Skip to content
/ aardwolf Public
forked from skelsec/aardwolf

Asynchronous RDP client for Python (headless)

License

MIT license
0 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mpgn/aardwolf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
aardwolf
aardwolf
 
 
.gitignore
.gitignore
 
 
MANIFEST.in
MANIFEST.in
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

Supported Python versions Twitter

🚩 This is the public repository of aardwolf, for latest version and updates please consider supporting us through https://porchetta.industries/

AARDWOLF - Asynchronous RDP client in Python

This project is aimed to play around the RDP and VNC protocols.

🚩 Sponsors

If you want to sponsors this project and have the latest updates on this project, latest issues fixed, latest features, please support us on https://porchetta.industries/

Official Discord Channel

Come hang out on Discord!

Porchetta Industries

Important

This is a headless client, for GUI functionality use the aardwolfgui package.

Features

  • Supports credssp auth via NTLM/Kerberos.
  • Built-in proxy client allows SOCKS/HTTP proxy tunneling without 3rd part software
  • PtH via CredSSP+Restricted admin mode
  • Scriptable Keyboard, Mouse input and Clipboard input/output
  • Can run in headless mode, no GUI required (read: no need for Qt)
  • Support for Duckyscript files to emulate keystrokes

Example scripts

  • aardpscreenshot RDP ?screenshotter? scans the given target/s or network ranges for open RDP clients, tries to log in either with or without credentials and takes a screemshot
  • aardpcapscan RDP login capability scanner identifies the supported login protocols on a target or network ranges.
  • aardploginscan RDP login scanner.

URL format

As usual the scripts take the target/scredentials in URL format. Below some examples

  • rdp+kerberos-password:https://TEST\Administrator:[email protected]/?dc=10.10.10.2&proxytype=socks5&proxyhost=127.0.0.1&proxyport=1080
    CredSSP (aka HYBRID) auth using Kerberos auth + password via socks5 to win2016ad.test.corp, the domain controller (kerberos service) is at 10.10.10.2. The socks proxy is on 127.0.0.1:1080
  • rdp+ntlm-password:https://TEST\Administrator:[email protected]
    CredSSP (aka HYBRID) auth using NTLM auth + password connecting to RDP server 10.10.10.103
  • rdp+ntlm-password:https://TEST\Administrator:<NThash>@10.10.10.103
    CredSSP (aka HYBRID) auth using Pass-the-Hash (NTLM) auth connecting to RDP server 10.10.10.103
  • rdp+plain:https://Administrator:[email protected]
    Plain authentication (No SSL, encryption is RC4) using password connecting to RDP server 10.10.10.103
  • vnc+plain:https://[email protected]
    VNC client with VNC authentication using password connecting to RDP server 10.10.10.103
  • vnc+plain:https://[email protected]
    VNC client with VNC authentication using password connecting to RDP server 10.10.10.103
  • vnc+plain:https://:admin:[email protected]
    VNC client with VNC authentication using password admin:aa connecting to RDP server 10.10.10.103. Note that if the password contains : char you will have to prepend the password with :

Kudos

  • Citronneur's rdpy. The decompression code and the QT image magic was really valuable.
  • Marc-André Moreau (@awakecoding) for providing suggestions on fixes

About

Asynchronous RDP client for Python (headless)

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

 
 
 

Languages

  • Python 99.6%
  • Other 0.4%