Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added option to target multiple computers in rdp_check.py #1807

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 24 additions & 8 deletions examples/rdp_check.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
from struct import pack, unpack

from impacket.examples import logger
from impacket.examples.utils import parse_target
from impacket.examples.utils import parse_target, parse_credentials
from impacket.structure import Structure
from impacket.spnego import GSSAPI, ASN1_SEQUENCE, ASN1_OCTET_STRING, asn1decode, asn1encode

Expand Down Expand Up @@ -384,7 +384,13 @@ def check_rdp(host, username, password, domain, hashes = None):
tpkt['TPDU'] = tpdu.getData()

s = socket.socket()
s.connect((host,3389))

try:
s.connect((host,3389))
except Exception as err:
logging.error(f"{host}: {err}")
return

s.sendall(tpkt.getData())
pkt = s.recv(8192)
tpkt.fromString(pkt)
Expand All @@ -393,7 +399,7 @@ def check_rdp(host, username, password, domain, hashes = None):
if cr_tpdu['Type'] == TYPE_RDP_NEG_FAILURE:
rdp_failure = RDP_NEG_FAILURE(tpdu['VariablePart'])
rdp_failure.dump()
logging.error("Server doesn't support PROTOCOL_HYBRID, hence we can't use CredSSP to check credentials")
logging.error(f"{host}: Server doesn't support PROTOCOL_HYBRID, hence we can't use CredSSP to check credentials")
return
else:
rdp_neg.fromString(tpdu['VariablePart'])
Expand Down Expand Up @@ -492,9 +498,9 @@ def check_rdp(host, username, password, domain, hashes = None):
buff = tls.recv(1024)
except Exception as err:
if str(err).find("denied") > 0:
logging.error("Access Denied")
logging.error(f"{host}: Access Denied")
else:
logging.error(err)
logging.error(f"{host}: {err}")
return

# 4. After the server receives the public key in step 3, it first verifies that
Expand Down Expand Up @@ -544,7 +550,7 @@ def check_rdp(host, username, password, domain, hashes = None):
ts_request['authInfo'] = signature.getData() + cripted_creds
tls.send(ts_request.getData())
tls.close()
logging.info("Access Granted")
logging.info(f"{host}: Access Granted")

# Init the example's logger theme
logger.init()
Expand All @@ -554,6 +560,7 @@ def check_rdp(host, username, password, domain, hashes = None):
"host using the RDP protocol.")

parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>')
parser.add_argument('-t', '--targets', type=argparse.FileType("r"), help='File with targets separated by newlines')

group = parser.add_argument_group('authentication')

Expand All @@ -564,7 +571,10 @@ def check_rdp(host, username, password, domain, hashes = None):

options = parser.parse_args()

domain, username, password, address = parse_target(options.target)
if not options.targets:
domain, username, password, address = parse_target(options.target)
else:
domain, username, password = parse_credentials(options.target)

if domain is None:
domain = ''
Expand All @@ -573,4 +583,10 @@ def check_rdp(host, username, password, domain, hashes = None):
from getpass import getpass
password = getpass("Password:")

check_rdp(address, username, password, domain, options.hashes)
if not options.targets:
check_rdp(address, username, password, domain, options.hashes)
else:
targets = options.targets.read().splitlines()

for t in targets:
check_rdp(t, username, password, domain, options.hashes)