-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Synacktiv
committed
Jun 26, 2017
0 parents
commit 9b822d0
Showing
52 changed files
with
11,504 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Nicolas Collignon <[email protected]> |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
Version 0.1 public release (OSSIR) | ||
+ SOCKS5 minimal support | ||
+ doxygenification | ||
+ stricter controller protocol | ||
+ added X11 scripting tool (rdpupload) | ||
+ added rdp2tcp test script (test-client) | ||
+ dozen of bug fixes | ||
|
||
Version 0.0.3 | ||
+ tcp reverse connect | ||
+ process stdin/stdout forwarding | ||
+ IPv6 support | ||
+ dozen of bug fixes | ||
|
||
Version 0.0.2 almost reliable tunneling ... | ||
+ added controller listener to add tunnel on-demand | ||
|
||
Version 0.0.1 SSTIC rump nuked edition :) |
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
|
||
Q: I started rdesktop without the "-r addin:rdp2tcp:" argument, ... | ||
A: It is not possible to start the client on-demand if the rdesktop | ||
has not been started with the correct command line. | ||
This feature will not be implemented since it would require extra | ||
patches for rdesktop. | ||
|
||
Q: I want to use rdp2tcp without rdesktop because ... | ||
A: It is not possible to use the client without rdesktop already running. | ||
rdp2tcp is a rdesktop virtual channel helper, not a RDP implementation. | ||
|
||
Q: How to check if rdesktop is compiled with OOP patch ? | ||
A: Run "rdesktop 2>&1 | grep addin". If you see no result, | ||
rdesktop is not patched. | ||
|
||
Q: rdesktop says "Error executing child: No such file or directory" | ||
A: The rdp2tcp client path provided with the "-r addin:rdp2tcp:" | ||
argument is not correct. | ||
|
||
Q: I get "error: cannot attach RDP stream" when i start rdp2tcp server | ||
A: rdp2tcp.exe was not started within a Terminal Server session. | ||
|
||
Q: I forwarded remote port 445 on my Linux host but smbclient fails | ||
when trying to connect to local port XYZ. | ||
A: This is a smbclient bug, not a rdp2tcp bug! smbclient selects its | ||
protocol (netbios or SMB) based on the port number. It will try | ||
to use netbios protocol whenever the destination port is not 445. | ||
Therefore you have 3 choices: | ||
- patch smbclient :) | ||
- wrap the smbclient with a SOCKS5 client (tsocks, proxychains, ...) | ||
- starts another tunneling tools (ex: socat) locally to forward | ||
port 445 to port XYZ (must be done as root since 445 < 1024). | ||
|
||
Q: the input generated by rdpupload looks like garbage | ||
A: your keyboard layout is different than the keyboard layout of the TS. | ||
restart rdesktop with "-g <layout>" | ||
|
||
Q: rdpupload is slow ... | ||
A: It is not expected to run fast ... | ||
"debug" encoding generates smaller payload than "vb" encoding. | ||
try to play with "-s" option (ex: -s 0.5). | ||
compress/pack the file you are trying to upload (ex: upx) | ||
|
||
Q: Where can I find a precompiled rdp2tcp.exe server binary ? | ||
A: Precompiled binaries are not provided ... Use mingw32. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
|
||
-[ prerequisites ]----------------------------- | ||
|
||
- rdesktop dependencies | ||
- a compiler for the rdesktop host | ||
- a compiler for Windows | ||
|
||
-[ steps ]------------------------------------- | ||
|
||
1) get rdesktop source code | ||
http://www.rdesktop.org/#download | ||
|
||
2) get rdesktop out-of-process virtual channel patch (oop.patch) | ||
http://sf.net/tracker/index.php?func=detail&aid=1472969&group_id=24366&atid=381349 | ||
|
||
3) apply rdesktop patch | ||
|
||
4) compile & install patched rdesktop | ||
|
||
5) compile client with "make client" | ||
|
||
6) compile server | ||
|
||
case 1: cross-compilation from UNIX, use mingw32 | ||
you may have to fix the compiler path in server/Makefile.mingw32 | ||
run "make server-mingw32" | ||
|
||
case 2: compilation from Windows, use whatever you want .. | ||
ex: "nmake /nologo /f Makefile.nmake" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
all: client | ||
|
||
client: client/rdp2tcp | ||
client/rdp2tcp: | ||
make -C client | ||
|
||
server-mingw32: server/rdp2tcp.exe | ||
server/rdp2tcp.exe: | ||
make -C server -f Makefile.mingw32 | ||
|
||
clean: | ||
make -C client clean | ||
make -C server -f Makefile.mingw32 clean | ||
make -C tools clean |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
|
||
|
||
rdp2tcp 0.1 | ||
|
||
rdp2tcp is a tunneling tool on top of remote desktop protocol (RDP). | ||
It uses RDP virtual channel capabilities to multiplex several ports | ||
forwarding over an already established rdesktop session. | ||
|
||
Available features: | ||
- tcp port forwarding | ||
- reverse tcp port forwarding | ||
- process stdin/out forwarding | ||
- SOCKS5 minimal support | ||
|
||
The code is splitted into 2 parts: | ||
- the client running on the rdesktop client side | ||
- the server running on the Terminal Server side | ||
|
||
Once both rdp2tcp client and server are running, tunnels management is | ||
performed by the controller (on client side). The controller typically | ||
listen on localhost (port 8477) waiting for new tunnel registrations. | ||
|
||
|
||
-[ client (rdesktop side) ]-------------------- | ||
|
||
First of all, rdesktop must be compiled with OOP patch (see INSTALL). | ||
The OOP patch comes with a additional rdesktop command line option. | ||
|
||
-r addin:NAME:HANDLER[:OPT1[:OPTN]] | ||
|
||
NAME: the name of the RDP virtual channel | ||
HANDLER: the path of the executable which handle | ||
the virtual channel. | ||
OPT: argument passed to HANDLER executable | ||
|
||
The rdp2tcp client must be initialized when the rdesktop client starts. | ||
|
||
rdesktop -r addin:rdp2tcp:/path/to/rdp2tcp <ip> | ||
|
||
rdp2tcp client usage: | ||
|
||
rdp2tcp [[HOST] PORT] | ||
|
||
HOST: rdp2tcp controller hostname or IP address (default is 127.0.0.1). | ||
PORT: rdp2tcp controller port (default is 8477). | ||
|
||
Several instances of rdp2tcp client can be run on a single rdesktop session: | ||
|
||
rdesktop -r addin:rdp2tcp-1:/path/to/rdp2tcp:8477 \ | ||
-r addin:rdp2tcp-2:/path/to/rdp2tcp:8478 <ip> | ||
|
||
After rdesktop is started with rdp2tcp channel configured, port forwarding | ||
can be configured by connecting to the controller and sending commands. | ||
All commands are ASCII and ends with a CR "\n". | ||
|
||
* List rdp2tcp managed sockets: | ||
"l\n" | ||
|
||
* Remove tunnel | ||
"- LHOST LPORT\n" | ||
|
||
LHOST: tunnel local host | ||
LPORT: tunnel local port | ||
|
||
* Start SOCKS5 proxy | ||
"s LHOST LPORT\n" | ||
|
||
LHOST: proxy local host | ||
LPORT: proxy local port | ||
|
||
* stdin/stdout forwarding tunnel (bind on rdesktop) | ||
"x LHOST LPORT CMD\n" | ||
|
||
LHOST: local listener host | ||
LPORT: local listener port | ||
CMD: command line to execute on Terminal Server host | ||
|
||
* TCP forwarding tunnel (bind on rdesktop) | ||
"t LHOST LPORT RHOST RPORT\n" | ||
|
||
LHOST: local listener host | ||
LPORT: local listener port | ||
RHOST: remote target host | ||
RPORT: remote target port | ||
|
||
* TCP reverse-connect tunnel (bind on Terminal Server) | ||
"r LHOST LPORT RHOST RPORT\n" | ||
|
||
LHOST: local target host | ||
LPORT: local target port | ||
RHOST: remote listener host | ||
RPORT: remote listener port | ||
|
||
rdp2tcp.py (located in "tools" folder) can be used to manage tunnels with | ||
simple command lines. | ||
ex: "rdp2tcp.py add forward LHOST LPORT RHOST RPORT" | ||
|
||
|
||
-[ server (Terminal Server side) ]------------- | ||
|
||
Before starting the rdp2tcp server, you must be logged on the Terminal Server | ||
with one or more rdp2tcp clients attached to rdesktop. | ||
|
||
The rdp2tcp server won't magically appear on the Terminal Server. So the | ||
rdp2tcp.exe executable must be first uploaded. | ||
|
||
rdp2tcp.exe doesn't require to be run with a privileged Windows account. | ||
|
||
Terminal Server policy may block file sharing through the RDP session. | ||
Thus you may have to find a way to upload the .exe binary on the remote | ||
system. The binary can be uploaded by scripting the TS input. | ||
|
||
Uploading binary data to the server can be automated by encoding data to | ||
key stroke sequences that will be given to rdesktop as keyboard input. | ||
|
||
The rdpupload script (located in "tools" folder) generates a X11 script. | ||
xte (http://hoopajoo.net/projects/xautomation.html) run the X11 script. | ||
|
||
1) start rdesktop with rdp2tcp client | ||
2) tools/rdpupload -x -f vb server/rdp2tcp.exe | xte" | ||
3) focus on the rdesktop window within 5 seconds | ||
4) xte will feed rdesktop with keyboard input. focused window must | ||
not change or you may get some trouble :) | ||
5) run the Visual Basic script uploaded by xte. | ||
6) run rdp2tcp server by using the executable generated by the | ||
Visual Basic script. | ||
|
||
|
||
-[ dev ]--------------------------------------- | ||
|
||
- edit Makefile / enable -DDEBUG | ||
- use client/memcheck.sh to use valgrind as a RDP channel wrapper | ||
- doxygen can be used to generate the project documentation | ||
"doxygen Doxyfile-client" --> docs/client/html | ||
"doxygen Doxyfile-server" --> docs/server/html | ||
- export DEBUG (-1 to 2) environment variable to print debug statements | ||
- export TRACE (00 to ff) environment variable to print function traces | ||
|
||
bit 0: I/O buffer management | ||
1: network socket | ||
2: RDP virtual channel | ||
3: events loop | ||
4: process | ||
5: rdp2tcp controller | ||
6: tunnel management | ||
7: SOCKS5 protocol | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
- tunnel id on 16 bits ? | ||
- support fixed address family | ||
FIXME: 64 bits ? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
BIN=rdp2tcp | ||
CC=gcc | ||
CFLAGS=-Wall -g -I../common | ||
#CFLAGS=-Wall -g -I../common -DDEBUG | ||
LDFLAGS= | ||
OBJS=main.o netsock.o tunnel.o channel.o commands.o controller.o socks5.o \ | ||
../common/nethelper.o \ | ||
../common/netaddr.o \ | ||
../common/iobuf.o \ | ||
../common/print.o \ | ||
../common/msgparser.o | ||
|
||
all: clean_common $(BIN) | ||
|
||
clean_common: | ||
$(MAKE) -C ../common clean | ||
|
||
$(BIN): $(OBJS) | ||
$(CC) -o $@ $(OBJS) $(LDFLAGS) | ||
|
||
%.o: %.c | ||
$(CC) $(CFLAGS) -o $@ -c $< | ||
|
||
clean: | ||
rm -f $(OBJS) $(BIN) |
Oops, something went wrong.