Penetration Testing

Home
Forensics
Malware Analysis
Network PenTest
Reverse Engineering
Programming
Technique
Web PenTest

Big Data
Crypto
Ebooks
Defense
Linux
Machine Learning
Networking
Technique
Tips and Tricks

Penetration Testing

Security Training Share

Home
Forensics
Malware Analysis
Network PenTest
Reverse Engineering
Programming
Technique
Web PenTest

Sniffing & Spoofing

PyRDP: Python 3 Remote Desktop Protocol Man-in-the-Middle

by do son · Published December 23, 2018 · Updated December 23, 2018

PyRDP

PyRDP is a Python 3 Remote Desktop Protocol (RDP) Man-in-the-Middle (MITM) and library.

It features a few tools:

RDP Man-in-the-Middle
- Logs credentials used to connect
- Steals data copied to the clipboard
- Saves a copy of the files transferred over the network
- Saves replays of connections so you can look at them later
RDP Player:
- See live RDP connections coming from the MITM
- View replays of RDP connections
RDP Certificate Cloner:
- Create a self-signed X509 certificate with the same fields as an RDP server’s certificate

We are using this tool as part of an RDP honeypot which records sessions and saves a copy of the malware dropped on our target machine.

As of now, the MITM records the following events:

Bitmap graphics
Mouse movements
Keyboard input
Connection info (local IP address, username, password, domain, computer name)
Clipboard content

Install && Use

Copyright (C) 2018 GoSecure

Share

Tags: Man in the Middle Python Remote Desktop Protocol

Follow:

Next story Remote-Desktop-Caching: extract juicy information such as LAPS passwords or any sensitive information on the screen
Previous story labeless: Remote memory dumping tool

Search

Suggested Reading

Dell SupportAssist vulnerability let attackers gain complete control of a targeted system
Firefox 0-day vulnerabilities were used to attack Coinbase employees
Debian releases security update to fix Microarchitecture Data Sampling hardware vulnerabilities
CVE-2019-7406: TP-Link Wi-Fi Extender Remote Code Execution Vulnerability Alert
Google Project Zero found Firefox zero-day exploited in the wild. Patch now

BREAKING NEWS

Ransomware gang attacks remote IT services and deploys ransomware on the client system
Kaspersky found Plurox malware that can be used as a backdoor, cryptocurrency miner, worm
US council of Riviera Beach finally decided to pay a $600,000 ransom to a ransomware gang

TRENDING

U.S launched a cyber attack against Iran
Hackers penetrate the NASA Jet Propulsion Laboratory through the Raspberry Pi and steal 500M data
XENOTIME hacker organization expands its goal to electricity companies in the US and Asia-Pacific

Linux news

IPFire 2.23 – Core Update 133 released, Linux distribution
Linux Kernel 5.2 RC6 releases
OpenWrt 18.06.3 released: Linux operating system targeting embedded devices
Debian releases security update to fix Microarchitecture Data Sampling hardware vulnerabilities
Tails OS 3.14.1 releases: privacy & anonymously OS

About Us
Contact Us
Disclaimer
Privacy Policy
DMCA NOTICE
Submit your articles

Penetration Testing © 2019. All Rights Reserved.

We use cookies to ensure that we give you the best experience on our website. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on Read more information.Ok Read more