remove pycrypto dependancies, bug fixing

2015-03-08 21:04:26 +01:00
parent 0abf18d130
commit 95052a323f
4 changed files with 25 additions and 11 deletions
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@

 Remote Desktop Protocol in twisted python.

-RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted.
+RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).

 RDPY provides the following RDP and VNC binaries :
 * RDP Man In The Middle proxy which record session
@@ -107,7 +107,7 @@ $ rdpy-rdpmitm.py -o output_dir [-l listen_port] [-k private_key_file_path] [-c
 ```

 Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss)
-The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer. The CredSSP security layer is planned for an upcoming release. If one of both parameters are omitted, the server use standard RDP as security layer.
+The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.

 ### rdpy-rdphoneypot

@@ -117,7 +117,7 @@ rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay sc
 $ rdpy-rdphoneypot.py [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] rss_file_path_1 ... rss_file_path_N
 ```

-The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer. The CredSSP security layer is planned for an upcoming release. If one of both parameters are omitted, the server use standard RDP as security layer.
+The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer. If one of both parameters are omitted, the server use standard RDP as security layer.
 You can specify more than one files to match more common screen size.

 ### rdpy-rssplayer
--- a/bin/rdpy-rdpclient.py
+++ b/bin/rdpy-rdpclient.py
@@ -30,7 +30,7 @@ from rdpy.core.error import RDPSecurityNegoFail
 from rdpy.core import rss

 import rdpy.core.log as log
-log._LOG_LEVEL = log.Level.DEBUG
+log._LOG_LEVEL = log.Level.INFO


 class RDPClientQtRecorder(RDPClientQt):
--- a/bin/rdpy-rdpmitm.py
+++ b/bin/rdpy-rdpmitm.py
@@ -35,7 +35,7 @@ from rdpy.core import log, error, rss
 from rdpy.protocol.rdp import rdp
 from twisted.internet import reactor

-log._LOG_LEVEL = log.Level.DEBUG
+log._LOG_LEVEL = log.Level.INFO

 class ProxyServer(rdp.RDPServerObserver):
    """
@@ -251,7 +251,9 @@ def help():
            [-l listen_port default 3389] 
            [-k private_key_file_path (mandatory for SSL)] 
            [-c certificate_file_path (mandatory for SSL)] 
+            [-o output directory for recoded files] 
            [-r RDP standard security (XP or server 2003 client or older)] 
+            [-n For NLA Client authentication (need to provide credentials)] 
    """

 def parseIpPort(interface, defaultPort = "3389"):
@@ -265,6 +267,7 @@ if __name__ == '__main__':
    privateKeyFilePath = None
    certificateFilePath = None
    ouputDirectory = None
+    #for anonymous authentication
    clientSecurity = rdp.SecurityLevel.RDP_LEVEL_SSL
    
    try:
@@ -285,6 +288,8 @@ if __name__ == '__main__':
            ouputDirectory = arg
        elif opt == "-r":
            clientSecurity = rdp.SecurityLevel.RDP_LEVEL_RDP
+        elif opt == "-n":
+            clientSecurity = rdp.SecurityLevel.RDP_LEVEL_NLA
            
    if ouputDirectory is None or not os.path.dirname(ouputDirectory):
        log.error("%s is an invalid output directory"%ouputDirectory)
--- a/rdpy/protocol/rdp/nla/cssp.py
+++ b/rdpy/protocol/rdp/nla/cssp.py
@@ -30,7 +30,6 @@ import pyasn1.codec.ber.encoder as ber_encoder
 from rdpy.core.type import Stream
 from twisted.internet import protocol
 from OpenSSL import crypto
-from Crypto.Util import asn1
 from rdpy.security import x509
 from rdpy.core import error

@@ -105,6 +104,17 @@ class TSSmartCardCreds(univ.Sequence):
        namedtype.OptionalNamedType('domainHint', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
        )

+class OpenSSLRSAPublicKey(univ.Sequence):
+    """
+    @summary: asn1 public rsa key
+    @see: https://tools.ietf.org/html/rfc3447
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('unknow', univ.Integer()),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        )
+
 def encodeDERTRequest(negoTypes = [], authInfo = None, pubKeyAuth = None):
    """
    @summary: create TSRequest from list of Type
@@ -242,12 +252,11 @@ class CSSP(protocol.Protocol):
        #get back public key
        #convert from der to ber...
        pubKeyDer = crypto.dump_privatekey(crypto.FILETYPE_ASN1, self.transport.protocol._tlsConnection.get_peer_certificate().get_pubkey())
-        pubKey = asn1.DerSequence()
-        pubKey.decode(pubKeyDer)
+        pubKey = der_decoder.decode(pubKeyDer, asn1Spec=OpenSSLRSAPublicKey())[0]
        
        rsa = x509.RSAPublicKey()
-        rsa.setComponentByName("modulus", univ.Integer(pubKey[1]))
-        rsa.setComponentByName("publicExponent", univ.Integer(pubKey[2]))
+        rsa.setComponentByName("modulus", univ.Integer(pubKey.getComponentByName('modulus')._value))
+        rsa.setComponentByName("publicExponent", univ.Integer(pubKey.getComponentByName('publicExponent')._value))
        self._pubKeyBer = ber_encoder.encode(rsa)
        
        #send authenticate message with public key encoded
@@ -263,7 +272,7 @@ class CSSP(protocol.Protocol):
        request = decodeDERTRequest(data)
        pubKeyInc = self._interface.GSS_UnWrapEx(getPubKeyAuth(request))
        #check pubKeyInc = self._pubKeyBer + 1
-        if not self._pubKeyBer[:-1] == pubKeyInc[:-1] and ord(self._pubKeyBer[-1]) + 1 == pubKeyInc[-1]:
+        if not (self._pubKeyBer[1:] == pubKeyInc[1:] and ord(self._pubKeyBer[0]) + 1 == ord(pubKeyInc[0])):
            raise error.InvalidExpectedDataException("CSSP : Invalid public key increment")
        
        domain, user, password = self._authenticationProtocol.getEncodedCredentials()