.py", line 148, in recvData

File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/t125/mcs.py", line 243, in recvData

File "build/bdist.linux-x86_64/egg/rdpy/core/layer.py", line 102, in

File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/sec.py", line 470, in recv

File "build/bdist.linux-x86_64/egg/rdpy/protocol/rdp/pdu/layer.py", line 254, in recvServerFontMapPDU

File "build/bdist.linux-x86_64/egg/rdpy/core/type.py", line 897, in readType

File "build/bdist.linux-x86_64/egg/rdpy/core/type.py", line 97, in read

File "build/bdist.linux-x86_64/egg/rdpy/core/type.py", line 477, in read

rdpy.core.error.InvalidSize: Stream is too small to read expected SimpleType [*] INFO: Lost connection : [Failure instance: Traceback (failure with no frames): <class 'rdpy.core.error.InvalidSize'>: Stream is too small to read expected SimpleType ] javier@javier-System-Product-Name:~/proyectos/securework/resources_testing$

To reproduce the steps for testing: 1) create a vm on virtualbox. 2) On virtualbox select vm, select screen -> remote screen -> enable server and change port to 5001 3) start vm 4) run rdpy-rdpclient.py 127.0.0.1:5001

Thanks,

Javier.