Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Added CredSSP support when private key is known #229

Merged
merged 4 commits into from
Jun 8, 2020
Merged

feat: Added CredSSP support when private key is known #229

merged 4 commits into from
Jun 8, 2020

Conversation

alxbl
Copy link
Collaborator

@alxbl alxbl commented Jun 5, 2020
edited
Loading

This pull request adds a --auth switch that allows to selectively enable the authentication mechanisms that PyRDP will allow through. For now these only include tls and ssp with some strict limitations for CredSSP.

It also finally documents how to extract the private key of RDP servers so that we can close #154
Also resolves #134.

Details

  • Does not support the actual negotiation of CredSSP, which would require a lot of code and knowledge of the NTLM hash or the target's credentials.
  • Does not support the CredSSPY attack that was just released.
  • In order for the connection to be MITMed, it requires the private key of the server

In practice, this means that the only purpose of this feature is to allow honeypots to expose CredSSP. Note that usage of CredSSP means credential stuffing is not possible since a secret key is derived from the NTLM hash of the credentials.

Future Work

This pull-request also paves the way towards supporting other authentication techniques such as Early User Authorization (EUA), but that is not yet implemented.

alxbl
alxbl commented Jun 5, 2020
View reviewed changes
pyrdp/mitm/X224MITM.py Outdated Show resolved Hide resolved
@obilodeau
Copy link
Member

It also finally documents how to extract the private key of RDP servers so that we can close #154

That's awesome! 🥳

Res260
Res260 approved these changes Jun 5, 2020
View reviewed changes
Copy link
Collaborator

@Res260 Res260 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome PR, can't wait to see it in action :)

pyrdp/mitm/config.py Show resolved Hide resolved
pyrdp/mitm/cli.py Show resolved Hide resolved
docs/cert-extraction.md Outdated Show resolved Hide resolved
@alxbl alxbl mentioned this pull request Jun 6, 2020
Closed
obilodeau
obilodeau approved these changes Jun 8, 2020
View reviewed changes
Copy link
Member

@obilodeau obilodeau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed briefly with @alxbl and this is good to go!

@alxbl alxbl merged commit 95e9d75 into master Jun 8, 2020
@obilodeau obilodeau mentioned this pull request Jun 9, 2020
Open
@obilodeau obilodeau deleted the credssp branch August 6, 2021 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@obilodeau obilodeau obilodeau approved these changes

@Res260 Res260 Res260 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@alxbl @obilodeau @Res260