From 17544b375b90c686da90404776642bc244dc4ccf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BD=B1=E8=88=9E=E8=80=85?= <shadow1ng@qq.com>
Date: Tue, 7 Dec 2021 17:28:56 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9Erdp=E6=89=AB=E6=8F=8F,?=
 =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=B7=BB=E5=8A=A0=E7=AB=AF=E5=8F=A3=E5=8F=82?=
 =?UTF-8?q?=E6=95=B0-pa=203389(=E4=BC=9A=E5=9C=A8=E5=8E=9F=E6=9C=89?=
 =?UTF-8?q?=E7=AB=AF=E5=8F=A3=E5=88=97=E8=A1=A8=E5=9F=BA=E7=A1=80=E4=B8=8A?=
 =?UTF-8?q?,=E6=96=B0=E5=A2=9E=E8=AF=A5=E7=AB=AF=E5=8F=A3)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Plugins/rdp.go | 153 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100644 Plugins/rdp.go

diff --git a/Plugins/rdp.go b/Plugins/rdp.go
new file mode 100644
index 0000000..00b292f
--- /dev/null
+++ b/Plugins/rdp.go
@@ -0,0 +1,153 @@
+package Plugins
+
+import (
+	"errors"
+	"fmt"
+	"github.com/shadow1ng/fscan/common"
+	"github.com/tomatome/grdp/core"
+	"github.com/tomatome/grdp/glog"
+	"github.com/tomatome/grdp/protocol/nla"
+	"github.com/tomatome/grdp/protocol/pdu"
+	"github.com/tomatome/grdp/protocol/rfb"
+	"github.com/tomatome/grdp/protocol/sec"
+	"github.com/tomatome/grdp/protocol/t125"
+	"github.com/tomatome/grdp/protocol/tpkt"
+	"github.com/tomatome/grdp/protocol/x224"
+	"log"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+)
+
+func RdpScan(info *common.HostInfo) (tmperr error) {
+	if common.IsBrute {
+		return
+	}
+	starttime := time.Now().Unix()
+	for _, user := range common.Userdict["rdp"] {
+		for _, pass := range common.Passwords {
+			pass = strings.Replace(pass, "{user}", user, -1)
+			port, err := strconv.Atoi(info.Ports)
+			flag, err := RdpConn(info.Host, info.Domain, user, pass, port)
+			if flag == true && err == nil {
+				result := fmt.Sprintf("[+] RDP:%v:%v:%v %v", info.Host, info.Ports, user, pass)
+				common.LogSuccess(result)
+				return err
+			} else {
+				errlog := fmt.Sprintf("[-] rdp %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
+				common.LogError(errlog)
+				tmperr = err
+				if common.CheckErrs(err) {
+					return err
+				}
+				if time.Now().Unix()-starttime > (int64(len(common.Userdict["rdp"])*len(common.Passwords)) * info.Timeout) {
+					return err
+				}
+			}
+		}
+	}
+	return tmperr
+}
+
+func RdpConn(ip, domain, user, password string, port int) (bool, error) {
+	target := fmt.Sprintf("%s:%d", ip, port)
+	g := NewClient(target, glog.NONE)
+	err := g.Login(domain, user, password)
+
+	//var e
+	if err == nil {
+		return true, nil
+	}
+	//return true, err
+	return false, err
+}
+
+type Client struct {
+	Host string // ip:port
+	tpkt *tpkt.TPKT
+	x224 *x224.X224
+	mcs  *t125.MCSClient
+	sec  *sec.Client
+	pdu  *pdu.Client
+	vnc  *rfb.RFB
+}
+
+func NewClient(host string, logLevel glog.LEVEL) *Client {
+	glog.SetLevel(logLevel)
+	logger := log.New(os.Stdout, "", 0)
+	glog.SetLogger(logger)
+	return &Client{
+		Host: host,
+	}
+}
+
+func (g *Client) Login(domain, user, pwd string) error {
+	conn, err := net.DialTimeout("tcp", g.Host, 5*time.Second)
+	if err != nil {
+		return fmt.Errorf("[dial err] %v", err)
+	}
+	defer conn.Close()
+	glog.Info(conn.LocalAddr().String())
+
+	g.tpkt = tpkt.New(core.NewSocketLayer(conn), nla.NewNTLMv2(domain, user, pwd))
+	g.x224 = x224.New(g.tpkt)
+	g.mcs = t125.NewMCSClient(g.x224)
+	g.sec = sec.NewClient(g.mcs)
+	g.pdu = pdu.NewClient(g.sec)
+
+	g.sec.SetUser(user)
+	g.sec.SetPwd(pwd)
+	g.sec.SetDomain(domain)
+	//g.sec.SetClientAutoReconnect()
+
+	g.tpkt.SetFastPathListener(g.sec)
+	g.sec.SetFastPathListener(g.pdu)
+	g.pdu.SetFastPathSender(g.tpkt)
+
+	//g.x224.SetRequestedProtocol(x224.PROTOCOL_SSL)
+	//g.x224.SetRequestedProtocol(x224.PROTOCOL_RDP)
+
+	err = g.x224.Connect()
+	if err != nil {
+		return fmt.Errorf("[x224 connect err] %v", err)
+	}
+	glog.Info("wait connect ok")
+	wg := &sync.WaitGroup{}
+	breakFlag := false
+	wg.Add(1)
+
+	g.pdu.On("error", func(e error) {
+		err = e
+		glog.Error("error", e)
+		g.pdu.Emit("done")
+	})
+	g.pdu.On("close", func() {
+		err = errors.New("close")
+		glog.Info("on close")
+		g.pdu.Emit("done")
+	})
+	g.pdu.On("success", func() {
+		err = nil
+		glog.Info("on success")
+		g.pdu.Emit("done")
+	})
+	g.pdu.On("ready", func() {
+		glog.Info("on ready")
+		g.pdu.Emit("done")
+	})
+	g.pdu.On("update", func(rectangles []pdu.BitmapData) {
+		glog.Info("on update:", rectangles)
+	})
+	g.pdu.On("done", func() {
+		if breakFlag == false {
+			breakFlag = true
+			wg.Done()
+		}
+	})
+
+	wg.Wait()
+	return err
+}