HELP! #11
Comments
|
Echoing @jessefmoore on his first question. Is it possible to make RDP-Replay using Centos 7? |
|
Hi. Sorry for the delay - this is not on my list of priorities. Answer to Q1: This tool was developed on Ubuntu 14.04. I have not tested it on anything else. However, it should be possible to put together a docker image to run it. I will have a look at doing this if I get time. Answer to Q2: I would normally expect the TCP handshake and complete streams. And missing packets and the crypt will (almost certainly) be broken. Answer to Q3: You can use the "-t <port>" option to specify streams. They are both probably on port 3389, but you can specify the other port (which should be different for the various TCP sessions) Answer to Q4: The main problem with RDP sessions if the crypt. Modern clients will negotiate TLS/SSL and then use Diffie-Hellman for key exchange. There is no way (that I know of) to recover the crypt key for these sessions. If you know a way, let me know. @stephanieleevillanueva: As mentioned above, I have not tried. Again, docker may be a way forward. If you do get it working, if you can list the dependencies or post the docker file that would be great. Steve. |
|
I had a quick go with docker, and had success with this Dockerfile Then run the following commands docker build -t rdpreplay .
XSOCK=/tmp/.X11-unix
XAUTH=/tmp/.docker.xauth
touch $XAUTH
xauth nlist $DISPLAY| sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
docker run -ti -e DISPLAY=$DISPLAY -v $XSOCK:$XSOCK -v $XAUTH:$XAUTH -e XAUTHORITY=$XAUTH rdpreplay rdp_replay -r RDP-Replay/test/demo1.pcap -p RDP-Replay/test/demo1.pem --no_cksum --show_keysHope this helps. Steve. |
|
Thank you! I had good luck with Ubuntu 14.04 in VMware image from osboxes.org
Here is my video of getting it up and going:
https://screencast-o-matic.com/embed?sc=cbQnnTIfyI&v=5&ff=1
Thank you,
-Jesse
… On Oct 31, 2017, at 1:13 PM, Steve Elliott ***@***.***> wrote:
I had a quick go with docker, and had success with this Dockerfile
FROM ubuntu:14.04
ENV LANG en_GB.UTF-8
ENV XTERM_LOCALE en_GB.UTF-8
ENV LC_COLLATE C
RUN apt-get update
RUN apt-get install -y build-essential git-core cmake libssl-dev
RUN apt-get install -y libx11-dev libxext-dev libxinerama-dev libxcursor-dev
RUN apt-get install -y libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev
RUN apt-get install -y libcups2-dev libxml2 libxml2-dev libxrandr-dev
RUN apt-get install -y libgstreamer0.10-dev libgstreamer-plugins-base0.10-dev
RUN apt-get install -y libavutil-dev libavcodec-dev libavformat-dev
RUN apt-get install -y libpcap-dev libreadline-dev
RUN git clone https://github.com/ctxis/RDP-Replay.git
RUN cd RDP-Replay && make
ENV PATH /RDP-Replay/replay:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Then run the following commands
docker build -t rdpreplay .
XSOCK=/tmp/.X11-unix
XAUTH=/tmp/.docker.xauth
touch $XAUTH
xauth nlist $DISPLAY| sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
docker run -ti -e DISPLAY=$DISPLAY -v $XSOCK:$XSOCK -v $XAUTH:$XAUTH -e XAUTHORITY=$XAUTH rdpreplay rdp_replay -r RDP-Replay/test/demo1.pcap -p RDP-Replay/test/demo1.pem --no_cksum --show_keys
Hope this helps.
Steve.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Jesse, You can add "--show_keys" to the end of the command line and you will be shown the key presses (including the password!!). Enjoy. Steve. |
|
Hi Steve, Thanks for the response. I figured it would be easier to build an Ubuntu 14.04 cluster rather than try to figure out how to compile RDP-Replay in Centos. I went that route and I am able to get RDP-Replay working on all nodes in the cluster. I'll let you know if I end up trying to build again using Centos. Regards, |
More info on How to get RDP-Replay to work in Production.
The text was updated successfully, but these errors were encountered: