Closed nikallass closed 5 years ago
Hi nikallass,
Thanks for your PR, much appreciated.
1) I still have the issue in my environment, unfortunately. I could still merge it as long as other people confirm it solves the problem for them too.
BKScan$ git log | head -n 12
commit 77b27fc9697a448224641a56cd64ff840a7c9c43
Author: nikallass <XXX>
Date: Fri Jun 14 13:33:22 2019 +0300
Disabling nla in xfreerdp while connecting without credentials to support not NLA checks.
commit 37754a1d0d20596961956b8325459a0e85f13869
Author: nikallass <XXX>
Date: Fri Jun 14 13:32:57 2019 +0300
Fixed "... failed to open display: ..." issue.
BKScan$ sudo ./bkscan.sh -t 192.168.119.141
[+] Targeting 192.168.119.141:3389...
[+] No credential provided, won't support NLA
[12:36:54:503] [1:1] [ERROR][com.freerdp.client.x11] - failed to open display: :0
[12:36:54:504] [1:1] [ERROR][com.freerdp.client.x11] - Please check that the $DISPLAY environment variable is properly set.
2) I am yet to replicate this issue. Can you show the output before your patch? What Windows version have you used for the server? and what RDP setting? NLA enabled? I am particularly interested in what you have checked as in below:
Also what users have you specified in "Select Users"?
Thanks again for improving BKScan.
My error before patch is the same:
Systeminfo:
I also checked with enabled NLA and disabled NLA. Before patch there was the same issue, and everything is working with patch.
Users:
I think the problem in your environment is not in Windows machine, but in attacker machine where docker service is running. Maybe you need to install
sudo apt-get install xauth #client
or
sudo apt-get install xorg openbox #server
If you need, I also can provide an access to my machine on 3389 port for you to check. PM of course. :)
I have fixed 2) in 55bbb552a571ae287350d5d2e2deefe5f8bae5a7. Thanks.
One thing to note about adding -sec-nla
i.e not supporting NLA on the client side is that we force the client to not support NLA so:
Before adding -sec-nla
, we supported NLA on the client side and:
The only drawback of -sec-nla
is that is means we need to:
Yeah, thats true. Not very good to scan twice. But it is the only way, as I see.
Hey, in your last commit in bkscan.sh you missed:
--user=$USER \
Its important for solving x11 issue .
Just to clarify, the fix you proposed for the DISPLAY/X11 issue didn't work on my environment. Also you confirmed me by DM that it didn't completely worked after your computer went out of hibernation.
So am not going to merge the changes until we confirm it actually works.
This fixed the issue for me. Thanks, @nikallass!
Thanks for confirming chrsjhnsn. I've merged the changes due to multiple people confirming it helped them, even if it does not work with my distrib.
Closing this. Please open another issue if you still have the problem, and detail your environment.
Check latest commit. There are some excessive arguments. https://github.com/nccgroup/BKScan/commit/1b5103ed1bb2e531e47257c601f56b5746462c15
1) Issue with x11:
Fixed with information from here
Working good now:
If you are using ssh to kali where is BKscan so you need to redefine $DISPLAY variable:
export DISPLAY=:1
2) Issue with xfreerdp asking username/password on hosts without NLA
Also added
xfreerdp -sec-nla /u:""
flag so scan now works on hosts without NLA, it is not asking username\password any more.If username\pass not provided, but NLA is enabled on host:
In
--debug
mode it is clear: