-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RDP module failing to log on using successful credentials to Windows Server with RDS role #288
Comments
Hey Jeff, does this also fail if you use Linux? It'd be helpful to know to determine if this is a Windows-specific bug, since there's a bunch of weird quirks with running on Windows unfortunately. Also, the target should go after the protocol and error otherwise, so I'm not sure how it ran... is that a copy-paste of the command? |
Yup, it's a copy-paste of the actual command. I can try with latest Kali and report back. I'm worried it might be due to the licensing status of the RDP server affecting the underlying library (https://github.com/citronneur/rdp-rs), which isn't set up to handle non-activated RDP servers (which still work, and are just in the grace period). |
Same behavior with latest Kali and nxc, installed via pipx:
(Username, password, and domain swapped out. It's a lab, but not something I want to share publicly) |
This may be a red herring, but here's the output when running
|
Looks like your guess was correct, "notImplemented" error directly from the lib |
Also this highlights some annoying stuff about the logging section I updated and stacktraces, I'll need to see if I can fix that as well. |
I stubbed out |
@Marshall-Hallenbeck : Is it an issue when using Kerberos, or an issue when using a domain account? I'm confused if it's the former. With or without |
From my side, it looks specifically like a Kerberos issue. |
Hmm, I still see the issue regardless of local auth, domain auth, or domain auth with Kerberos -- see the attached. Maybe it's two different issues? |
@jeffmcjunkin do you have another host in the same lab environment you can test against? I've tested against 3 different Windows build #s (14393, 19041, and 20348) with the same results. |
Aha! I think it's more of an issue with Remote Desktop Services installed on this machine. Other VMs in the same lab environment have no issue. I think this code block makes it replicable: Install-WindowsFeature -Name Remote-Desktop-Services
Install-WindowsFeature -Name RDS-RD-Server
Install-WindowsFeature -Name RDS-Licensing -Restart |
@jeffmcjunkin are you able to authenticate to that host, or is it just NetExec reporting a failure when it should work? |
Yup, I can authenticate to that host using Same error from
|
I'm installing RDS on a WinServ19 host now so I can debug further |
Let me know if I can help here. I still have some local VMs from my own testing that I can share via Discord. |
Describe the bug
Using valid credentials and a development copy of the latest NetExec fails to log in against a Server 2016 RDP server.
To Reproduce
Steps to reproduce the behavior i.e.:
Command:
poetry -C C:\tools\NetExec run NetExec -- rdp -u "validuser" -p "validpassword" -d thedomainname.com rdp01.thedomainname.com
Resulted in:
Expected behavior
I expected NetExec to show valid credentials. Logging on via
mstsc.exe
from a Windows 10 VM using those credentials (and other sets of valid credentials) worked successfully.NetExec info
1.1.0 - nxc4u -
(latest Git installation as of last week)The text was updated successfully, but these errors were encountered: