From 30df4194147e3832596eef4debf84c548ed12329 Mon Sep 17 00:00:00 2001 From: Signum21 Date: Thu, 5 Sep 2024 12:57:14 +0200 Subject: [PATCH] Added option to target multiple computers in rdp_check.py --- examples/rdp_check.py | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/examples/rdp_check.py b/examples/rdp_check.py index 417de92330..ffd85b2f74 100755 --- a/examples/rdp_check.py +++ b/examples/rdp_check.py @@ -25,7 +25,7 @@ from struct import pack, unpack from impacket.examples import logger -from impacket.examples.utils import parse_target +from impacket.examples.utils import parse_target, parse_credentials from impacket.structure import Structure from impacket.spnego import GSSAPI, ASN1_SEQUENCE, ASN1_OCTET_STRING, asn1decode, asn1encode @@ -384,7 +384,13 @@ def check_rdp(host, username, password, domain, hashes = None): tpkt['TPDU'] = tpdu.getData() s = socket.socket() - s.connect((host,3389)) + + try: + s.connect((host,3389)) + except Exception as err: + logging.error(f"{host}: {err}") + return + s.sendall(tpkt.getData()) pkt = s.recv(8192) tpkt.fromString(pkt) @@ -393,7 +399,7 @@ def check_rdp(host, username, password, domain, hashes = None): if cr_tpdu['Type'] == TYPE_RDP_NEG_FAILURE: rdp_failure = RDP_NEG_FAILURE(tpdu['VariablePart']) rdp_failure.dump() - logging.error("Server doesn't support PROTOCOL_HYBRID, hence we can't use CredSSP to check credentials") + logging.error(f"{host}: Server doesn't support PROTOCOL_HYBRID, hence we can't use CredSSP to check credentials") return else: rdp_neg.fromString(tpdu['VariablePart']) @@ -492,9 +498,9 @@ def check_rdp(host, username, password, domain, hashes = None): buff = tls.recv(1024) except Exception as err: if str(err).find("denied") > 0: - logging.error("Access Denied") + logging.error(f"{host}: Access Denied") else: - logging.error(err) + logging.error(f"{host}: {err}") return # 4. After the server receives the public key in step 3, it first verifies that @@ -544,7 +550,7 @@ def check_rdp(host, username, password, domain, hashes = None): ts_request['authInfo'] = signature.getData() + cripted_creds tls.send(ts_request.getData()) tls.close() - logging.info("Access Granted") + logging.info(f"{host}: Access Granted") # Init the example's logger theme logger.init() @@ -554,6 +560,7 @@ def check_rdp(host, username, password, domain, hashes = None): "host using the RDP protocol.") parser.add_argument('target', action='store', help='[[domain/]username[:password]@]') + parser.add_argument('-t', '--targets', type=argparse.FileType("r"), help='File with targets separated by newlines') group = parser.add_argument_group('authentication') @@ -564,7 +571,10 @@ def check_rdp(host, username, password, domain, hashes = None): options = parser.parse_args() - domain, username, password, address = parse_target(options.target) + if not options.targets: + domain, username, password, address = parse_target(options.target) + else: + domain, username, password = parse_credentials(options.target) if domain is None: domain = '' @@ -573,4 +583,10 @@ def check_rdp(host, username, password, domain, hashes = None): from getpass import getpass password = getpass("Password:") - check_rdp(address, username, password, domain, options.hashes) + if not options.targets: + check_rdp(address, username, password, domain, options.hashes) + else: + targets = options.targets.read().splitlines() + + for t in targets: + check_rdp(t, username, password, domain, options.hashes)