STRLCPY/aardwolf

usability fixes
skelsec committed 2 years ago

43e38851

1 parent eeb6750f

■ ■ ■ ■ ■ ■

aardwolf/commons/credential.py

		skipped 38 lines
39	39		CERTSTORE = 'CERTSTORE'
40	40
41	41		class RDPAuthProtocol(enum.Enum):
	42	+	NONE = 'NONE'
42	43		PLAIN = 'PLAIN'
43	44		NTLM = 'NTLM'
44	45		KERBEROS = 'KERBEROS'
		skipped 241 lines

■ ■ ■ ■ ■ ■

aardwolf/examples/aardpclient.py

		skipped 88 lines
89	89		except Exception as e:
90	90		traceback.print_exc()
91	91
92		-	async def ducky_exec(self):
	92	+	async def ducky_exec(self, bypass_delay = False):
93	93		try:
94	94		from aardwolf.keyboard.layoutmanager import KeyboardLayoutManager
95	95		from aardwolf.utils.ducky import DuckyExecutorBase, DuckyReaderFile
96		-	if self.settings.iosettings.ducky_autostart_delay is not None:
97		-	await asyncio.sleep(self.settings.iosettings.ducky_autostart_delay)
	96	+	if bypass_delay is False:
	97	+	if self.settings.iosettings.ducky_autostart_delay is not None:
	98	+	await asyncio.sleep(self.settings.iosettings.ducky_autostart_delay)
	99	+	else:
	100	+	return
98	101
99		-	layout = KeyboardLayoutManager().get_layout_by_shortname('enus')
	102	+	layout = KeyboardLayoutManager().get_layout_by_shortname(self.settings.iosettings.client_keyboard)
100	103		executor = DuckyExecutorBase(layout, self.ducky_keyboard_sender, send_as_char = True if self.conn.target.dialect == RDPConnectionDialect.VNC else False)
101	104		reader = DuckyReaderFile.from_file(self.settings.iosettings.ducky_file, executor)
102	105		await reader.parse()
		skipped 1 lines
104	107		traceback.print_exc()
105	108
106	109		async def rdpconnection(self):
	110	+	input_handler_thread = None
	111	+
107	112		try:
108	113		rdpurl = RDPConnectionURL(self.settings.url)
109	114		self.conn = rdpurl.get_connection(self.settings.iosettings)
		skipped 35 lines
145	150		finally:
146	151		if self.conn is not None:
147	152		await self.conn.terminate()
148		-	input_handler_thread.cancel()
	153	+	if input_handler_thread is not None:
	154	+	input_handler_thread.cancel()
149	155		if not self.gui_stopped_evt.is_set():
150		-	print(self.connection_terminated)
151	156		self.connection_terminated.emit()
152	157
153	158		def starter(self):
		skipped 17 lines
171	176		@pyqtSlot()
172	177		def stop(self):
173	178		self.gui_stopped_evt.set()
174		-	if self.conn is not None:
175		-	asyncio.run_coroutine_threadsafe(self.conn.terminate(), self.loop)
	179	+	if self.conn is not None and self.loop.is_running():
	180	+	try:
	181	+	asyncio.run_coroutine_threadsafe(self.conn.terminate(), self.loop)
	182	+	except:
	183	+	pass
176	184		time.sleep(0.1) # waiting connection to terminate
177	185		self.rdp_connection_task.cancel()
178	186		self.loop.stop()
179	187
	188	+	@pyqtSlot()
	189	+	def startducky(self):
	190	+	time.sleep(0.1) # waiting for keyboard flush
	191	+	asyncio.run_coroutine_threadsafe(self.ducky_exec(bypass_delay = True), self.loop)
	192	+
180	193
181	194		class RDPClientQTGUI(QMainWindow):
182	195		#inputevent=pyqtSignal()
		skipped 1 lines
184	197		def __init__(self, settings:RDPClientConsoleSettings):
185	198		super().__init__()
186	199		self.settings = settings
	200	+	self.ducky_key_ctr = 0
187	201
188	202		# enabling this will singificantly increase the bandwith
189	203		self.mhover = settings.mhover
		skipped 85 lines
275	289		self.in_q.put(None)
276	290		self._threaded.stop()
277	291		self._thread.quit()
	292	+	self.close()
278	293
279	294		def updateImage(self, event):
280	295		if event.width == self.settings.iosettings.video_width and event.height == self.settings.iosettings.video_height:
		skipped 35 lines
316	331
317	332		def send_key(self, e, is_pressed):
318	333		# https://doc.qt.io/qt-5/qt.html#Key-enum
	334	+
	335	+	# ducky script starter
	336	+	if is_pressed is True:
	337	+	if e.key()==Qt.Key_Escape:
	338	+	self.ducky_key_ctr += 1
	339	+	if self.ducky_key_ctr == 3:
	340	+	self.ducky_key_ctr = 0
	341	+	self._threaded.startducky()
	342	+	else:
	343	+	self.ducky_key_ctr = 0
	344	+
319	345		if self.keyboard is False:
320	346		return
321	347		#print(self.keyevent_to_string(e))
		skipped 68 lines
390	416		def main():
391	417		import logging
392	418		import argparse
393		-	parser = argparse.ArgumentParser(description='Async RDP Client')
	419	+	parser = argparse.ArgumentParser(description='Async RDP Client. Duckyscript will be executed by pressing ESC 3 times')
394	420		parser.add_argument('-v', '--verbose', action='count', default=0, help='Verbosity, can be stacked')
395	421		parser.add_argument('--no-mouse-hover', action='store_false', help='Disables sending mouse hovering data. (saves bandwith)')
396	422		parser.add_argument('--no-keyboard', action='store_false', help='Disables keyboard input. (whatever)')
397	423		parser.add_argument('--res', default = '1024x768', help='Resolution in "WIDTHxHEIGHT" format. Default: "1024x768"')
398	424		parser.add_argument('--bpp', choices = [15, 16, 24, 32], default = 32, type=int, help='Bits per pixel.')
	425	+	parser.add_argument('--keyboard', default = 'enus', help='Keyboard on the client side. Used for VNC and duckyscript')
399	426		parser.add_argument('--ducky', help='Ducky script to be executed')
	427	+	parser.add_argument('--duckydelay', type=int, default=-1, help='Ducky script autostart delayed')
400	428		parser.add_argument('url', help="RDP connection url")
401	429
402	430		args = parser.parse_args()
		skipped 5 lines
408	436		elif args.verbose > 2:
409	437		logger.setLevel(1)
410	438
	439	+	duckydelay = args.duckydelay
	440	+	if args.duckydelay == -1:
	441	+	duckydelay = None
	442	+
411	443		width, height = args.res.upper().split('X')
412	444		height = int(height)
413	445		width = int(width)
		skipped 3 lines
417	449		iosettings.video_bpp_min = 15 #servers dont support 8 any more :/
418	450		iosettings.video_bpp_max = args.bpp
419	451		iosettings.video_out_format = VIDEO_FORMAT.QT5
	452	+	iosettings.client_keyboard = args.keyboard
420	453		iosettings.ducky_file = args.ducky
421		-	iosettings.ducky_autostart_delay = 5
	454	+	iosettings.ducky_autostart_delay = duckydelay
	455	+
422	456
423	457		settings = RDPClientConsoleSettings(args.url, iosettings)
424	458		settings.mhover = args.no_mouse_hover
		skipped 11 lines

■ ■ ■ ■ ■ ■

aardwolf/utils/ducky/dtest.txt

1	+	STRING the quick brown fox jumps over the lazy dog
2	+	DELAY 1000
3	+	STRING 1234567890
4	+	DELAY 1000
5	+	STRING ',./;'\[]=-`<<>?:"\|{}+_)(*&^%$#@!~>
6	+	DELAY 500
7	+	ENTER
8	+	SHIFT
9	+	BACKSPACE
10	+	UP
11	+	DOWN
12	+	LEFT
13	+	RIGHT
14	+	END
15	+	PAGEUP
16	+	PAGEDOWN
17	+	HOME
18	+	TAB
19	+	INSERT
20	+	PAUSE
21	+	DELAY 500
22	+	F1
23	+	F2
24	+	F3
25	+	F4
26	+	F5
27	+	F6
28	+	F7
29	+	F8
30	+	F9
31	+	F10
32	+	F11
33	+	F12
34	+	ESCAPE
35	+	GUI r
36	+	DELAY 100
37	+	STRING cmd.exe
38	+	ENTER
39	+

■ ■ ■ ■ ■ ■

aardwolf/utils/ducky/dtest2.txt

1 + REM CONTROL-shift F1
2 + GUI r
3 +

All occurrences
■ ■ ■ ■ ■ ■

aardwolf/utils/ducky/dtest3.txt

1 + STRING 1234567890
2 + STRING ',./;'\[]=-`<<>?:"|{}+_)(*&^%$#@!~>
3 +

All occurrences

■ ■ ■ ■ ■ ■ ■

aardwolf/vncconnection.py

		skipped 18 lines
19	19		from aardwolf.crypto.symmetric import DES
20	20		from aardwolf.crypto.BASE import cipherMODE
21	21
	22	+	from aardwolf.commons.target import RDPTarget
	23	+	from aardwolf.commons.credential import RDPCredential, RDPAuthProtocol
22	24		from aardwolf.commons.queuedata import *
23	25		from aardwolf.extensions.RDPECLIP.protocol.formatlist import CLIPBRD_FORMAT
24	26		from aardwolf.protocol.vnc.keyboard import *
		skipped 24 lines
49	51		ZRLE_ENCODING = 16
50	52
51	53		class VNCConnection:
52		-	def __init__(self, target, credentials, iosettings:RDPIOSettings):
	54	+	def __init__(self, target:RDPTarget, credentials:RDPCredential, iosettings:RDPIOSettings):
53	55		self.target = target
54	56		self.credentials = credentials
55	57		self.authapi = None
		skipped 4 lines
60	62		self.server_name = None
61	63		self.disconnected_evt = asyncio.Event() #this will be set if we disconnect for whatever reason
62	64		self.server_supp_security_types = []
63		-	self.__selected_security_type = 2
	65	+	self.__selected_security_type = 1 if self.credentials.authentication_type == RDPAuthProtocol.NONE else 2 #currently we only support these 2
64	66		self.__refresh_screen_task = None
65	67		self.__reader_loop_task = None
66	68		self.__external_reader_task = None
		skipped 124 lines
191	193		async def __aexit__(self, exc_type, exc, traceback):
192	194		await asyncio.wait_for(self.terminate(), timeout = 5)
193	195
	196	+	def get_extra_info(self):
	197	+	# to have the same interface as RDP
	198	+	return None
	199	+
194	200		async def connect(self):
195	201		"""
196	202		Performs the entire connection sequence
		skipped 25 lines
222	228		raise err
223	229		logger.debug('Security handshake OK')
224	230
	231	+	logger.debug('Authenticating')
	232	+	_, err = await self.__authenticate()
	233	+	if err is not None:
	234	+	raise err
	235	+	logger.debug('Authentication OK')
	236	+
225	237		logger.debug('Setting up clipboard')
226	238		_, err = await self.__setup_clipboard()
227	239		if err is not None:
		skipped 57 lines
285	297		for sectype in sec_types:
286	298		self.server_supp_security_types.append(sectype)
287	299
	300	+	if self.__selected_security_type not in self.server_supp_security_types:
	301	+	raise Exception('Clound\'t find common authentication type. Client supports: %s Server supports: %s' % (self.__selected_security_type, ','.join([str(x) for x in self.server_supp_security_types])))
	302	+
	303	+
	304	+	return True, None
	305	+	except Exception as e:
	306	+	return None, e
	307	+
	308	+	async def __authenticate(self):
	309	+	try:
288	310		if self.__selected_security_type == 0:
289	311		logger.debug('Invalid authentication type!!!')
290	312		raise Exception('Invalid authentication type')
		skipped 534 lines

1	+	REM CONTROL-shift F1
2	+	GUI r
3	+

usability fixes