Skip to content
/ aardwolf Public
forked from skelsec/aardwolf

Asynchronous RDP client for Python (headless)

License

MIT license
0 stars 22 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

justinforbes/aardwolf

BranchesTags
 
 

Repository files navigation

Supported Python versions Twitter

🚩 Sponsors

If you like this project, consider purchasing licenses of OctoPwn, our full pentesting suite that runs in your browser!
For notifications on new builds/releases and other info, hop on to our Discord

AARDWOLF - Asynchronous RDP/VNC client in Python (headless)

This project is aimed to play around the RDP and VNC protocols.
Project contains no GUI, for a GUI client please check out aardwolfgui

🚩 Runs in the browser

This project, alongside with many other pentester tools runs in the browser with the power of OctoPwn!
Check out the community version at OctoPwn - Live

Important

This is a headless client, for GUI functionality use the aardwolfgui package.

Features

  • Supports credssp auth via NTLM/Kerberos.
  • Built-in proxy client allows SOCKS/HTTP proxy tunneling without 3rd part software
  • PtH via CredSSP+Restricted admin mode
  • Scriptable Keyboard, Mouse input and Clipboard input/output
  • Can run in headless mode, no GUI required (read: no need for Qt)
  • Support for Duckyscript files to emulate keystrokes

Example scripts

  • ardpscan Multi-purpose scanner for RDP and VNC protocols. (screenshot/capabilities/login scanner)

URL format

As usual the scripts take the target/scredentials in URL format. Below some examples

  • rdp+kerberos-password:https://TEST\Administrator:[email protected]/?dc=10.10.10.2&proxytype=socks5&proxyhost=127.0.0.1&proxyport=1080
    CredSSP (aka HYBRID) auth using Kerberos auth + password via socks5 to win2016ad.test.corp, the domain controller (kerberos service) is at 10.10.10.2. The socks proxy is on 127.0.0.1:1080
  • rdp+ntlm-password:https://TEST\Administrator:[email protected]
    CredSSP (aka HYBRID) auth using NTLM auth + password connecting to RDP server 10.10.10.103
  • rdp+ntlm-password:https://TEST\Administrator:<NThash>@10.10.10.103
    CredSSP (aka HYBRID) auth using Pass-the-Hash (NTLM) auth connecting to RDP server 10.10.10.103
  • rdp+plain:https://Administrator:[email protected]
    Plain authentication (No SSL, encryption is RC4) using password connecting to RDP server 10.10.10.103
  • vnc+plain:https://[email protected]
    VNC client with VNC authentication using password connecting to RDP server 10.10.10.103
  • vnc+plain:https://[email protected]
    VNC client with VNC authentication using password connecting to RDP server 10.10.10.103
  • vnc+plain:https://:admin:[email protected]
    VNC client with VNC authentication using password admin:aaa connecting to RDP server 10.10.10.103. Note that if the password contains : char you will have to prepend the password with :

Kudos

  • Sylvain Peyrefitte (@citronneur) rdpy. The decompression code and the QT image magic was really valuable.
  • Marc-André Moreau (@awakecoding) for providing suggestions on fixes

About

Asynchronous RDP client for Python (headless)

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 99.6%
  • Other 0.4%