signorrayan / RedTeam_toolkit

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
MIT License
552 stars 121 forks source link

rdpbruteforce error #31

Open sephirothac opened 2 years ago

sephirothac commented 2 years ago

Hello,

Again thank you for your help I think that has a problem for the rdpbruteforce here is the log return:

"GET /windows/rdpbruteforce/ HTTP/1.1" 200 3662 Internal Server Error: /windows/rdpbruteforce/ Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view return view_func(request, *args, *kwargs) File "/usr/src/redteam_toolkit/toolkit/views.py", line 238, in rdpbruteforce result = rdpbrute.rdpbrute_script(ip) File "/usr/src/redteam_toolkit/toolkit/scripts/windows/rdpbrute.py", line 15, in rdpbrute_script p = subprocess.run( File "/usr/local/lib/python3.8/subprocess.py", line 493, in run with Popen(popenargs, kwargs) as process: File "/usr/local/lib/python3.8/subprocess.py", line 858, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/local/lib/python3.8/subprocess.py", line 1704, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: '/usr/src/redteam_toolkit/venv/bin/python' "POST /windows/rdpbruteforce/ HTTP/1.1" 500 93785

Thank you for your work.

signorrayan commented 2 years ago

Hello @sephirothac Thanks for this issue. The script structure was for manual configuration and not for the dockerized version. I just updated that. Please pull the project and try that again. Let me know about the result.

Make sure you read the Additional Information Page about toolkit modules

sephirothac commented 2 years ago

Hello signorrayan,

I don't have any error log feedback but on the frontweb it tells me Couldn't find anything! but the ip I'm targeting has an active rdp.

thanks again for your help.

signorrayan commented 2 years ago

I guess It is because of the wordlist. try your wordlist. I explained Here how to replace that in the webapp.

you can enter to the webapp docker container with this command: docker exec -it $(docker ps | grep redteam | cut -d' ' -f 1) /bin/bash

sephirothac commented 2 years ago

Hello signorrayan,

Thank you for your feedback, I'll put back the toolkit_webapp service with a permanent volume.

sephirothac commented 2 years ago

Hello signorrayan,

Here are the changes I made in the docker-compose.yml volumes:

I still have the same problem, however I have modified the username.txt and password.txt files with my ids, but the test gives the same result, I also tried the bruteforce ssh I have the same problem, please can you add much more verbosity in the logs for the bruteforce rdp as well as the ssh.

Thanks a lot

signorrayan commented 2 years ago

ssh

Sometimes, depending on the target, requests may be blocked or failed. There is an issue with the paramiko package, and I will find another solution. maybe you can see the failing log here while trying on SSH: docker-compose logs -f

sephirothac commented 2 years ago

Hello,

thank you for your action, I have updated the code with the following cmd docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser

I restarted from the frontwebl the bruteforce RDP to the target 192.168.x.x/xx the web page refreshes and I have

2022-05-19 03:51:57 START

but since more than 30 mins I have no return it should not take too long considering the size of the username and password files, here is what I have in the docker-compose logs

docker-compose logs -f Attaching to toolkit_webapp, database database | database | PostgreSQL Database directory appears to contain a database; Skipping initialization database | database | 2022-05-18 23:20:05.376 UTC [1] LOG: starting PostgreSQL 13.4 (Debian 13.4-4.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit database | 2022-05-18 23:20:05.377 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432 database | 2022-05-18 23:20:05.377 UTC [1] LOG: listening on IPv6 address "::", port 5432 database | 2022-05-18 23:20:05.388 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" database | 2022-05-18 23:20:05.403 UTC [24] LOG: database system was shut down at 2022-05-18 23:15:46 UTC database | 2022-05-18 23:20:05.436 UTC [1] LOG: database system is ready to accept connections toolkit_webapp | Waiting for postgres... toolkit_webapp | PostgreSQL started toolkit_webapp | Operations to perform: toolkit_webapp | Apply all migrations: admin, auth, contenttypes, sessions, toolkit toolkit_webapp | Running migrations: toolkit_webapp | No migrations to apply. toolkit_webapp | Watching for file changes with StatReloader toolkit_webapp | Performing system checks... toolkit_webapp | toolkit_webapp | System check identified no issues (0 silenced). toolkit_webapp | May 19, 2022 - 03:50:17 toolkit_webapp | Django version 4.0.4, using settings 'RedTeam_toolkit.settings' toolkit_webapp | Starting development server at http://0.0.0.0:4334/ toolkit_webapp | Quit the server with CONTROL-C. toolkit_webapp | [19/May/2022 03:51:04] "GET / HTTP/1.1" 200 4068 toolkit_webapp | [19/May/2022 03:51:04] "GET /static/toolkit/css/base.css HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:04] "GET /static/toolkit/images/sidebar_logo.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:04] "GET /static/toolkit/images/background_hand.jpg HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:08] "GET /login/ HTTP/1.1" 200 4776 toolkit_webapp | [19/May/2022 03:51:08] "GET /static/toolkit/css/dashboard.css HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:13] "POST /login/ HTTP/1.1" 200 4876 toolkit_webapp | [19/May/2022 03:51:27] "POST /login/ HTTP/1.1" 302 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /dashboard/ HTTP/1.1" 200 7924 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/live_host.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/ip_scan.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/dir_scan.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/js/jquery-2.1.0.min.js HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/cve.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/ssh_brute.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/rdp-brute.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/linux.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/microsoft.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/images/webapp.png HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/js/custom.js HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/js/scrollreveal.min.js HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/js/jquery-2.1.0.min.js HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/js/custom.js HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:27] "GET /static/toolkit/js/scrollreveal.min.js HTTP/1.1" 304 0 toolkit_webapp | [19/May/2022 03:51:32] "GET /windows/rdpbruteforce/ HTTP/1.1" 200 3686 toolkit_webapp | [19/May/2022 03:51:32] "GET /static/toolkit/css/sshrdp.css HTTP/1.1" 304 0

sephirothac commented 2 years ago

Hello,

I redid the test for bruteforce ssh everything is working, I had to disable my fail2ban to avoid the bruteforce ssh blocking, thanks for your help.

signorrayan commented 2 years ago

Hi. Sorry for the delay. Have you any other problems with this issue?

sephirothac commented 2 years ago

Hello signorrayan,

the problem is solved for the ssh but still not functional for my case on the RDP, can you leave it open I will do a test this weekend, not too much time with work.

Thanks for your work.