package Plugins import ( "errors" "fmt" "github.com/shadow1ng/fscan/common" "github.com/tomatome/grdp/core" "github.com/tomatome/grdp/glog" "github.com/tomatome/grdp/protocol/nla" "github.com/tomatome/grdp/protocol/pdu" "github.com/tomatome/grdp/protocol/rfb" "github.com/tomatome/grdp/protocol/sec" "github.com/tomatome/grdp/protocol/t125" "github.com/tomatome/grdp/protocol/tpkt" "github.com/tomatome/grdp/protocol/x224" "log" "net" "os" "strconv" "strings" "sync" "time" ) func RdpScan(info *common.HostInfo) (tmperr error) { if common.IsBrute { return } starttime := time.Now().Unix() for _, user := range common.Userdict["rdp"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) port, err := strconv.Atoi(info.Ports) flag, err := RdpConn(info.Host, info.Domain, user, pass, port) if flag == true && err == nil { result := fmt.Sprintf("[+] RDP:%v:%v:%v %v", info.Host, info.Ports, user, pass) common.LogSuccess(result) return err } else { errlog := fmt.Sprintf("[-] rdp %v:%v %v %v %v", info.Host, info.Ports, user, pass, err) common.LogError(errlog) tmperr = err if common.CheckErrs(err) { return err } if time.Now().Unix()-starttime > (int64(len(common.Userdict["rdp"])*len(common.Passwords)) * info.Timeout) { return err } } } } return tmperr } func RdpConn(ip, domain, user, password string, port int) (bool, error) { target := fmt.Sprintf("%s:%d", ip, port) g := NewClient(target, glog.NONE) err := g.Login(domain, user, password) //var e if err == nil { return true, nil } //return true, err return false, err } type Client struct { Host string // ip:port tpkt *tpkt.TPKT x224 *x224.X224 mcs *t125.MCSClient sec *sec.Client pdu *pdu.Client vnc *rfb.RFB } func NewClient(host string, logLevel glog.LEVEL) *Client { glog.SetLevel(logLevel) logger := log.New(os.Stdout, "", 0) glog.SetLogger(logger) return &Client{ Host: host, } } func (g *Client) Login(domain, user, pwd string) error { conn, err := net.DialTimeout("tcp", g.Host, 5*time.Second) if err != nil { return fmt.Errorf("[dial err] %v", err) } defer conn.Close() glog.Info(conn.LocalAddr().String()) g.tpkt = tpkt.New(core.NewSocketLayer(conn), nla.NewNTLMv2(domain, user, pwd)) g.x224 = x224.New(g.tpkt) g.mcs = t125.NewMCSClient(g.x224) g.sec = sec.NewClient(g.mcs) g.pdu = pdu.NewClient(g.sec) g.sec.SetUser(user) g.sec.SetPwd(pwd) g.sec.SetDomain(domain) //g.sec.SetClientAutoReconnect() g.tpkt.SetFastPathListener(g.sec) g.sec.SetFastPathListener(g.pdu) g.pdu.SetFastPathSender(g.tpkt) //g.x224.SetRequestedProtocol(x224.PROTOCOL_SSL) //g.x224.SetRequestedProtocol(x224.PROTOCOL_RDP) err = g.x224.Connect() if err != nil { return fmt.Errorf("[x224 connect err] %v", err) } glog.Info("wait connect ok") wg := &sync.WaitGroup{} breakFlag := false wg.Add(1) g.pdu.On("error", func(e error) { err = e glog.Error("error", e) g.pdu.Emit("done") }) g.pdu.On("close", func() { err = errors.New("close") glog.Info("on close") g.pdu.Emit("done") }) g.pdu.On("success", func() { err = nil glog.Info("on success") g.pdu.Emit("done") }) g.pdu.On("ready", func() { glog.Info("on ready") g.pdu.Emit("done") }) g.pdu.On("update", func(rectangles []pdu.BitmapData) { glog.Info("on update:", rectangles) }) g.pdu.On("done", func() { if breakFlag == false { breakFlag = true wg.Done() } }) wg.Wait() return err }