-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathrdpcheck.py
More file actions
40 lines (34 loc) · 1.21 KB
/
rdpcheck.py
File metadata and controls
40 lines (34 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import subprocess
pipe = subprocess.PIPE
def info2str(o):
s = "/v:%s /u:'%s'" % (o['target'], o['username'])
if 'password' in o:
s += " /p:'%s' +auth-only" % o['password']
#elif 'ntlm' in o:
# s += ' /pth:%s' % o['ntlm']
else:
raise Exception("No password provided")
if 'domain' in o:
s += ' /d:%s' % o['domain']
return s
#print('Restricted Admin mode default disabled. You can\'t PTH even if you have RDP access.')
#print('Nevertheless, hydra is enough for brute forcing...')
# timeout is useless, just to prevent hanging infinitely
def run(target, username, password, domain=None, useProxy=False, timeout=60):
domain = domain or '.'
if useProxy:
binary = 'proxychains xfreerdp'
else:
binary = 'xfreerdp'
auth_info = info2str(dict(target=target, username=username, password=password, domain=domain))
cmd = '%s %s /cert-ignore' % (binary, auth_info)
#print(cmd)
p = subprocess.Popen(cmd, shell=True, stderr=pipe, stdout=pipe, stdin=pipe)
try:
_ = p.communicate(timeout=timeout)
if p.returncode == 0:
return 1
else:
return 0
except subprocess.TimeoutExpired:
return -1