Seth tool written in Python and Bash to MitM RDP 09-21-2017, 08:55 PM
#1
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. The author is Adrian Vollmer (SySS GmbH).
![[Image: Seth-RDP-Man-In-The-Middle-Attack-Tool-640x369.png]](https://cdn.darknet.org.uk/wp-content/uploads/2017/09/Seth-RDP-Man-In-The-Middle-Attack-Tool-640x369.png)
Requirements:
Usage:
Requirements:
- python3
- tcpdump
- arpspoof
- arpspoof is part of dsniff
- openssl < 1.1.0f
Usage:
Code:
usage: rdp-cred-sniffer.py [-h] [-d] [-p LISTEN_PORT] [-b BIND_IP]
[-g {0,1,3,11}] -c CERTFILE -k KEYFILE
target_host [target_port]
RDP credential sniffer -- Adrian Vollmer, SySS GmbH 2017
positional arguments:
target_host target host of the RDP service
target_port TCP port of the target RDP service (default 3389)
optional arguments:
-h, --help show this help message and exit
-d, --debug show debug information
-p LISTEN_PORT, --listen-port LISTEN_PORT
TCP port to listen on (default 3389)
-b BIND_IP, --bind-ip BIND_IP
IP address to bind the fake service to (default all)
-g {0,1,3,11}, --downgrade {0,1,3,11}
downgrade the authentication protocol to this (default
3)
-c CERTFILE, --certfile CERTFILE
path to the certificate file
-k KEYFILE, --keyfile KEYFILE
path to the key file![[Image: Vs4P58c.png]](https://i.imgur.com/Vs4P58c.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)