Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Issue #371] Add NetNTLMv2 hash capture to README #383

Merged
merged 38 commits into from
Jan 17, 2022
Merged

[Issue #371] Add NetNTLMv2 hash capture to README #383

Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
0088f15
Add NetNTLMv2 hash capture to README
lubiedo Jan 7, 2022
e1a222a
Add more information to the README
lubiedo Jan 10, 2022
772c248
Specify log file
lubiedo Jan 10, 2022
f08a9e7
Update README.md
lubiedo Jan 10, 2022
89f1da4
chore(363): replace notify2 by py-notifier.
alxbl Oct 25, 2021
87d3313
chore: remove dbus dependencies
alxbl Oct 27, 2021
c384eb3
cleanup: remove notify-osd
alxbl Oct 29, 2021
1297fef
Removed leftover comment in Dockerfile
obilodeau Nov 26, 2021
f602830
Updated CHANGELOG
obilodeau Nov 26, 2021
d8408a8
Capture the NetNTLM hash if server enforces NLA (#367)
lubiedo Nov 26, 2021
d90c580
Updated CHANGELOG
obilodeau Nov 26, 2021
30665b6
Some type hint improvements
obilodeau Nov 26, 2021
b113492
Not longer assuming every connection will have VirtualChannels
obilodeau Nov 26, 2021
5f0092a
Updated CHANGELOG
obilodeau Nov 26, 2021
9b3ca1a
fix(331): Call conversion handler cleanup.
alxbl Oct 26, 2021
2eae592
fix: revert conversion success message for now.
alxbl Oct 27, 2021
dee25d8
Fixing type errors with high-precision pcaps
obilodeau Dec 27, 2021
ff5875a
Fixed many TLS decryption issues when src.ip == dst.ip
obilodeau Dec 27, 2021
1d88dc0
Refactoring to regroup hardcoded PDU offsets and class renamed
obilodeau Dec 27, 2021
b900edc
Updated CHANGELOG
obilodeau Dec 29, 2021
9891f7b
Python 3.10 support: collections no longer exports Mapping
obilodeau Dec 29, 2021
fabc836
Updated CHANGELOG
obilodeau Dec 30, 2021
77850d4
fix: Better success and error messages for pyrdp-convert (#369)
alxbl Jan 6, 2022
07c2006
feat(#313): Add support for conversion of multiple exported sessions.
alxbl Oct 27, 2021
7543907
Moving GitHub workflow tests out to a shell script
obilodeau Jan 7, 2022
2bfd61e
refactor to use Exported PDU struct (now called ExportedPDU)
obilodeau Jan 7, 2022
6739b21
Updated CHANGELOG
obilodeau Jan 7, 2022
1b1d5e9
doc: moved out pycrypto to pycryptodome update doc
obilodeau Jan 7, 2022
eb8647b
doc: completely reworked section about pyrdp-mitm output
obilodeau Jan 7, 2022
0bd9180
doc: reworked pyrdp-convert sections
obilodeau Jan 7, 2022
94a50c3
Added great RDP protocol intro
obilodeau Jan 13, 2022
fc42c13
doc: extracted twistd doc into docs/ with a reference to it
obilodeau Jan 13, 2022
e2d17b9
doc: re-read README and modernized it
obilodeau Jan 13, 2022
5e6e915
doc: TOC cleanup and some re-org
obilodeau Jan 13, 2022
a9f508a
Updated CHANGELOG
obilodeau Jan 13, 2022
d70121f
doc: rework NLA doc
obilodeau Jan 17, 2022
2be1646
doc: diagram and more context around the --nla-redirection attack
obilodeau Jan 17, 2022
57eb409
doc: link to tools
obilodeau Jan 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,16 @@ For example, if you expect your payload to take up to 5 seconds to complete, you
This will block the client's input / output for 5 seconds to hide the console and prevent interference.
After 5 seconds, input / output is restored back to normal.

#### Capturing NetNTLMv2 hashes
obilodeau marked this conversation as resolved.
Show resolved Hide resolved
PyRDP has the ability to capture the client's NetNTLMv2 hashes via a NLA (CredSSP)
connection by carrying the negotiation and capturing the NTLMSSP authentication
messages. This will happen even if the connection against the RDP remote server
is not done via NLA as PyRDP will generate NTLMSSP messages by it's own and
lubiedo marked this conversation as resolved.
Show resolved Hide resolved
continue with the authentication process. The capturing NetNTLMv2 hashes can be
useful for research and offensivepurposes.
lubiedo marked this conversation as resolved.
Show resolved Hide resolved
The captured NetNTLMv2 hash can be found in the logs and it's formatted so
lubiedo marked this conversation as resolved.
Show resolved Hide resolved
cracking tools (ie. John The Ripper) can ingest it.

#### Other MITM arguments
Run `pyrdp-mitm.py --help` for a full list of arguments.

Expand Down