You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When transferring a file from a shared drive to the server filesystem, the RDPDR file stealer sometimes creates empty files (even though the file itself is not empty). It's useless and it clogs up the output folder and mapping.json file.
The RDPDRMITM component doesn't handle file closes properly, which causes file duplications in file interceptor (among other problems). Although many file close responses are received, most of them don't make the check: if key in self.openedFiles:. Since they don't make it past that line, identical files never get filtered out and deleted by comparing hashes.
I think this is also probably the reason why we have so many empty files (and also missing sha1 entries in the mapping file).
xshill
changed the title
The RDPDR intercepter creates empty files that never get deleted.
RDPDR File close responses are not handled properly by the MITM
Nov 17, 2020
When transferring a file from a shared drive to the server filesystem, the RDPDR file stealer sometimes creates empty files (even though the file itself is not empty). It's useless and it clogs up the output folder and mapping.json file.
The text was updated successfully, but these errors were encountered: