adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/RDP.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

6606 lines
381 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::RDP
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::RDP";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (R)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span>
&raquo;
<span class="title">RDP</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::RDP
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/rdp.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module exposes methods for interacting with a remote RDP service</p>
</div>
</div>
<div class="tags">
</div><h2>Defined Under Namespace</h2>
<p class="children">
<strong class="classes">Classes:</strong> <span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span>, <span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span>
</p>
<h2>Instance Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
<ul class="summary">
<li class="protected ">
<span class="summary_signature">
<a href="#rdp_sock-instance_method" title="#rdp_sock (instance method)">#<strong>rdp_sock</strong> &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute rdp_sock.</p>
</div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdp_user_id-instance_method" title="#rdp_user_id (instance method)">#<strong>rdp_user_id</strong> &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute rdp_user_id.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#sock-instance_method" title="Msf::Exploit::Remote::Tcp#sock (method)">#sock</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="protected ">
<span class="summary_signature">
<a href="#ber_data-instance_method" title="#ber_data (instance method)">#<strong>ber_data</strong>(*ds) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#ber_int-instance_method" title="#ber_int (instance method)">#<strong>ber_int</strong>(i) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#ber_octet_string-instance_method" title="#ber_octet_string (instance method)">#<strong>ber_octet_string</strong>(*ds) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#bin_to_hex-instance_method" title="#bin_to_hex (instance method)">#<strong>bin_to_hex</strong>(str_val) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#build_data_tpdu-instance_method" title="#build_data_tpdu (instance method)">#<strong>build_data_tpdu</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Builds x.224 Data (DT) TPDU - Section 13.7.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#build_share_control_header-instance_method" title="#build_share_control_header (instance method)">#<strong>build_share_control_header</strong>(type, data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/73d01865-2eae-407f-9b2c-87e31daac471">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/73d01865-2eae-407f-9b2c-87e31daac471</a> Share Control Header - TS_SHARECONTROLHEADER - 2.2.8.1.1.1.1.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#build_share_data_header-instance_method" title="#build_share_data_header (instance method)">#<strong>build_share_data_header</strong>(type, data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4b5d4c0d-a657-41e9-9c69-d58632f46d31">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4b5d4c0d-a657-41e9-9c69-d58632f46d31</a> Share Data Header - TS_SHAREDATAHEADER - 2.2.8.1.1.1.2.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#build_virtual_channel_pdu-instance_method" title="#build_virtual_channel_pdu (instance method)">#<strong>build_virtual_channel_pdu</strong>(flags, data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/6c074267-1b32-4ceb-9496-2eb941a23e6b">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/6c074267-1b32-4ceb-9496-2eb941a23e6b</a> Virtual Channel PDU 2.2.6.1.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#bytes_to_bignum-instance_method" title="#bytes_to_bignum (instance method)">#<strong>bytes_to_bignum</strong>(bytes_val, order = &quot;little&quot;) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#conf_create_req-instance_method" title="#conf_create_req (instance method)">#<strong>conf_create_req</strong>(user_data_sets: 1, h221_key: &quot;Duca&quot;) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#cs_cluster_data-instance_method" title="#cs_cluster_data (instance method)">#<strong>cs_cluster_data</strong>(flags: RDPConstants::REDIRECTION_SUPPORTED | RDPConstants::REDIRECTION_VERSION3, session_id: 0) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#cs_core_data-instance_method" title="#cs_core_data (instance method)">#<strong>cs_core_data</strong>(version: 0x80004, width: 800, height: 600, keyboard: 1033, client_build: 2600, client_name: &quot;rdesktop&quot;, keyboard_type: 4, keyboard_subtype: 0, keyboard_func_key: 12, serial_num: 0, client_product_id: 1, client_dig_product_id: &quot;&quot;, selected_proto: 0) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/00f1da4a-ee9c-421a-852f-c19f92343d73">learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/00f1da4a-ee9c-421a-852f-c19f92343d73</a>.</p>
</div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#cs_network_data-instance_method" title="#cs_network_data (instance method)">#<strong>cs_network_data</strong>(channels) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#cs_security_data-instance_method" title="#cs_security_data (instance method)">#<strong>cs_security_data</strong>(encryption_methods: RDPConstants::ENCRYPTION_40BIT | RDPConstants::ENCRYPTION_128BIT, ext_encryption_methods: 0) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#encode_domain_selector-instance_method" title="#encode_domain_selector (instance method)">#<strong>encode_domain_selector</strong>(max_chan_ids: 0, max_user_ids: 0, max_token_ids: 0, num_priorities: 1, min_throughput: 0, max_height: 1, max_mcspdu_size: 65535, protocol_ver: 2) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Creates an instance of a RDP exploit module.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#int_to_bytestring-instance_method" title="#int_to_bytestring (instance method)">#<strong>int_to_bytestring</strong>(int_val, num_chars = nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://www.ruby-forum.com/t/integer-to-byte-string-speed-improvements/67110">www.ruby-forum.com/t/integer-to-byte-string-speed-improvements/67110</a>.</p>
</div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#oid-instance_method" title="#oid (instance method)">#<strong>oid</strong>(itut, rec, t, t124, ver, desc) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_attach_user_request-instance_method" title="#pdu_attach_user_request (instance method)">#<strong>pdu_attach_user_request</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/f5d6a541-9b36-4100-b78f-18710f39f247">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/f5d6a541-9b36-4100-b78f-18710f39f247</a>\ Client MCS Attach User Request PDU - 2.2.1.6.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_channel_join_request-instance_method" title="#pdu_channel_join_request (instance method)">#<strong>pdu_channel_join_request</strong>(user1, channel_id) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/64564639-3b2d-4d2c-ae77-1105b4cc011b">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/64564639-3b2d-4d2c-ae77-1105b4cc011b</a> Client MCS Channel Join Request PDU -2.2.1.8.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_client_confirm_active-instance_method" title="#pdu_client_confirm_active (instance method)">#<strong>pdu_client_confirm_active</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4e9722c3-ad83-43f5-af5a-529f73d88b48">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4e9722c3-ad83-43f5-af5a-529f73d88b48</a> Confirm Active PDU Data - TS_CONFIRM_ACTIVE_PDU - 2.2.1.13.2.1.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_client_control_cooperate-instance_method" title="#pdu_client_control_cooperate (instance method)">#<strong>pdu_client_control_cooperate</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9d1e1e21-d8b4-4bfd-9caf-4b72ee91a7135">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9d1e1e21-d8b4-4bfd-9caf-4b72ee91a7135</a> Control Cooperate - TC_CONTROL_PDU 2.2.1.15.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_client_control_request-instance_method" title="#pdu_client_control_request (instance method)">#<strong>pdu_client_control_request</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4f94e123-970b-4242-8cf6-39820d8e3d35">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4f94e123-970b-4242-8cf6-39820d8e3d35</a> Control Request - TC_CONTROL_PDU 2.2.1.16.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_client_font_list-instance_method" title="#pdu_client_font_list (instance method)">#<strong>pdu_client_font_list</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7067da0d-e318-4464-88e8-b11509cf0bd9">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7067da0d-e318-4464-88e8-b11509cf0bd9</a> Client Font List - TS_FONT_LIST_PDU - 2.2.1.18.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_client_info-instance_method" title="#pdu_client_info (instance method)">#<strong>pdu_client_info</strong>(user_name, domain_name = &quot;&quot;, ip_address = &quot;&quot;) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/772d618e-b7d6-4cd0-b735-fa08af558f9d">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/772d618e-b7d6-4cd0-b735-fa08af558f9d</a> TS_INFO_PACKET - 2.2.1.11.1.1.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_client_input_event_synchronize-instance_method" title="#pdu_client_input_event_synchronize (instance method)">#<strong>pdu_client_input_event_synchronize</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/ff7f06f8-0dcf-4c8d-be1f-596ae60c4396">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/ff7f06f8-0dcf-4c8d-be1f-596ae60c4396</a> Client Input Event Data - TS_INPUT_PDU_DATA - 2.2.8.1.1.3.1.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_client_synchronize-instance_method" title="#pdu_client_synchronize (instance method)">#<strong>pdu_client_synchronize</strong>(target_user = 0) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/5186005a-36f5-4f5d-8c06-968f28e2d992">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/5186005a-36f5-4f5d-8c06-968f28e2d992</a> Client Synchronize - TS_SYNCHRONIZE_PDU - 2.2.1.19 / 2.2.14.1.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_connect_initial-instance_method" title="#pdu_connect_initial (instance method)">#<strong>pdu_connect_initial</strong>(channels, selected_proto = 0, host_name = &quot;rdesktop&quot;) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/db6713ee-1c0e-4064-a3b3-0fac30b4037b">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/db6713ee-1c0e-4064-a3b3-0fac30b4037b</a>.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_erect_domain_request-instance_method" title="#pdu_erect_domain_request (instance method)">#<strong>pdu_erect_domain_request</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/04c60697-0d9a-4afd-a0cd-2cc133151a9c">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/04c60697-0d9a-4afd-a0cd-2cc133151a9c</a> Client MCS Erect Domain Request PDU - 2.2.1.5.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_negotiation_request-instance_method" title="#pdu_negotiation_request (instance method)">#<strong>pdu_negotiation_request</strong>(user_name = &quot;&quot;, requested_protocols = 0) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/18a27ef9-6f9a-4501-b000-94b1fe3c2c10">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/18a27ef9-6f9a-4501-b000-94b1fe3c2c10</a> Client X.224 Connect Request PDU - 2.2.1.1.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_new_license_request-instance_method" title="#pdu_new_license_request (instance method)">#<strong>pdu_new_license_request</strong>(client_random, user, host) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/c57e4890-9049-421e-9fe8-9a6f9519675a">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/c57e4890-9049-421e-9fe8-9a6f9519675a</a> Client New License Request PDU - 2.2.2.2.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#pdu_security_exchange-instance_method" title="#pdu_security_exchange (instance method)">#<strong>pdu_security_exchange</strong>(rcran, rsexp, rsmod, bitlen) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9cde84cd-5055-475a-ac8b-704db419b66f">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9cde84cd-5055-475a-ac8b-704db419b66f</a> Client Security Exchange PDU - 2.2.1.10.</p>
</div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#per_data-instance_method" title="#per_data (instance method)">#<strong>per_data</strong>(*ds) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#per_object-instance_method" title="#per_object (instance method)">#<strong>per_object</strong>(*ds) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_build_pkt-instance_method" title="#rdp_build_pkt (instance method)">#<strong>rdp_build_pkt</strong>(data, channel_id = &quot;\x03\xeb&quot;, client_info: false, license_info: false) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Build the X.224 packet, encrypt with Standard RDP Security as needed default channel_id = 0x03eb = 1003.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_calculate_rc4_keys-instance_method" title="#rdp_calculate_rc4_keys (instance method)">#<strong>rdp_calculate_rc4_keys</strong>(client_random, server_random) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_check_protocol-instance_method" title="#rdp_check_protocol (instance method)">#<strong>rdp_check_protocol</strong>(req_proto = RDPConstants::PROTOCOL_SSL) &#x21d2; Boolean, RDPConstants </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Connect and detect security protocol.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_connect-instance_method" title="#rdp_connect (instance method)">#<strong>rdp_connect</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_create_channel_msg-instance_method" title="#rdp_create_channel_msg (instance method)">#<strong>rdp_create_channel_msg</strong>(chan_user_id, chan_id, data, flags = 3, data_length = nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_disconnect-instance_method" title="#rdp_disconnect (instance method)">#<strong>rdp_disconnect</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_dispatch_loop-instance_method" title="#rdp_dispatch_loop (instance method)">#<strong>rdp_dispatch_loop</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_establish_session-instance_method" title="#rdp_establish_session (instance method)">#<strong>rdp_establish_session</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Finish building session after all security is negotiated.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_final_hash-instance_method" title="#rdp_final_hash (instance method)">#<strong>rdp_final_hash</strong>(k, client_random_bytes, server_random_bytes) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>FinalHash(K) = MD5(K + ClientRandom + ServerRandom).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_fingerprint-instance_method" title="#rdp_fingerprint (instance method)">#<strong>rdp_fingerprint</strong> &#x21d2; Boolean, Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Connect and perform fingerprinting of the RDP service.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_generate_license_keys-instance_method" title="#rdp_generate_license_keys (instance method)">#<strong>rdp_generate_license_keys</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_handle_license_error_alert-instance_method" title="#rdp_handle_license_error_alert (instance method)">#<strong>rdp_handle_license_error_alert</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_handle_license_request-instance_method" title="#rdp_handle_license_request (instance method)">#<strong>rdp_handle_license_request</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/e17772e9-9642-4bb6-a2bc-82875dd6da7c">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/e17772e9-9642-4bb6-a2bc-82875dd6da7c</a> Server License Request - 2.2.2.1.</p>
</div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdp_handle_packet-instance_method" title="#rdp_handle_packet (instance method)">#<strong>rdp_handle_packet</strong>(pkt) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_hmac-instance_method" title="#rdp_hmac (instance method)">#<strong>rdp_hmac</strong>(mac_salt_key, data_content) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7c61b54e-f6cd-4819-a59a-daf200f6bf94">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7c61b54e-f6cd-4819-a59a-daf200f6bf94</a> mac_salt_key = “Wx13xc58x7fxebxa9x10*x1exddVx96x8b[d” data_content = “x12x00x17x00xefx03xeax03x02x00x00x01x04x00$x00x00x00” hmac = rdp_hmac(mac_salt_key, data_content) # == hexlified: “22d5aeb486994a0c785dc929a2855923”.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_move_mouse-instance_method" title="#rdp_move_mouse (instance method)">#<strong>rdp_move_mouse</strong>(x = 1, y = 1) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_negotiate_security-instance_method" title="#rdp_negotiate_security (instance method)">#<strong>rdp_negotiate_security</strong>(channels, req_proto = RDPConstants::PROTOCOL_SSL) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Negotiate security protocol and begin session building.</p>
</div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdp_on_channel_receive-instance_method" title="#rdp_on_channel_receive (instance method)">#<strong>rdp_on_channel_receive</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdp_on_core_client_id_confirm-instance_method" title="#rdp_on_core_client_id_confirm (instance method)">#<strong>rdp_on_core_client_id_confirm</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdp_on_core_server_announce-instance_method" title="#rdp_on_core_server_announce (instance method)">#<strong>rdp_on_core_server_announce</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdp_on_core_server_capability-instance_method" title="#rdp_on_core_server_capability (instance method)">#<strong>rdp_on_core_server_capability</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_parse_connect_response-instance_method" title="#rdp_parse_connect_response (instance method)">#<strong>rdp_parse_connect_response</strong>(pkt) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/927de44c-7fe8-4206-a14f-e5517dc24b1c">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/927de44c-7fe8-4206-a14f-e5517dc24b1c</a> Parse Server MCS Connect Response PUD - 2.2.1.4.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_parse_license_pdu-instance_method" title="#rdp_parse_license_pdu (instance method)">#<strong>rdp_parse_license_pdu</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_parse_negotiation_response-instance_method" title="#rdp_parse_negotiation_response (instance method)">#<strong>rdp_parse_negotiation_response</strong>(data) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse RDP Negotiation Data - 2.2.1.2 Reference: <a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/13757f8f-66db-4273-9d2c-385c33b1e483">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/13757f8f-66db-4273-9d2c-385c33b1e483</a>.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_rc4_crypt-instance_method" title="#rdp_rc4_crypt (instance method)">#<strong>rdp_rc4_crypt</strong>(rc4obj, data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_recv-instance_method" title="#rdp_recv (instance method)">#<strong>rdp_recv</strong>(length = -1,, timeout = 5) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_salted_hash-instance_method" title="#rdp_salted_hash (instance method)">#<strong>rdp_salted_hash</strong>(s_bytes, i_bytes, client_random_bytes, server_random_bytes) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/705f9542-b0e3-48be-b9a5-cf2ee582607f">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/705f9542-b0e3-48be-b9a5-cf2ee582607f</a> SaltedHash(S, I) = MD5(S + SHA(I + S + ClientRandom + ServerRandom)).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_salted_hash16-instance_method" title="#rdp_salted_hash16 (instance method)">#<strong>rdp_salted_hash16</strong>(s_bytes, salt1, salt2) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_salted_hash48-instance_method" title="#rdp_salted_hash48 (instance method)">#<strong>rdp_salted_hash48</strong>(s_bytes, i_byte, client_random, server_random) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_send-instance_method" title="#rdp_send (instance method)">#<strong>rdp_send</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_send_channel-instance_method" title="#rdp_send_channel (instance method)">#<strong>rdp_send_channel</strong>(chan_user_id, chan_id, data, flags = 3, data_length = nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_send_recv-instance_method" title="#rdp_send_recv (instance method)">#<strong>rdp_send_recv</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rdp_terminate-instance_method" title="#rdp_terminate (instance method)">#<strong>rdp_terminate</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdpdr_client_announce_reply-instance_method" title="#rdpdr_client_announce_reply (instance method)">#<strong>rdpdr_client_announce_reply</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdpdr_client_device_list_announce_request-instance_method" title="#rdpdr_client_device_list_announce_request (instance method)">#<strong>rdpdr_client_device_list_announce_request</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="protected ">
<span class="summary_signature">
<a href="#rdpdr_client_name_request-instance_method" title="#rdpdr_client_name_request (instance method)">#<strong>rdpdr_client_name_request</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; Object </a>
</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rsa_encrypt-instance_method" title="#rsa_encrypt (instance method)">#<strong>rsa_encrypt</strong>(bignum, rsexp, rsmod) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#swap_sock_plain_to_ssl-instance_method" title="#swap_sock_plain_to_ssl (instance method)">#<strong>swap_sock_plain_to_ssl</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Create a new SSL session on the existing socket.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#chost-instance_method" title="Msf::Exploit::Remote::Tcp#chost (method)">#chost</a></span>, <span class='object_link'><a href="Tcp.html#cleanup-instance_method" title="Msf::Exploit::Remote::Tcp#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="Tcp.html#connect-instance_method" title="Msf::Exploit::Remote::Tcp#connect (method)">#connect</a></span>, <span class='object_link'><a href="Tcp.html#connect_timeout-instance_method" title="Msf::Exploit::Remote::Tcp#connect_timeout (method)">#connect_timeout</a></span>, <span class='object_link'><a href="Tcp.html#cport-instance_method" title="Msf::Exploit::Remote::Tcp#cport (method)">#cport</a></span>, <span class='object_link'><a href="Tcp.html#disconnect-instance_method" title="Msf::Exploit::Remote::Tcp#disconnect (method)">#disconnect</a></span>, <span class='object_link'><a href="Tcp.html#handler-instance_method" title="Msf::Exploit::Remote::Tcp#handler (method)">#handler</a></span>, <span class='object_link'><a href="Tcp.html#lhost-instance_method" title="Msf::Exploit::Remote::Tcp#lhost (method)">#lhost</a></span>, <span class='object_link'><a href="Tcp.html#lport-instance_method" title="Msf::Exploit::Remote::Tcp#lport (method)">#lport</a></span>, <span class='object_link'><a href="Tcp.html#peer-instance_method" title="Msf::Exploit::Remote::Tcp#peer (method)">#peer</a></span>, <span class='object_link'><a href="Tcp.html#print_prefix-instance_method" title="Msf::Exploit::Remote::Tcp#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="Tcp.html#proxies-instance_method" title="Msf::Exploit::Remote::Tcp#proxies (method)">#proxies</a></span>, <span class='object_link'><a href="Tcp.html#replicant-instance_method" title="Msf::Exploit::Remote::Tcp#replicant (method)">#replicant</a></span>, <span class='object_link'><a href="Tcp.html#rhost-instance_method" title="Msf::Exploit::Remote::Tcp#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="Tcp.html#rport-instance_method" title="Msf::Exploit::Remote::Tcp#rport (method)">#rport</a></span>, <span class='object_link'><a href="Tcp.html#set_tcp_evasions-instance_method" title="Msf::Exploit::Remote::Tcp#set_tcp_evasions (method)">#set_tcp_evasions</a></span>, <span class='object_link'><a href="Tcp.html#shutdown-instance_method" title="Msf::Exploit::Remote::Tcp#shutdown (method)">#shutdown</a></span>, <span class='object_link'><a href="Tcp.html#ssl-instance_method" title="Msf::Exploit::Remote::Tcp#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="Tcp.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="Tcp.html#ssl_verify_mode-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_verify_mode (method)">#ssl_verify_mode</a></span>, <span class='object_link'><a href="Tcp.html#ssl_version-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="Tcp.html#sslkeylogfile-instance_method" title="Msf::Exploit::Remote::Tcp#sslkeylogfile (method)">#sslkeylogfile</a></span></p>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id="rdp_sock=-instance_method"></span>
<div class="method_details first">
<h3 class="signature first" id="rdp_sock-instance_method">
#<strong>rdp_sock</strong> &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute rdp_sock.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1482
1483
1484</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1482</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_sock'>rdp_sock</span>
<span class='ivar'>@rdp_sock</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id="rdp_user_id=-instance_method"></span>
<div class="method_details ">
<h3 class="signature " id="rdp_user_id-instance_method">
#<strong>rdp_user_id</strong> &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute rdp_user_id.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1484
1485
1486</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1484</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_user_id'>rdp_user_id</span>
<span class='ivar'>@rdp_user_id</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="ber_data-instance_method">
#<strong>ber_data</strong>(*ds) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1373</span>
<span class='kw'>def</span> <span class='id identifier rubyid_ber_data'>ber_data</span><span class='lparen'>(</span><span class='op'>*</span><span class='id identifier rubyid_ds'>ds</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_ds'>ds</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x82</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_data'>data</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="ber_int-instance_method">
#<strong>ber_int</strong>(i) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1385</span>
<span class='kw'>def</span> <span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_i'>i</span><span class='rparen'>)</span>
<span class='id identifier rubyid_d'>d</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_i'>i</span> <span class='op'>&lt;</span> <span class='lparen'>(</span><span class='int'>2</span> <span class='op'>**</span> <span class='int'>8</span><span class='rparen'>)</span>
<span class='id identifier rubyid_d'>d</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_i'>i</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_i'>i</span> <span class='op'>&lt;</span> <span class='lparen'>(</span><span class='int'>2</span> <span class='op'>**</span> <span class='int'>16</span><span class='rparen'>)</span>
<span class='id identifier rubyid_d'>d</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_i'>i</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_d'>d</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_i'>i</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='lbracket'>[</span><span class='id identifier rubyid_d'>d</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='id identifier rubyid_d'>d</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="ber_octet_string-instance_method">
#<strong>ber_octet_string</strong>(*ds) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1364
1365
1366
1367
1368
1369
1370
1371</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1364</span>
<span class='kw'>def</span> <span class='id identifier rubyid_ber_octet_string'>ber_octet_string</span><span class='lparen'>(</span><span class='op'>*</span><span class='id identifier rubyid_ds'>ds</span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x04</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_data'>ber_data</span><span class='lparen'>(</span><span class='id identifier rubyid_ds'>ds</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="bin_to_hex-instance_method">
#<strong>bin_to_hex</strong>(str_val) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
697
698
699</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 697</span>
<span class='kw'>def</span> <span class='id identifier rubyid_bin_to_hex'>bin_to_hex</span><span class='lparen'>(</span><span class='id identifier rubyid_str_val'>str_val</span><span class='rparen'>)</span>
<span class='id identifier rubyid_str_val'>str_val</span><span class='period'>.</span><span class='id identifier rubyid_each_byte'>each_byte</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_b'>b</span><span class='op'>|</span> <span class='id identifier rubyid_b'>b</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_rjust'>rjust</span><span class='lparen'>(</span><span class='int'>2</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="build_data_tpdu-instance_method">
#<strong>build_data_tpdu</strong>(data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Builds x.224 Data (DT) TPDU - Section 13.7</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
755
756
757
758
759
760
761
762</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 755</span>
<span class='kw'>def</span> <span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_tpkt_length'>tpkt_length</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>7</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># TPKT Header version 03, reserved 0
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_tpkt_length'>tpkt_length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># TPKT length
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02\xf0\x80</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># X.224 Data TPDU (2 bytes: 0xf0 = Data TPDU, 0x80 = EOT, end of transmission)
</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="build_share_control_header-instance_method">
#<strong>build_share_control_header</strong>(type, data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/73d01865-2eae-407f-9b2c-87e31daac471">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/73d01865-2eae-407f-9b2c-87e31daac471</a> Share Control Header - TS_SHARECONTROLHEADER - 2.2.8.1.1.1.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
991
992
993
994
995
996
997
998</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 991</span>
<span class='kw'>def</span> <span class='id identifier rubyid_build_share_control_header'>build_share_control_header</span><span class='lparen'>(</span><span class='id identifier rubyid_type'>type</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_total_len'>total_len</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>6</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_total_len'>total_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># totalLength - includes all headers
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_type'>type</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># pduType - flags 16 bit, unsigned
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xf1\x03</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># PDUSource: 0x03f1 = 1009
</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="build_share_data_header-instance_method">
#<strong>build_share_data_header</strong>(type, data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4b5d4c0d-a657-41e9-9c69-d58632f46d31">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4b5d4c0d-a657-41e9-9c69-d58632f46d31</a> Share Data Header - TS_SHAREDATAHEADER - 2.2.8.1.1.1.2</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1002</span>
<span class='kw'>def</span> <span class='id identifier rubyid_build_share_data_header'>build_share_data_header</span><span class='lparen'>(</span><span class='id identifier rubyid_type'>type</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_uncompressed_len'>uncompressed_len</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>4</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xea\x03\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># shareId: 66538
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># pad1
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># streamID: 1
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_uncompressed_len'>uncompressed_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># uncompressedLength - 16 bit, unsigned int
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_type'>type</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># pduType2 - 8 bit, unsigned int - 2.2.8.1.1.2
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># compressedType: 0
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># compressedLength: 0
</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="build_virtual_channel_pdu-instance_method">
#<strong>build_virtual_channel_pdu</strong>(flags, data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/6c074267-1b32-4ceb-9496-2eb941a23e6b">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/6c074267-1b32-4ceb-9496-2eb941a23e6b</a> Virtual Channel PDU 2.2.6.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
746
747
748
749
750
751
752</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 746</span>
<span class='kw'>def</span> <span class='id identifier rubyid_build_virtual_channel_pdu'>build_virtual_channel_pdu</span><span class='lparen'>(</span><span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data_len'>data_len</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_data_len'>data_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># length
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_flags'>flags</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># flags
</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="bytes_to_bignum-instance_method">
#<strong>bytes_to_bignum</strong>(bytes_val, order = &quot;little&quot;) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
672
673
674
675
676
677
678
679</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 672</span>
<span class='kw'>def</span> <span class='id identifier rubyid_bytes_to_bignum'>bytes_to_bignum</span><span class='lparen'>(</span><span class='id identifier rubyid_bytes_val'>bytes_val</span><span class='comma'>,</span> <span class='id identifier rubyid_order'>order</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>little</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_bytes'>bytes</span> <span class='op'>=</span> <span class='id identifier rubyid_bin_to_hex'>bin_to_hex</span><span class='lparen'>(</span><span class='id identifier rubyid_bytes_val'>bytes_val</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_order'>order</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>little</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_bytes'>bytes</span> <span class='op'>=</span> <span class='id identifier rubyid_bytes'>bytes</span><span class='period'>.</span><span class='id identifier rubyid_scan'>scan</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>..</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_reverse'>reverse</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_s'>s</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>0x</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='id identifier rubyid_bytes'>bytes</span>
<span class='id identifier rubyid_s'>s</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="conf_create_req-instance_method">
#<strong>conf_create_req</strong>(user_data_sets: 1, h221_key: &quot;Duca&quot;) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1341</span>
<span class='kw'>def</span> <span class='id identifier rubyid_conf_create_req'>conf_create_req</span><span class='lparen'>(</span><span class='label'>user_data_sets:</span> <span class='int'>1</span><span class='comma'>,</span> <span class='label'>h221_key:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Duca</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_b2'>b2</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_b2'>b2</span> <span class='op'>|=</span> <span class='int'>0x08</span> <span class='kw'>if</span> <span class='id identifier rubyid_user_data_sets'>user_data_sets</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_b5'>b5</span> <span class='op'>=</span> <span class='int'>0x40</span>
<span class='id identifier rubyid_b5'>b5</span> <span class='op'>|=</span> <span class='int'>0x80</span> <span class='kw'>if</span> <span class='id identifier rubyid_user_data_sets'>user_data_sets</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='comment'># TODO: add more flags here
</span> <span class='lbracket'>[</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_b2'>b2</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x10\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_user_data_sets'>user_data_sets</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_b5'>b5</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_h221_key'>h221_key</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ASCII</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>a*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cs_cluster_data-instance_method">
#<strong>cs_cluster_data</strong>(flags: RDPConstants::REDIRECTION_SUPPORTED | RDPConstants::REDIRECTION_VERSION3, session_id: 0) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1246</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cs_cluster_data'>cs_cluster_data</span><span class='lparen'>(</span>
<span class='label'>flags:</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#REDIRECTION_SUPPORTED-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::REDIRECTION_SUPPORTED (constant)">REDIRECTION_SUPPORTED</a></span></span> <span class='op'>|</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#REDIRECTION_VERSION3-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::REDIRECTION_VERSION3 (constant)">REDIRECTION_VERSION3</a></span></span><span class='comma'>,</span>
<span class='label'>session_id:</span> <span class='int'>0</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_session_id'>session_id</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='int'>0xc004</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&lt;S&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_body'>body</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cs_core_data-instance_method">
#<strong>cs_core_data</strong>(version: 0x80004, width: 800, height: 600, keyboard: 1033, client_build: 2600, client_name: &quot;rdesktop&quot;, keyboard_type: 4, keyboard_subtype: 0, keyboard_func_key: 12, serial_num: 0, client_product_id: 1, client_dig_product_id: &quot;&quot;, selected_proto: 0) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/00f1da4a-ee9c-421a-852f-c19f92343d73">learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/00f1da4a-ee9c-421a-852f-c19f92343d73</a></p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1293</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cs_core_data'>cs_core_data</span><span class='lparen'>(</span>
<span class='label'>version:</span> <span class='int'>0x80004</span><span class='comma'>,</span>
<span class='label'>width:</span> <span class='int'>800</span><span class='comma'>,</span>
<span class='label'>height:</span> <span class='int'>600</span><span class='comma'>,</span>
<span class='label'>keyboard:</span> <span class='int'>1033</span><span class='comma'>,</span> <span class='comment'># English
</span> <span class='label'>client_build:</span> <span class='int'>2600</span><span class='comma'>,</span>
<span class='label'>client_name:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>rdesktop</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='label'>keyboard_type:</span> <span class='int'>4</span><span class='comma'>,</span> <span class='comment'># IBMEhanced 101/102
</span> <span class='label'>keyboard_subtype:</span> <span class='int'>0</span><span class='comma'>,</span>
<span class='label'>keyboard_func_key:</span> <span class='int'>12</span><span class='comma'>,</span>
<span class='label'>serial_num:</span> <span class='int'>0</span><span class='comma'>,</span>
<span class='label'>client_product_id:</span> <span class='int'>1</span><span class='comma'>,</span>
<span class='label'>client_dig_product_id:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='label'>selected_proto:</span> <span class='int'>0</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_client_name'>client_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_to_unicode'>to_unicode</span><span class='lparen'>(</span><span class='id identifier rubyid_client_name'>client_name</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>16</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-16le</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_client_dig_product_id'>client_dig_product_id</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_to_unicode'>to_unicode</span><span class='lparen'>(</span><span class='id identifier rubyid_client_dig_product_id'>client_dig_product_id</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>32</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-16le</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_version'>version</span><span class='comma'>,</span> <span class='id identifier rubyid_width'>width</span><span class='comma'>,</span> <span class='id identifier rubyid_height'>height</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;S&lt;S&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\xca</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># colour depth (8BPP)
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\xaa</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># SASSequence
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_keyboard'>keyboard</span><span class='comma'>,</span> <span class='id identifier rubyid_client_build'>client_build</span><span class='comma'>,</span> <span class='id identifier rubyid_client_name'>client_name</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;L&lt;a32</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_keyboard_type'>keyboard_type</span><span class='comma'>,</span> <span class='id identifier rubyid_keyboard_subtype'>keyboard_subtype</span><span class='comma'>,</span> <span class='id identifier rubyid_keyboard_func_key'>keyboard_func_key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;L&lt;L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>*</span> <span class='int'>64</span><span class='comma'>,</span> <span class='comment'># imeFileName
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\xca</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># postBeta2ColorDepth (8BPP)
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_client_product_id'>client_product_id</span><span class='comma'>,</span> <span class='id identifier rubyid_serial_num'>serial_num</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&lt;L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x18\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># highColorDepth: 24 bpp
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x07\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># supportedColorDepths: flag (24 bpp | 16 bpp | 15 bpp )
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># earlyCapabilityFlags: 1 (RNS_UD_CS_SUPPORT_ERRINFO_PDU)
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_client_dig_product_id'>client_dig_product_id</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>a64</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># connectionType: 0
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># pad1octet
</span> <span class='comment'># serverSelectedProtocol - After negotiating TLS or CredSSP this value must
</span> <span class='comment'># match the selectedProtocol value from the server&#39;s Negotiate Connection
</span> <span class='comment'># confirm PDU that was sent before encryption was started.
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_selected_proto'>selected_proto</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='int'>0xc001</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&lt;S&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_body'>body</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cs_network_data-instance_method">
#<strong>cs_network_data</strong>(channels) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1274</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cs_network_data'>cs_network_data</span><span class='lparen'>(</span><span class='id identifier rubyid_channels'>channels</span><span class='rparen'>)</span>
<span class='id identifier rubyid_chan_data'>chan_data</span> <span class='op'>=</span> <span class='id identifier rubyid_channels'>channels</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span><span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_c'>c</span><span class='op'>|</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_c'>c</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ASCII</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>a8</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='lbracket'>[</span><span class='id identifier rubyid_c'>c</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_channels'>channels</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_chan_data'>chan_data</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='int'>0xc003</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&lt;S&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_body'>body</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cs_security_data-instance_method">
#<strong>cs_security_data</strong>(encryption_methods: RDPConstants::ENCRYPTION_40BIT | RDPConstants::ENCRYPTION_128BIT, ext_encryption_methods: 0) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1260</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cs_security_data'>cs_security_data</span><span class='lparen'>(</span>
<span class='label'>encryption_methods:</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#ENCRYPTION_40BIT-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::ENCRYPTION_40BIT (constant)">ENCRYPTION_40BIT</a></span></span> <span class='op'>|</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#ENCRYPTION_128BIT-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::ENCRYPTION_128BIT (constant)">ENCRYPTION_128BIT</a></span></span><span class='comma'>,</span>
<span class='label'>ext_encryption_methods:</span> <span class='int'>0</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_encryption_methods'>encryption_methods</span><span class='comma'>,</span> <span class='id identifier rubyid_ext_encryption_methods'>ext_encryption_methods</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='int'>0xc002</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&lt;S&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_body'>body</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="encode_domain_selector-instance_method">
#<strong>encode_domain_selector</strong>(max_chan_ids: 0, max_user_ids: 0, max_token_ids: 0, num_priorities: 1, min_throughput: 0, max_height: 1, max_mcspdu_size: 65535, protocol_ver: 2) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1191</span>
<span class='kw'>def</span> <span class='id identifier rubyid_encode_domain_selector'>encode_domain_selector</span><span class='lparen'>(</span>
<span class='label'>max_chan_ids:</span> <span class='int'>0</span><span class='comma'>,</span>
<span class='label'>max_user_ids:</span> <span class='int'>0</span><span class='comma'>,</span>
<span class='label'>max_token_ids:</span> <span class='int'>0</span><span class='comma'>,</span>
<span class='label'>num_priorities:</span> <span class='int'>1</span><span class='comma'>,</span>
<span class='label'>min_throughput:</span> <span class='int'>0</span><span class='comma'>,</span>
<span class='label'>max_height:</span> <span class='int'>1</span><span class='comma'>,</span>
<span class='label'>max_mcspdu_size:</span> <span class='int'>65535</span><span class='comma'>,</span>
<span class='label'>protocol_ver:</span> <span class='int'>2</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_max_chan_ids'>max_chan_ids</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_max_user_ids'>max_user_ids</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_max_token_ids'>max_token_ids</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_num_priorities'>num_priorities</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_min_throughput'>min_throughput</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_max_height'>max_height</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_max_mcspdu_size'>max_mcspdu_size</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_ber_int'>ber_int</span><span class='lparen'>(</span><span class='id identifier rubyid_protocol_ver'>protocol_ver</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x30</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_body'>body</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Creates an instance of a RDP exploit module.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 17</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span>
<span class='id identifier rubyid_register_options'>register_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_USER</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The username to report during connect, UNSET = random</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_CLIENT_NAME</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The client computer name to report during connect, UNSET = random</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>rdesktop</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_DOMAIN</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The client domain name to report during connect</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptAddress.html" title="Msf::OptAddress (class)">OptAddress</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBase.html#initialize-instance_method" title="Msf::OptBase#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_CLIENT_IP</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The client IPv4 address to report during connect</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>192.168.0.100</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../Opt.html" title="Msf::Opt (module)">Opt</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Opt.html#RPORT-constant" title="Msf::Opt::RPORT (constant)">RPORT</a></span></span><span class='lparen'>(</span><span class='int'>3389</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::RDP (module)">RDP</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_advanced_options'>register_advanced_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../OptInt.html" title="Msf::OptInt (class)">OptInt</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBase.html#initialize-instance_method" title="Msf::OptBase#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_TLS_SECURITY_LEVEL</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Change default TLS security level. &quot;0&quot; (default) means everything is permitted. &quot;1&quot; rejects very weak parameters and &quot;2&quot; is even stricter.</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='int'>0</span> <span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::RDP (module)">RDP</a></span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="int_to_bytestring-instance_method">
#<strong>int_to_bytestring</strong>(int_val, num_chars = nil) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://www.ruby-forum.com/t/integer-to-byte-string-speed-improvements/67110">www.ruby-forum.com/t/integer-to-byte-string-speed-improvements/67110</a></p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
682
683
684
685
686
687
688
689
690
691
692
693
694
695</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 682</span>
<span class='kw'>def</span> <span class='id identifier rubyid_int_to_bytestring'>int_to_bytestring</span><span class='lparen'>(</span> <span class='id identifier rubyid_int_val'>int_val</span><span class='comma'>,</span> <span class='id identifier rubyid_num_chars'>num_chars</span> <span class='op'>=</span> <span class='kw'>nil</span> <span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_num_chars'>num_chars</span>
<span class='id identifier rubyid_bits_needed'>bits_needed</span> <span class='op'>=</span> <span class='const'>Math</span><span class='period'>.</span><span class='id identifier rubyid_log'>log</span><span class='lparen'>(</span><span class='id identifier rubyid_int_val'>int_val</span><span class='rparen'>)</span> <span class='op'>/</span> <span class='const'>Math</span><span class='period'>.</span><span class='id identifier rubyid_log'>log</span><span class='lparen'>(</span><span class='int'>2</span><span class='rparen'>)</span>
<span class='id identifier rubyid_num_chars'>num_chars</span> <span class='op'>=</span> <span class='lparen'>(</span> <span class='id identifier rubyid_bits_needed'>bits_needed</span> <span class='op'>/</span> <span class='float'>8.0</span> <span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_ceil'>ceil</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pack_code'>pack_code</span> <span class='op'>=</span> <span class='lbrace'>{</span> <span class='int'>1</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='int'>2</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='int'>4</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L</span><span class='tstring_end'>&#39;</span></span> <span class='rbrace'>}</span><span class='lbracket'>[</span><span class='id identifier rubyid_num_chars'>num_chars</span><span class='rbracket'>]</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_int_val'>int_val</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='id identifier rubyid_pack_code'>pack_code</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_a'>a</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='int'>0</span><span class='op'>..</span><span class='lparen'>(</span><span class='id identifier rubyid_num_chars'>num_chars</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span><span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_i'>i</span><span class='op'>|</span>
<span class='lparen'>(</span><span class='lparen'>(</span> <span class='id identifier rubyid_int_val'>int_val</span> <span class='op'>&gt;&gt;</span> <span class='id identifier rubyid_i'>i</span><span class='op'>*</span><span class='int'>8</span> <span class='rparen'>)</span> <span class='op'>&amp;</span> <span class='int'>0xFF</span> <span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_chr'>chr</span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span>
<span class='id identifier rubyid_a'>a</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='op'>-</span><span class='int'>2</span><span class='rbracket'>]</span> <span class='comment'># seems legit lol
</span> <span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="oid-instance_method">
#<strong>oid</strong>(itut, rec, t, t124, ver, desc) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1360
1361
1362</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1360</span>
<span class='kw'>def</span> <span class='id identifier rubyid_oid'>oid</span><span class='lparen'>(</span><span class='id identifier rubyid_itut'>itut</span><span class='comma'>,</span> <span class='id identifier rubyid_rec'>rec</span><span class='comma'>,</span> <span class='id identifier rubyid_t'>t</span><span class='comma'>,</span> <span class='id identifier rubyid_t124'>t124</span><span class='comma'>,</span> <span class='id identifier rubyid_ver'>ver</span><span class='comma'>,</span> <span class='id identifier rubyid_desc'>desc</span><span class='rparen'>)</span>
<span class='lbracket'>[</span><span class='lparen'>(</span><span class='id identifier rubyid_itut'>itut</span> <span class='op'>&lt;&lt;</span> <span class='int'>8</span><span class='rparen'>)</span> <span class='op'>|</span> <span class='id identifier rubyid_rec'>rec</span><span class='comma'>,</span> <span class='id identifier rubyid_t'>t</span><span class='comma'>,</span> <span class='id identifier rubyid_t124'>t124</span><span class='comma'>,</span> <span class='id identifier rubyid_ver'>ver</span><span class='comma'>,</span> <span class='id identifier rubyid_desc'>desc</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_attach_user_request-instance_method">
#<strong>pdu_attach_user_request</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/f5d6a541-9b36-4100-b78f-18710f39f247">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/f5d6a541-9b36-4100-b78f-18710f39f247</a>\ Client MCS Attach User Request PDU - 2.2.1.6</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
873
874
875
876
877</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 873</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_attach_user_request'>pdu_attach_user_request</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x28</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># T.125 AttachUserRequest
</span>
<span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_channel_join_request-instance_method">
#<strong>pdu_channel_join_request</strong>(user1, channel_id) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/64564639-3b2d-4d2c-ae77-1105b4cc011b">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/64564639-3b2d-4d2c-ae77-1105b4cc011b</a> Client MCS Channel Join Request PDU -2.2.1.8</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
881
882
883
884
885
886
887</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 881</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_channel_join_request'>pdu_channel_join_request</span><span class='lparen'>(</span><span class='id identifier rubyid_user1'>user1</span><span class='comma'>,</span> <span class='id identifier rubyid_channel_id'>channel_id</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x38</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># T.125 ChannelJoinRequest
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_user1'>user1</span><span class='comma'>,</span> <span class='id identifier rubyid_channel_id'>channel_id</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>nn</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_client_confirm_active-instance_method">
#<strong>pdu_client_confirm_active</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4e9722c3-ad83-43f5-af5a-529f73d88b48">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4e9722c3-ad83-43f5-af5a-529f73d88b48</a> Confirm Active PDU Data - TS_CONFIRM_ACTIVE_PDU - 2.2.1.13.2.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1077</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_client_confirm_active'>pdu_client_confirm_active</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xea\x03\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># shareId: 66538
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xea\x03</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># originatorId
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x06\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthSourceDescriptor: 6
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x8e\x01</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCombinedCapabilities: 398
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x4d\x53\x54\x53\x43\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># SourceDescriptor: &#39;MSTSC&#39;
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0e\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># numberCapabilities: 14
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># pad2Octets
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 1 - TS_GENERAL_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x18\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 24
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x03\x00\x00\x02\x00\x00\x00\x00\x0d\x04\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 2 - TS_BITMAP_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x1c\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 28
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x10\x00\x01\x00\x01\x00\x01\x00\x20\x03\x58\x02\x00\x00\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x00\x00\x01\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 3 - TS_ORDER_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x58\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 88
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x01\x00\x14\x00\x00\x00\x01\x00\x47\x01\x2a\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x01\x01\x01\x00\x00\x00\x00\x01\x01\x01\x01\x00\x01\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x01\x01\x01\x00\x00\x01\x01\x01\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xa1\x06\x00\x00\x00\x00\x00\x00\x00\x84\x03\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xe4\x04\x00\x00\x13\x00\x28\x00\x00\x00\x00\x03\x78\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x78\x00\x00\x00\x50\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 8 - TS_POINTER_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0a\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 10
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x14\x00\x14\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0a\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 10 - TS_COLORTABLE_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 8
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x06\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x07\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 7 - TSWINDOWACTIVATION_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0c\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 12
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x05\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 5 - TS_CONTROL_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0c\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 12
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x02\x00\x02\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x09\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 9 - TS_SHARE_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 8
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0f\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 15 - TS_BRUSH_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 8
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0d\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 13 - TS_INPUT_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x58\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 88
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x00\x00\x09\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0c\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 12 - TS_SOUND_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 8
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0e\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 14 - TS_FONT_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 8
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x10\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># capabilitySetType: 16 - TS_GLYPHCAChE_CAPABILITYSET
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x34\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># lengthCapability: 52
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xfe\x00\x04\x00\xfe\x00\x04\x00\xfe\x00\x08\x00\xfe\x00\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xfe\x00\x10\x00\xfe\x00\x20\x00\xfe\x00\x40\x00\xfe\x00\x80\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xfe\x00\x00\x01\x40\x00\x00\x08\x00\x01\x00\x01\x02\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span>
<span class='comment'># type = 0x13 = TS_PROTOCOL_VERSION | PDUTYPE_CONFIRMACTIVEPDU
</span> <span class='id identifier rubyid_build_share_control_header'>build_share_control_header</span><span class='lparen'>(</span><span class='int'>0x13</span><span class='comma'>,</span> <span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_client_control_cooperate-instance_method">
#<strong>pdu_client_control_cooperate</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9d1e1e21-d8b4-4bfd-9caf-4b72ee91a7135">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9d1e1e21-d8b4-4bfd-9caf-4b72ee91a7135</a> Control Cooperate - TC_CONTROL_PDU 2.2.1.15</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1017</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_client_control_cooperate'>pdu_client_control_cooperate</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x04\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># action: 4 - CTRLACTION_COOPERATE
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># grantId: 0
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># controlId: 0
</span>
<span class='comment'># pduType2 = 0x14 = 20 - PDUTYPE2_CONTROL
</span> <span class='id identifier rubyid_data_header'>data_header</span> <span class='op'>=</span> <span class='id identifier rubyid_build_share_data_header'>build_share_data_header</span><span class='lparen'>(</span><span class='int'>0x14</span><span class='comma'>,</span> <span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='comment'># type = 0x17 = TS_PROTOCOL_VERSION | PDUTYPE_DATAPDU
</span> <span class='id identifier rubyid_build_share_control_header'>build_share_control_header</span><span class='lparen'>(</span><span class='int'>0x17</span><span class='comma'>,</span> <span class='id identifier rubyid_data_header'>data_header</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_client_control_request-instance_method">
#<strong>pdu_client_control_request</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4f94e123-970b-4242-8cf6-39820d8e3d35">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/4f94e123-970b-4242-8cf6-39820d8e3d35</a> Control Request - TC_CONTROL_PDU 2.2.1.16</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1032</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_client_control_request'>pdu_client_control_request</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># action: 1 - CTRLACTION_REQUEST_CONTROL
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># grantId: 0
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># controlId: 0
</span>
<span class='comment'># pduType2 = 0x14 = 20 - PDUTYPE2_CONTROL
</span> <span class='id identifier rubyid_data_header'>data_header</span> <span class='op'>=</span> <span class='id identifier rubyid_build_share_data_header'>build_share_data_header</span><span class='lparen'>(</span><span class='int'>0x14</span><span class='comma'>,</span> <span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='comment'># type = 0x17 = TS_PROTOCOL_VERSION | PDUTYPE_DATAPDU
</span> <span class='id identifier rubyid_build_share_control_header'>build_share_control_header</span><span class='lparen'>(</span><span class='int'>0x17</span><span class='comma'>,</span> <span class='id identifier rubyid_data_header'>data_header</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_client_font_list-instance_method">
#<strong>pdu_client_font_list</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7067da0d-e318-4464-88e8-b11509cf0bd9">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7067da0d-e318-4464-88e8-b11509cf0bd9</a> Client Font List - TS_FONT_LIST_PDU - 2.2.1.18</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1047</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_client_font_list'>pdu_client_font_list</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># numberFonts: 0
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># totalNumberFonts: 0
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># listFlags: 3 (FONTLIST_FIRST | FONTLIST_LAST)
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x32\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># entrySize: 50
</span>
<span class='comment'># pduType2 = 0x27 = 29 - PDUTYPE2_FONTLIST
</span> <span class='id identifier rubyid_data_header'>data_header</span> <span class='op'>=</span> <span class='id identifier rubyid_build_share_data_header'>build_share_data_header</span><span class='lparen'>(</span><span class='int'>0x27</span><span class='comma'>,</span> <span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='comment'># type = 0x17 = TS_PROTOCOL_VERSION | PDUTYPE_DATAPDU
</span> <span class='id identifier rubyid_build_share_control_header'>build_share_control_header</span><span class='lparen'>(</span><span class='int'>0x17</span><span class='comma'>,</span> <span class='id identifier rubyid_data_header'>data_header</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_client_info-instance_method">
#<strong>pdu_client_info</strong>(user_name, domain_name = &quot;&quot;, ip_address = &quot;&quot;) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/772d618e-b7d6-4cd0-b735-fa08af558f9d">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/772d618e-b7d6-4cd0-b735-fa08af558f9d</a> TS_INFO_PACKET - 2.2.1.11.1.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 921</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_client_info'>pdu_client_info</span><span class='lparen'>(</span><span class='id identifier rubyid_user_name'>user_name</span><span class='comma'>,</span> <span class='id identifier rubyid_domain_name'>domain_name</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_ip_address'>ip_address</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'># Max len for 4.0/6.0 servers is 44 bytes including terminator
</span> <span class='comment'># Max len for all other versions is 512 including terminator
</span> <span class='comment'># We&#39;re going to limit to 44 (21 chars + null -&gt; unicode) here.
</span> <span class='comment'># Blank username is ok, nil = random
</span> <span class='id identifier rubyid_user_name'>user_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>10</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_user_name'>user_name</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_user_unicode'>user_unicode</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_to_unicode'>to_unicode</span><span class='lparen'>(</span><span class='id identifier rubyid_user_name'>user_name</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>20</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-16le</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_uname_len'>uname_len</span> <span class='op'>=</span> <span class='id identifier rubyid_user_unicode'>user_unicode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='comment'># Domain can can be, and for rdesktop typically is, empty.
</span> <span class='comment'># Max len for 4.0/5.0 servers is 52 including terminator
</span> <span class='comment'># Max len for all other versions is 512 including terminator
</span> <span class='comment'># We&#39;re going to limit to 52 (25 chars + null -&gt; unicode) here.
</span> <span class='id identifier rubyid_domain_unicode'>domain_unicode</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_to_unicode'>to_unicode</span><span class='lparen'>(</span><span class='id identifier rubyid_domain_name'>domain_name</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>24</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-16le</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_domain_len'>domain_len</span> <span class='op'>=</span> <span class='id identifier rubyid_domain_unicode'>domain_unicode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='comment'># This address value is primarily used to reduce the fields by which this
</span> <span class='comment'># module can be fingerprinted. It doesn&#39;t show up in Windows logs.
</span> <span class='comment'># clientAddress + null terminator
</span> <span class='id identifier rubyid_ip_unicode'>ip_unicode</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_to_unicode'>to_unicode</span><span class='lparen'>(</span><span class='id identifier rubyid_ip_address'>ip_address</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-16le</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_ip_len'>ip_len</span> <span class='op'>=</span> <span class='id identifier rubyid_ip_unicode'>ip_unicode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># CodePage
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x33\x01\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># flags - INFO_MOUSE, INFO_DISABLECTRLALTDEL, INFO_UNICODE, INFO_MAXIMIZESHELL, INFO_ENABLEWINDOWSKEY
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_domain_len'>domain_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># cbDomain (length value) - EXCLUDES null terminator
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_uname_len'>uname_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># cbUserName (length value) - EXCLUDES null terminator
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># cbPassword (length value)
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># cbAlternateShell (length value)
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># cbWorkingDir (length value)
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_domain_unicode'>domain_unicode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>a*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># Domain
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># Domain null terminator, EXCLUDED from value of cbDomain
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_user_unicode'>user_unicode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>a*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># UserName
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># UserName null terminator, EXCLUDED FROM value of cbUserName
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># Password - empty
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># AlternateShell - empty
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># WorkingDir - empty
</span> <span class='comment'># TS_EXTENDED_INFO_PACKET - 2.2.1.11.1.1.1
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># clientAddressFamily - AF_INET - FIXFIX - detect and set dynamically
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_ip_len'>ip_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># cbClientAddress (length value) - INCLUDES terminator ... for reasons.
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_ip_unicode'>ip_unicode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>a*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># clientAddress (unicode + null terminator (unicode)
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x3c\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># cbClientDir (length value): 60
</span> <span class='comment'># clientDir - &#39;C:\WINNT\System32\mstscax.dll&#39; + null terminator
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x3c\x00\x43\x00\x3a\x00\x5c\x00\x57\x00\x49\x00\x4e\x00\x4e\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x54\x00\x5c\x00\x53\x00\x79\x00\x73\x00\x74\x00\x65\x00\x6d\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x33\x00\x32\x00\x5c\x00\x6d\x00\x73\x00\x74\x00\x73\x00\x63\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x61\x00\x78\x00\x2e\x00\x64\x00\x6c\x00\x6c\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='comment'># clientTimeZone - TS_TIME_ZONE struct - 172 bytes
</span> <span class='comment'># These are the default values for rdesktop
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xa4\x01\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># Bias
</span> <span class='comment'># StandardName - &#39;GTB,normaltid&#39;
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x47\x00\x54\x00\x42\x00\x2c\x00\x20\x00\x6e\x00\x6f\x00\x72\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x6d\x00\x61\x00\x6c\x00\x74\x00\x69\x00\x64\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x0a\x00\x00\x00\x05\x00\x03\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># StandardDate - Oct 5
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># StandardBias
</span> <span class='comment'># DaylightName - &#39;GTB,sommartid&#39;
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x47\x00\x54\x00\x42\x00\x2c\x00\x20\x00\x73\x00\x6f\x00\x6d\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x6d\x00\x61\x00\x72\x00\x74\x00\x69\x00\x64\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'>#
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x03\x00\x00\x00\x05\x00\x02\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># DaylightDate - Mar 3
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xc4\xff\xff\xff</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># DaylightBias
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># clientSessionId
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x27\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># performanceFlags
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># cbAutoReconnectCookie
</span><span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_client_input_event_synchronize-instance_method">
#<strong>pdu_client_input_event_synchronize</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/ff7f06f8-0dcf-4c8d-be1f-596ae60c4396">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/ff7f06f8-0dcf-4c8d-be1f-596ae60c4396</a> Client Input Event Data - TS_INPUT_PDU_DATA - 2.2.8.1.1.3.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1148</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_client_input_event_synchronize'>pdu_client_input_event_synchronize</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># numEvents: 1
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># pad2Octets
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># eventTime
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># messageType: 0 - INPUT_EVENT_SYNC
</span> <span class='comment'># TS_SYNC_EVENT 202.8.1.1.3.1.1.5
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># pad2Octets
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># toggleFlags
</span>
<span class='comment'># pduType2 = 0x1c = 28 - PDUTYPE2_INPUT
</span> <span class='id identifier rubyid_data_header'>data_header</span> <span class='op'>=</span> <span class='id identifier rubyid_build_share_data_header'>build_share_data_header</span><span class='lparen'>(</span><span class='int'>0x1c</span><span class='comma'>,</span> <span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='comment'># type = 0x17 = TS_PROTOCOL_VERSION | PDUTYPE_DATAPDU
</span> <span class='id identifier rubyid_build_share_control_header'>build_share_control_header</span><span class='lparen'>(</span><span class='int'>0x17</span><span class='comma'>,</span> <span class='id identifier rubyid_data_header'>data_header</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_client_synchronize-instance_method">
#<strong>pdu_client_synchronize</strong>(target_user = 0) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/5186005a-36f5-4f5d-8c06-968f28e2d992">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/5186005a-36f5-4f5d-8c06-968f28e2d992</a> Client Synchronize - TS_SYNCHRONIZE_PDU - 2.2.1.19 / 2.2.14.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1063</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_client_synchronize'>pdu_client_synchronize</span><span class='lparen'>(</span><span class='id identifier rubyid_target_user'>target_user</span> <span class='op'>=</span> <span class='int'>0</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># messageType: 1 SYNCMSGTYPE_SYNC
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_target_user'>target_user</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='comment'># targetUser, 16 bit, unsigned.
</span>
<span class='comment'># pduType2 = 0x1f = 31 - PDUTYPE2_SCYNCHRONIZE
</span> <span class='id identifier rubyid_data_header'>data_header</span> <span class='op'>=</span> <span class='id identifier rubyid_build_share_data_header'>build_share_data_header</span><span class='lparen'>(</span><span class='int'>0x1f</span><span class='comma'>,</span> <span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='comment'># type = 0x17 = TS_PROTOCOL_VERSION | PDUTYPE_DATAPDU
</span> <span class='id identifier rubyid_build_share_control_header'>build_share_control_header</span><span class='lparen'>(</span><span class='int'>0x17</span><span class='comma'>,</span> <span class='id identifier rubyid_data_header'>data_header</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_connect_initial-instance_method">
#<strong>pdu_connect_initial</strong>(channels, selected_proto = 0, host_name = &quot;rdesktop&quot;) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/db6713ee-1c0e-4064-a3b3-0fac30b4037b">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/db6713ee-1c0e-4064-a3b3-0fac30b4037b</a></p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 811</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_connect_initial'>pdu_connect_initial</span><span class='lparen'>(</span><span class='id identifier rubyid_channels'>channels</span><span class='comma'>,</span> <span class='id identifier rubyid_selected_proto'>selected_proto</span> <span class='op'>=</span> <span class='int'>0</span><span class='comma'>,</span> <span class='id identifier rubyid_host_name'>host_name</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>rdesktop</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'># After negotiating TLS or NLA the connectInitial packet needs to include the
</span> <span class='comment'># protocol selection that the server indicated in its Negotiation Response
</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x7f\x65</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># T.125 Connect-Initial (BER: Application 101)
</span> <span class='id identifier rubyid_ber_data'>ber_data</span><span class='lparen'>(</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x04\x01\x01</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># CallingDomainSelector: 1 (BER: OctetString)
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x04\x01\x01</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># CalledDomainSelector: 1 (BER: OctetString)
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x01\xff</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># UpwaredFlag: True (BER: boolean)
</span>
<span class='comment'># TargetParamenters
</span> <span class='id identifier rubyid_encode_domain_selector'>encode_domain_selector</span><span class='lparen'>(</span>
<span class='label'>max_chan_ids:</span> <span class='int'>0x22</span><span class='comma'>,</span>
<span class='label'>max_user_ids:</span> <span class='int'>0x2</span>
<span class='rparen'>)</span><span class='comma'>,</span>
<span class='comment'># MinimumParameters
</span> <span class='id identifier rubyid_encode_domain_selector'>encode_domain_selector</span><span class='lparen'>(</span>
<span class='label'>max_chan_ids:</span> <span class='int'>0x1</span><span class='comma'>,</span>
<span class='label'>max_user_ids:</span> <span class='int'>0x1</span><span class='comma'>,</span>
<span class='label'>max_token_ids:</span> <span class='int'>0x1</span><span class='comma'>,</span>
<span class='label'>max_mcspdu_size:</span> <span class='int'>0x0420</span>
<span class='rparen'>)</span><span class='comma'>,</span>
<span class='comment'># MaximumParameters
</span> <span class='id identifier rubyid_encode_domain_selector'>encode_domain_selector</span><span class='lparen'>(</span>
<span class='label'>max_chan_ids:</span> <span class='int'>0xffff</span><span class='comma'>,</span>
<span class='label'>max_user_ids:</span> <span class='int'>0xfc17</span><span class='comma'>,</span>
<span class='label'>max_token_ids:</span> <span class='int'>0xffff</span>
<span class='rparen'>)</span><span class='comma'>,</span>
<span class='comment'># UserData
</span> <span class='id identifier rubyid_ber_octet_string'>ber_octet_string</span><span class='lparen'>(</span>
<span class='comment'># T.124 GCC Connection Data (ConnectData)- PER Encoding used
</span> <span class='id identifier rubyid_per_object'>per_object</span><span class='lparen'>(</span><span class='id identifier rubyid_oid'>oid</span><span class='lparen'>(</span><span class='int'>0</span><span class='comma'>,</span> <span class='int'>0</span><span class='comma'>,</span> <span class='int'>20</span><span class='comma'>,</span> <span class='int'>124</span><span class='comma'>,</span> <span class='int'>0</span><span class='comma'>,</span> <span class='int'>1</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_per_data'>per_data</span><span class='lparen'>(</span>
<span class='id identifier rubyid_conf_create_req'>conf_create_req</span><span class='lparen'>(</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_per_data'>per_data</span><span class='lparen'>(</span>
<span class='id identifier rubyid_cs_core_data'>cs_core_data</span><span class='lparen'>(</span><span class='label'>client_name:</span> <span class='id identifier rubyid_host_name'>host_name</span><span class='comma'>,</span> <span class='label'>selected_proto:</span> <span class='id identifier rubyid_selected_proto'>selected_proto</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_cs_cluster_data'>cs_cluster_data</span><span class='lparen'>(</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_cs_security_data'>cs_security_data</span><span class='lparen'>(</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_cs_network_data'>cs_network_data</span><span class='lparen'>(</span><span class='id identifier rubyid_channels'>channels</span><span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_erect_domain_request-instance_method">
#<strong>pdu_erect_domain_request</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/04c60697-0d9a-4afd-a0cd-2cc133151a9c">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/04c60697-0d9a-4afd-a0cd-2cc133151a9c</a> Client MCS Erect Domain Request PDU - 2.2.1.5</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
862
863
864
865
866
867
868
869</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 862</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_erect_domain_request'>pdu_erect_domain_request</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x04</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># T.125 ErectDomainRequest
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># subHeight - length 1, value 0
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># subInterval - length 1, value 0
</span>
<span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_negotiation_request-instance_method">
#<strong>pdu_negotiation_request</strong>(user_name = &quot;&quot;, requested_protocols = 0) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/18a27ef9-6f9a-4501-b000-94b1fe3c2c10">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/18a27ef9-6f9a-4501-b000-94b1fe3c2c10</a> Client X.224 Connect Request PDU - 2.2.1.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 788</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_negotiation_request'>pdu_negotiation_request</span><span class='lparen'>(</span><span class='id identifier rubyid_user_name'>user_name</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_requested_protocols'>requested_protocols</span> <span class='op'>=</span> <span class='int'>0</span><span class='rparen'>)</span>
<span class='comment'># Blank username is ok, nil = random
</span> <span class='id identifier rubyid_user_name'>user_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>12</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_user_name'>user_name</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_tpkt_len'>tpkt_len</span> <span class='op'>=</span> <span class='id identifier rubyid_user_name'>user_name</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>38</span>
<span class='id identifier rubyid_x224_len'>x224_len</span> <span class='op'>=</span> <span class='id identifier rubyid_user_name'>user_name</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>33</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># TPKT Header version 03, reserved 0
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_tpkt_len'>tpkt_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># TPKT length: 43
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_x224_len'>x224_len</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># X.224 LengthIndicator
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xe0</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># X.224 Type: Connect Request
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># dst reference
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># src reference
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># class and options
</span> <span class='comment'># cookie - literal &#39;Cookie: mstshash=&#39;
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x43\x6f\x6f\x6b\x69\x65\x3a\x20\x6d\x73\x74\x73\x68\x61\x73\x68\x3d</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span>
<span class='id identifier rubyid_user_name'>user_name</span> <span class='op'>+</span> <span class='comment'># Identifier &quot;username&quot;
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0d\x0a</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># cookie terminator
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># Type: RDP Negotiation Request ( 0x01 )
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x08\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># Length
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_requested_protocols'>requested_protocols</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='comment'># requestedProtocols
</span><span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_new_license_request-instance_method">
#<strong>pdu_new_license_request</strong>(client_random, user, host) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/c57e4890-9049-421e-9fe8-9a6f9519675a">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/c57e4890-9049-421e-9fe8-9a6f9519675a</a> Client New License Request PDU - 2.2.2.2</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 766</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_new_license_request'>pdu_new_license_request</span><span class='lparen'>(</span><span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_user'>user</span><span class='comma'>,</span> <span class='id identifier rubyid_host'>host</span><span class='rparen'>)</span>
<span class='id identifier rubyid_length'>length</span> <span class='op'>=</span> <span class='int'>24</span> <span class='op'>+</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>64</span> <span class='op'>+</span> <span class='id identifier rubyid_user'>user</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>1</span> <span class='op'>+</span> <span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>1</span>
<span class='lbracket'>[</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_NEW_LICENSE_REQ-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_NEW_LICENSE_REQ (constant)">LICENSE_NEW_LICENSE_REQ</a></span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># Version
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># Length
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x01\x00\x00\x00\x01\xff</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># KEY_EXCHANGE_ALG_RSA
</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>31</span><span class='rbracket'>]</span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># Encrypted Premaster Secret RANDOM_BLOB
</span> <span class='lbracket'>[</span><span class='int'>64</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>*</span> <span class='int'>64</span> <span class='op'>+</span> <span class='comment'># The client license premaster secret, we don&#39;t care about the license contents
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0f\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># USER_NAME_BLOB
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_user'>user</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>1</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span>
<span class='id identifier rubyid_user'>user</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x10\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># CLIENT_MACHINE_NAME_BLOB
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>1</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span>
<span class='id identifier rubyid_host'>host</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="pdu_security_exchange-instance_method">
#<strong>pdu_security_exchange</strong>(rcran, rsexp, rsmod, bitlen) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9cde84cd-5055-475a-ac8b-704db419b66f">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/9cde84cd-5055-475a-ac8b-704db419b66f</a> Client Security Exchange PDU - 2.2.1.10</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 891</span>
<span class='kw'>def</span> <span class='id identifier rubyid_pdu_security_exchange'>pdu_security_exchange</span><span class='lparen'>(</span><span class='id identifier rubyid_rcran'>rcran</span><span class='comma'>,</span> <span class='id identifier rubyid_rsexp'>rsexp</span><span class='comma'>,</span> <span class='id identifier rubyid_rsmod'>rsmod</span><span class='comma'>,</span> <span class='id identifier rubyid_bitlen'>bitlen</span><span class='rparen'>)</span>
<span class='id identifier rubyid_encrypted_rcran_bignum'>encrypted_rcran_bignum</span> <span class='op'>=</span> <span class='id identifier rubyid_rsa_encrypt'>rsa_encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_rcran'>rcran</span><span class='comma'>,</span> <span class='id identifier rubyid_rsexp'>rsexp</span><span class='comma'>,</span> <span class='id identifier rubyid_rsmod'>rsmod</span><span class='rparen'>)</span>
<span class='id identifier rubyid_encrypted_rcran'>encrypted_rcran</span> <span class='op'>=</span> <span class='id identifier rubyid_int_to_bytestring'>int_to_bytestring</span><span class='lparen'>(</span><span class='id identifier rubyid_encrypted_rcran_bignum'>encrypted_rcran_bignum</span><span class='rparen'>)</span>
<span class='id identifier rubyid_bitlen'>bitlen</span> <span class='op'>+=</span> <span class='int'>8</span> <span class='comment'># Pad with size of TS_SECURITY_PACKET header
</span>
<span class='id identifier rubyid_userdata_length'>userdata_length</span> <span class='op'>=</span> <span class='int'>8</span> <span class='op'>+</span> <span class='id identifier rubyid_bitlen'>bitlen</span>
<span class='id identifier rubyid_userdata_length_low'>userdata_length_low</span> <span class='op'>=</span> <span class='id identifier rubyid_userdata_length'>userdata_length</span> <span class='op'>&amp;</span> <span class='int'>0xFF</span>
<span class='id identifier rubyid_userdata_length_high'>userdata_length_high</span> <span class='op'>=</span> <span class='id identifier rubyid_userdata_length'>userdata_length</span> <span class='op'>/</span> <span class='int'>256</span>
<span class='id identifier rubyid_flags'>flags</span> <span class='op'>=</span> <span class='int'>0x80</span> <span class='op'>|</span> <span class='id identifier rubyid_userdata_length_high'>userdata_length_high</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x64</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># T.125 sendDataRequest
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x08</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># intiator userId
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\xeb</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># channelId = 1003
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x70</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># dataPriority = high, segmentation = begin | end
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_flags'>flags</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_userdata_length_low'>userdata_length_low</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># UserData length
</span> <span class='comment'># TS_SECURITY_PACKET - 2.2.1.10.1
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># securityHeader flags
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='comment'># securityHeader flagsHi
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_bitlen'>bitlen</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='comment'># TS_ length
</span> <span class='id identifier rubyid_encrypted_rcran'>encrypted_rcran</span> <span class='op'>+</span> <span class='comment'># encryptedClientRandom - 64 bytes
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># 8 bytes rear padding (always present)
</span>
<span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="per_data-instance_method">
#<strong>per_data</strong>(*ds) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1234</span>
<span class='kw'>def</span> <span class='id identifier rubyid_per_data'>per_data</span><span class='lparen'>(</span><span class='op'>*</span><span class='id identifier rubyid_ds'>ds</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_ds'>ds</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&lt;</span> <span class='int'>0x4000</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>|</span> <span class='int'>0x8000</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xA2</span><span class='tstring_end'>&quot;</span></span> <span class='op'>+</span> <span class='lbracket'>[</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="per_object-instance_method">
#<strong>per_object</strong>(*ds) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1222</span>
<span class='kw'>def</span> <span class='id identifier rubyid_per_object'>per_object</span><span class='lparen'>(</span><span class='op'>*</span><span class='id identifier rubyid_ds'>ds</span><span class='rparen'>)</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='id identifier rubyid_ds'>ds</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_body'>body</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_build_pkt-instance_method">
#<strong>rdp_build_pkt</strong>(data, channel_id = &quot;\x03\xeb&quot;, client_info: false, license_info: false) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Build the X.224 packet, encrypt with Standard RDP Security as needed default channel_id = 0x03eb = 1003</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 708</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_channel_id'>channel_id</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\xeb</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='label'>client_info:</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='label'>license_info:</span> <span class='kw'>false</span><span class='rparen'>)</span>
<span class='id identifier rubyid_flags'>flags</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_flags'>flags</span> <span class='op'>|=</span> <span class='int'>0x08</span> <span class='kw'>if</span> <span class='ivar'>@rdp_sec</span> <span class='comment'># Set SEC_ENCRYPT
</span> <span class='id identifier rubyid_flags'>flags</span> <span class='op'>|=</span> <span class='int'>0x40</span> <span class='kw'>if</span> <span class='id identifier rubyid_client_info'>client_info</span> <span class='comment'># Set SEC_INFO_PKT
</span> <span class='id identifier rubyid_flags'>flags</span> <span class='op'>|=</span> <span class='int'>0x80</span> <span class='kw'>if</span> <span class='id identifier rubyid_license_info'>license_info</span> <span class='comment'># Set SEC_LICENSE_PKT
</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span>
<span class='comment'># TS_SECURITY_HEADER - 2.2.8.1.1.2.1
</span> <span class='comment'># Send when the packet is encrypted w/ Standard RDP Security and in all Client Info PDUs
</span> <span class='kw'>if</span> <span class='id identifier rubyid_client_info'>client_info</span> <span class='op'>||</span> <span class='ivar'>@rdp_sec</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_flags'>flags</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='comment'># flags &quot;\x48\x00&quot; = SEC_INFO_PKT | SEC_ENCRYPT
</span> <span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># flagsHi
</span> <span class='kw'>end</span>
<span class='kw'>if</span> <span class='ivar'>@rdp_sec</span>
<span class='comment'># Encrypt the payload with RDP Standard Encryption
</span> <span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_rdp_hmac'>rdp_hmac</span><span class='lparen'>(</span><span class='ivar'>@hmackey</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>7</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_rdp_rc4_crypt'>rdp_rc4_crypt</span><span class='lparen'>(</span><span class='ivar'>@rc4enckey</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_data'>data</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_user_data_len'>user_data_len</span> <span class='op'>=</span> <span class='id identifier rubyid_pdu'>pdu</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='id identifier rubyid_udl_with_flag'>udl_with_flag</span> <span class='op'>=</span> <span class='int'>0x8000</span> <span class='op'>|</span> <span class='id identifier rubyid_user_data_len'>user_data_len</span>
<span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x64</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># sendDataRequest
</span> <span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x08</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># intiator userId .. TODO: for a functional client this isn&#39;t static
</span> <span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_channel_id'>channel_id</span> <span class='comment'># channelId
</span> <span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x70</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># dataPriority
</span> <span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_udl_with_flag'>udl_with_flag</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_pdu'>pdu</span>
<span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_calculate_rc4_keys-instance_method">
#<strong>rdp_calculate_rc4_keys</strong>(client_random, server_random) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 641</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_calculate_rc4_keys'>rdp_calculate_rc4_keys</span><span class='lparen'>(</span><span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='comment'># g = First192Bits(ClientRandom) + First192Bits(ServerRandom)
</span> <span class='id identifier rubyid_g'>g</span> <span class='op'>=</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>23</span><span class='rbracket'>]</span> <span class='op'>+</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>23</span><span class='rbracket'>]</span>
<span class='comment'># PreMasterHash(I) = SaltedHash(g, I)
</span> <span class='comment'># MasterSecret = PreMasterHash(0x41) + PreMasterHash(0x4242) + PreMasterHash(0x434343)
</span> <span class='id identifier rubyid_master_secret'>master_secret</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_salted_hash48'>rdp_salted_hash48</span><span class='lparen'>(</span><span class='id identifier rubyid_g'>g</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>A</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='comment'># MasterHash(I) = SaltedHash(MasterSecret, I)
</span> <span class='comment'># SessionKeyBlob = MasterHash(0x58) + MasterHash(0x5959) + MasterHash(0x5A5A5A)
</span> <span class='id identifier rubyid_sessionKeyBlob'>sessionKeyBlob</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_salted_hash48'>rdp_salted_hash48</span><span class='lparen'>(</span><span class='id identifier rubyid_master_secret'>master_secret</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>X</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='comment'># InitialClientDecryptKey128 = FinalHash(Second128Bits(SessionKeyBlob))
</span> <span class='id identifier rubyid_initialClientDecryptKey128'>initialClientDecryptKey128</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_final_hash'>rdp_final_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_sessionKeyBlob'>sessionKeyBlob</span><span class='lbracket'>[</span><span class='int'>16</span><span class='op'>..</span><span class='int'>31</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='comment'># InitialClientEncryptKey128 = FinalHash(Third128Bits(SessionKeyBlob))
</span> <span class='id identifier rubyid_initialClientEncryptKey128'>initialClientEncryptKey128</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_final_hash'>rdp_final_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_sessionKeyBlob'>sessionKeyBlob</span><span class='lbracket'>[</span><span class='int'>32</span><span class='op'>..</span><span class='int'>47</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='id identifier rubyid_mac_key'>mac_key</span> <span class='op'>=</span> <span class='id identifier rubyid_sessionKeyBlob'>sessionKeyBlob</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>15</span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='id identifier rubyid_initialClientEncryptKey128'>initialClientEncryptKey128</span><span class='comma'>,</span> <span class='id identifier rubyid_initialClientDecryptKey128'>initialClientDecryptKey128</span><span class='comma'>,</span> <span class='id identifier rubyid_mac_key'>mac_key</span><span class='comma'>,</span> <span class='id identifier rubyid_sessionKeyBlob'>sessionKeyBlob</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_check_protocol-instance_method">
#<strong>rdp_check_protocol</strong>(req_proto = RDPConstants::PROTOCOL_SSL) &#x21d2; <tt>Boolean</tt>, <tt><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Connect and detect security protocol</p>
<p>Note: NLA is detected but not supported yet</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>Is service RDP</p>
</div>
</li>
<li>
<span class='type'>(<tt><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>Protocol supported</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 259</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_check_protocol'>rdp_check_protocol</span><span class='lparen'>(</span><span class='id identifier rubyid_req_proto'>req_proto</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_SSL-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_SSL (constant)">PROTOCOL_SSL</a></span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_USER</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='ivar'>@user_name</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_USER</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='ivar'>@user_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>7</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_DOMAIN</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='ivar'>@domain</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_DOMAIN</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='ivar'>@domain</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>7</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_CLIENT_NAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='ivar'>@computer_name</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_CLIENT_NAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='ivar'>@computer_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>15</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='ivar'>@ip_address</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_CLIENT_IP</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='comment'># code to check if RDP is open or not
</span> <span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Verifying RDP protocol...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Attempting to connect using TLS security</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_negotiation_request'>pdu_negotiation_request</span><span class='lparen'>(</span><span class='ivar'>@user_name</span><span class='comma'>,</span> <span class='id identifier rubyid_req_proto'>req_proto</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='comment'># return true if the response is a X.224 Connect Confirm
</span> <span class='comment'># We can&#39;t use a check for RDP Negotiation Response because WinXP excludes it
</span> <span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_result'>result</span><span class='comma'>,</span> <span class='id identifier rubyid_err_msg'>err_msg</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_parse_negotiation_response'>rdp_parse_negotiation_response</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='id identifier rubyid_result'>result</span> <span class='kw'>if</span> <span class='id identifier rubyid_result'>result</span>
<span class='comment'># No current support for NLA, nothing to do here
</span> <span class='kw'>return</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_HYBRID-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_HYBRID (constant)">PROTOCOL_HYBRID</a></span></span> <span class='kw'>if</span> <span class='id identifier rubyid_err_msg'>err_msg</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HYBRID_REQUIRED_BY_SERVER</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_err_msg'>err_msg</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Negotiation Response packet too short.</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Attempt to connect with TLS failed but looks like the target is Windows XP</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Attempt to connect with TLS failed with error: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_err_msg'>err_msg</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SSL_NOT_ALLOWED_BY_SERVER</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Negotiation Response packet too short.</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span> <span class='id identifier rubyid_err_msg'>err_msg</span>
<span class='comment'># This happens if the server is configured to ONLY permit RDP Security
</span> <span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Attempting to connect using Standard RDP security</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_disconnect'>rdp_disconnect</span>
<span class='id identifier rubyid_rdp_connect'>rdp_connect</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_negotiation_request'>pdu_negotiation_request</span><span class='lparen'>(</span><span class='ivar'>@user_name</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_RDP-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_RDP (constant)">PROTOCOL_RDP</a></span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_result'>result</span><span class='comma'>,</span> <span class='id identifier rubyid_err_msg'>err_msg</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_parse_negotiation_response'>rdp_parse_negotiation_response</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='id identifier rubyid_result'>result</span> <span class='kw'>if</span> <span class='id identifier rubyid_result'>result</span>
<span class='comment'># Windows XP doesn&#39;t return the standard Negotiation Response packet
</span> <span class='comment'># but we at least know this was RDP since the packet contained a
</span> <span class='comment'># Connect-Confirm response (0xd0).
</span> <span class='kw'>if</span> <span class='id identifier rubyid_err_msg'>err_msg</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Negotiation Response packet too short.</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>return</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_RDP-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_RDP (constant)">PROTOCOL_RDP</a></span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Attempt to connect with Standard RDP failed with error </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_err_msg'>err_msg</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='int'>0</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_connect-instance_method">
#<strong>rdp_connect</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
143
144
145
146</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 143</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_connect'>rdp_connect</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span> <span class='op'>=</span> <span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='kw'>false</span><span class='rparen'>)</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='period'>.</span><span class='id identifier rubyid_setsockopt'>setsockopt</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Socket</span><span class='op'>::</span><span class='const'>IPPROTO_TCP</span><span class='comma'>,</span> <span class='op'>::</span><span class='const'>Socket</span><span class='op'>::</span><span class='const'>TCP_NODELAY</span><span class='comma'>,</span> <span class='int'>1</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_create_channel_msg-instance_method">
#<strong>rdp_create_channel_msg</strong>(chan_user_id, chan_id, data, flags = 3, data_length = nil) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 225</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_create_channel_msg'>rdp_create_channel_msg</span><span class='lparen'>(</span><span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span> <span class='op'>=</span> <span class='int'>3</span><span class='comma'>,</span> <span class='id identifier rubyid_data_length'>data_length</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data_length'>data_length</span> <span class='op'>||=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='id identifier rubyid_pdu'>pdu</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='int'>25</span> <span class='op'>&lt;&lt;</span> <span class='int'>2</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='comment'># MCS send data request structure, choice 25
</span> <span class='lbracket'>[</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_user_id'>rdp_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&gt;S&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='comment'># MCS send data request structure, choice 25
</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x70</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='comment'># Wut (security header)
</span> <span class='id identifier rubyid_per_data'>per_data</span><span class='lparen'>(</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_data_length'>data_length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_flags'>flags</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='id identifier rubyid_data'>data</span>
<span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu'>pdu</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_disconnect-instance_method">
#<strong>rdp_disconnect</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
148
149
150
151</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 148</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_disconnect'>rdp_disconnect</span>
<span class='id identifier rubyid_disconnect'>disconnect</span><span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='rparen'>)</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_dispatch_loop-instance_method">
#<strong>rdp_dispatch_loop</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
219
220
221
222
223</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 219</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_dispatch_loop'>rdp_dispatch_loop</span>
<span class='kw'>while</span> <span class='id identifier rubyid_rdp_sock'>rdp_sock</span> <span class='kw'>do</span>
<span class='id identifier rubyid_rdp_handle_packet'>rdp_handle_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_rdp_recv'>rdp_recv</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_establish_session-instance_method">
#<strong>rdp_establish_session</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Finish building session after all security is negotiated</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 449</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_establish_session'>rdp_establish_session</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending client info PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_client_info'>pdu_client_info</span><span class='lparen'>(</span><span class='ivar'>@user_name</span><span class='comma'>,</span> <span class='ivar'>@domain</span><span class='comma'>,</span> <span class='ivar'>@ip_address</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\xeb</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='label'>client_info:</span> <span class='kw'>true</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received License packet (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='embexpr_end'>}</span><span class='tstring_content'> bytes)</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_parse_license_pdu'>rdp_parse_license_pdu</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='comment'># Windows XP sometimes sends a very large license packet. This is likely
</span> <span class='comment'># some form of license error. When it does this it doesn&#39;t send a Server
</span> <span class='comment'># Demand packet. If we wait on one we will time out here and error. We
</span> <span class='comment'># can still successfully check for vulnerability anyway.
</span> <span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&lt;=</span> <span class='int'>34</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Waiting for Server Demand packet</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid__res'>_res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_recv'>rdp_recv</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received Server Demand packet</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending client confirm active PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_client_confirm_active'>pdu_client_confirm_active</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending client synchronize PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending client control cooperate PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'># Unsure why we&#39;re using 1009 here but it works.
</span> <span class='id identifier rubyid_synch'>synch</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_client_synchronize'>pdu_client_synchronize</span><span class='lparen'>(</span><span class='int'>1009</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_coop'>coop</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_client_control_cooperate'>pdu_client_control_cooperate</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_synch'>synch</span> <span class='op'>+</span> <span class='id identifier rubyid_coop'>coop</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending client control request control PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_client_control_request'>pdu_client_control_request</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending client input synchronize PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_client_input_event_synchronize'>pdu_client_input_event_synchronize</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending client font list PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_client_font_list'>pdu_client_font_list</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_final_hash-instance_method">
#<strong>rdp_final_hash</strong>(k, client_random_bytes, server_random_bytes) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>FinalHash(K) = MD5(K + ClientRandom + ServerRandom)</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
631
632
633
634
635
636
637
638
639</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 631</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_final_hash'>rdp_final_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_k'>k</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random_bytes'>client_random_bytes</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random_bytes'>server_random_bytes</span><span class='rparen'>)</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>MD5</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_k'>k</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_client_random_bytes'>client_random_bytes</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_server_random_bytes'>server_random_bytes</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_md5'>md5</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_fingerprint-instance_method">
#<strong>rdp_fingerprint</strong> &#x21d2; <tt>Boolean</tt>, <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Connect and perform fingerprinting of the RDP service</p>
<p>Note: NLA is required to detect the product_version</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>Is service RDP</p>
</div>
</li>
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>Version information</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 177</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_fingerprint'>rdp_fingerprint</span>
<span class='id identifier rubyid_peer_info'>peer_info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='comment'># warning: if rdp_check_protocol starts handling NLA, this will need to be updated
</span> <span class='id identifier rubyid_is_rdp'>is_rdp</span><span class='comma'>,</span> <span class='id identifier rubyid_server_selected_proto'>server_selected_proto</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_check_protocol'>rdp_check_protocol</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_SSL-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_SSL (constant)">PROTOCOL_SSL</a></span></span> <span class='op'>|</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_HYBRID-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_HYBRID (constant)">PROTOCOL_HYBRID</a></span></span> <span class='op'>|</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_HYBRID_EX-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_HYBRID_EX (constant)">PROTOCOL_HYBRID_EX</a></span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_is_rdp'>is_rdp</span>
<span class='kw'>return</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='id identifier rubyid_peer_info'>peer_info</span> <span class='kw'>unless</span> <span class='lbracket'>[</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_HYBRID-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_HYBRID (constant)">PROTOCOL_HYBRID</a></span></span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_HYBRID_EX-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_HYBRID_EX (constant)">PROTOCOL_HYBRID_EX</a></span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span> <span class='id identifier rubyid_server_selected_proto'>server_selected_proto</span>
<span class='id identifier rubyid_swap_sock_plain_to_ssl'>swap_sock_plain_to_ssl</span>
<span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='comment'># see: https://fadedlab.wordpress.com/2019/06/13/using-nmap-to-extract-windows-info-from-rdp/
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x30\x37\xa0\x03\x02\x01\x60\xa1\x30\x30\x2e\x30\x2c\xa0\x2a\x04\x28</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x4e\x54\x4c\x4d\x53\x53\x50\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># Identifier - NTLMSSP
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x01\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># Type: NTLMSSP Negotiate - 01
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\xb7\x82\x08\xe2</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># Flags (NEGOTIATE_SIGN_ALWAYS | NEGOTIATE_NTLM | NEGOTIATE_SIGN | REQUEST_TARGET | NEGOTIATE_UNICODE)
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># DomainNameLen
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># DomainNameMaxLen
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># DomainNameBufferOffset
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># WorkstationLen
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># WorkstationMaxLen
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># WorkstationBufferOffset
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0a</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># ProductMajorVersion = 10
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># ProductMinorVersion = 0
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x63\x45</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># ProductBuild = 0x4563 = 17763
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x00\x00</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># Reserved
</span> <span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x0f</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># NTLMRevision = 5 = NTLMSSP_REVISION_W2K3
</span> <span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_ntlm_negotiate_blob'>ntlm_negotiate_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlmssp_start'>ntlmssp_start</span> <span class='op'>=</span> <span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_index'>index</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NTLMSSP</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_ntlmssp_start'>ntlmssp_start</span>
<span class='id identifier rubyid_message'>message</span> <span class='op'>=</span> <span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='id identifier rubyid_ntlmssp_start'>ntlmssp_start</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_version'>version</span> <span class='op'>=</span> <span class='id identifier rubyid_message'>message</span><span class='period'>.</span><span class='id identifier rubyid_os_version'>os_version</span><span class='period'>.</span><span class='id identifier rubyid_bytes'>bytes</span>
<span class='id identifier rubyid_ti'>ti</span> <span class='op'>=</span> <span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>TargetInfo</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_message'>message</span><span class='period'>.</span><span class='id identifier rubyid_target_info'>target_info</span><span class='rparen'>)</span>
<span class='id identifier rubyid_peer_info'>peer_info</span><span class='lbracket'>[</span><span class='symbol'>:nb_name</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_ti'>ti</span><span class='period'>.</span><span class='id identifier rubyid_av_pairs'>av_pairs</span><span class='lbracket'>[</span><span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>TargetInfo</span><span class='op'>::</span><span class='const'>MSV_AV_NB_COMPUTER_NAME</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_peer_info'>peer_info</span><span class='lbracket'>[</span><span class='symbol'>:nb_domain</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_ti'>ti</span><span class='period'>.</span><span class='id identifier rubyid_av_pairs'>av_pairs</span><span class='lbracket'>[</span><span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>TargetInfo</span><span class='op'>::</span><span class='const'>MSV_AV_NB_DOMAIN_NAME</span> <span class='rbracket'>]</span>
<span class='id identifier rubyid_peer_info'>peer_info</span><span class='lbracket'>[</span><span class='symbol'>:dns_server</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_ti'>ti</span><span class='period'>.</span><span class='id identifier rubyid_av_pairs'>av_pairs</span><span class='lbracket'>[</span><span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>TargetInfo</span><span class='op'>::</span><span class='const'>MSV_AV_DNS_COMPUTER_NAME</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_peer_info'>peer_info</span><span class='lbracket'>[</span><span class='symbol'>:dns_domain</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_ti'>ti</span><span class='period'>.</span><span class='id identifier rubyid_av_pairs'>av_pairs</span><span class='lbracket'>[</span><span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>TargetInfo</span><span class='op'>::</span><span class='const'>MSV_AV_DNS_DOMAIN_NAME</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_peer_info'>peer_info</span><span class='lbracket'>[</span><span class='symbol'>:product_version</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_version'>version</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_version'>version</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_version'>version</span><span class='lbracket'>[</span><span class='int'>2</span><span class='rbracket'>]</span> <span class='op'>|</span> <span class='lparen'>(</span><span class='id identifier rubyid_version'>version</span><span class='lbracket'>[</span><span class='int'>3</span><span class='rbracket'>]</span> <span class='op'>&lt;&lt;</span> <span class='int'>8</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_is_rdp'>is_rdp</span><span class='comma'>,</span> <span class='id identifier rubyid_peer_info'>peer_info</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_generate_license_keys-instance_method">
#<strong>rdp_generate_license_keys</strong>(data) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 378</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_generate_license_keys'>rdp_generate_license_keys</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_client_random'>client_random</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='int'>32</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_client_random'>client_random</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>0</span><span class='op'>..</span><span class='int'>255</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_premaster_secret'>premaster_secret</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='int'>32</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_premaster_secret'>premaster_secret</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>0</span><span class='op'>..</span><span class='int'>255</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_server_random'>server_random</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>31</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_master_secret'>master_secret</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_salted_hash48'>rdp_salted_hash48</span><span class='lparen'>(</span><span class='id identifier rubyid_premaster_secret'>premaster_secret</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>A</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='id identifier rubyid_key_block'>key_block</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_salted_hash48'>rdp_salted_hash48</span><span class='lparen'>(</span><span class='id identifier rubyid_master_secret'>master_secret</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>A</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='id identifier rubyid_license_sign_key'>license_sign_key</span> <span class='op'>=</span> <span class='id identifier rubyid_key_block'>key_block</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>15</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_license_key'>license_key</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_salted_hash16'>rdp_salted_hash16</span><span class='lparen'>(</span><span class='id identifier rubyid_key_block'>key_block</span><span class='lbracket'>[</span><span class='int'>16</span><span class='op'>..</span><span class='int'>31</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_license_key'>license_key</span><span class='comma'>,</span> <span class='id identifier rubyid_license_sign_key'>license_sign_key</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_handle_license_error_alert-instance_method">
#<strong>rdp_handle_license_error_alert</strong>(data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
410
411
412
413
414
415</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 410</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_handle_license_error_alert'>rdp_handle_license_error_alert</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_error_code'>error_code</span><span class='comma'>,</span> <span class='id identifier rubyid_state_transition'>state_transition</span><span class='comma'>,</span> <span class='id identifier rubyid_error_info'>error_info</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>11</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>VVV</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>License error/alert code 0x</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_error_code'>error_code</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'> (</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_ERRS-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_ERRS (constant)">LICENSE_ERRS</a></span></span><span class='lbracket'>[</span><span class='id identifier rubyid_error_code'>error_code</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'># Ensure that we were issued a license by the server
</span> <span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></span> <span class='kw'>if</span> <span class='id identifier rubyid_error_code'>error_code</span> <span class='op'>!=</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_ERR_LICENSE_ISSUED-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_ERR_LICENSE_ISSUED (constant)">LICENSE_ERR_LICENSE_ISSUED</a></span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_handle_license_request-instance_method">
#<strong>rdp_handle_license_request</strong>(data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/e17772e9-9642-4bb6-a2bc-82875dd6da7c">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/e17772e9-9642-4bb6-a2bc-82875dd6da7c</a> Server License Request - 2.2.2.1</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
396
397
398
399
400
401
402
403
404
405
406
407
408</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 396</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_handle_license_request'>rdp_handle_license_request</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='comment'># Note: license_key is currently unused
</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_license_key'>license_key</span><span class='comma'>,</span> <span class='id identifier rubyid_license_sign_key'>license_sign_key</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_generate_license_keys'>rdp_generate_license_keys</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='comment'># We&#39;re not really decrypting the license from the server, but it should be good enough
</span> <span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending new license request PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_new_license_request'>new_license_request</span> <span class='op'>=</span> <span class='id identifier rubyid_pdu_new_license_request'>pdu_new_license_request</span><span class='lparen'>(</span><span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='ivar'>@user_name</span><span class='comma'>,</span> <span class='ivar'>@computer_name</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_build_pkt'>rdp_build_pkt</span><span class='lparen'>(</span><span class='id identifier rubyid_new_license_request'>new_license_request</span><span class='comma'>,</span> <span class='label'>license_info:</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='comment'># Expect that we are issued a license here
</span> <span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_parse_license_pdu'>rdp_parse_license_pdu</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_handle_packet-instance_method">
#<strong>rdp_handle_packet</strong>(pkt) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1398</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_handle_packet'>rdp_handle_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>4</span><span class='op'>..</span><span class='int'>6</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02\xf0\x80</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>7</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x68</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_chan_user_id'>chan_user_id</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>8</span><span class='op'>..</span><span class='int'>9</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_chan_id'>chan_id</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>10</span><span class='op'>..</span><span class='int'>11</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_flags'>flags</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>18</span><span class='op'>..</span><span class='int'>21</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>22</span><span class='op'>..</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_rdp_on_channel_receive'>rdp_on_channel_receive</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_hmac-instance_method">
#<strong>rdp_hmac</strong>(mac_salt_key, data_content) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7c61b54e-f6cd-4819-a59a-daf200f6bf94">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/7c61b54e-f6cd-4819-a59a-daf200f6bf94</a> mac_salt_key = “Wx13xc58x7fxebxa9x10*x1exddVx96x8b[d” data_content = “x12x00x17x00xefx03xeax03x02x00x00x01x04x00$x00x00x00” hmac = rdp_hmac(mac_salt_key, data_content) # == hexlified: “22d5aeb486994a0c785dc929a2855923”</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 578</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_hmac'>rdp_hmac</span><span class='lparen'>(</span><span class='id identifier rubyid_mac_salt_key'>mac_salt_key</span><span class='comma'>,</span> <span class='id identifier rubyid_data_content'>data_content</span><span class='rparen'>)</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>SHA1</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>MD5</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_pad1'>pad1</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x36</span><span class='tstring_end'>&quot;</span></span> <span class='op'>*</span> <span class='int'>40</span>
<span class='id identifier rubyid_pad2'>pad2</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x5c</span><span class='tstring_end'>&quot;</span></span> <span class='op'>*</span> <span class='int'>48</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_mac_salt_key'>mac_salt_key</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_pad1'>pad1</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_data_content'>data_content</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_data_content'>data_content</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_mac_salt_key'>mac_salt_key</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_pad2'>pad2</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_sha1'>sha1</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_md5'>md5</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_move_mouse-instance_method">
#<strong>rdp_move_mouse</strong>(x = 1, y = 1) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
486
487
488
489
490
491
492
493</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 486</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_move_mouse'>rdp_move_mouse</span><span class='lparen'>(</span><span class='id identifier rubyid_x'>x</span> <span class='op'>=</span> <span class='int'>1</span><span class='comma'>,</span> <span class='id identifier rubyid_y'>y</span> <span class='op'>=</span> <span class='int'>1</span><span class='rparen'>)</span>
<span class='id identifier rubyid_mouse_move_blob'>mouse_move_blob</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_mouse_move_blob'>mouse_move_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x04\x80\x0a</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># copypasta FAST PATH stuff from xfreerdp
</span> <span class='id identifier rubyid_mouse_move_blob'>mouse_move_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x20</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># TS_FP_INPUT_EVENT::eventHeader = 0x20 (FASTPATH_INPUT_EVENT_MOUSE)
</span> <span class='id identifier rubyid_mouse_move_blob'>mouse_move_blob</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00\x08</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># TS_FP_POINTER_EVENT::pointerFlags = 0x0800 (PTRFLAGS_MOVE)
</span> <span class='id identifier rubyid_mouse_move_blob'>mouse_move_blob</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_x'>x</span><span class='comma'>,</span> <span class='id identifier rubyid_y'>y</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>vv</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='comment'># TS_FP_POINTER_EVENT::xPos, TS_FP_POINTER_EVENT::yPos
</span> <span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_mouse_move_blob'>mouse_move_blob</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_negotiate_security-instance_method">
#<strong>rdp_negotiate_security</strong>(channels, req_proto = RDPConstants::PROTOCOL_SSL) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Negotiate security protocol and begin session building</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>success</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 330</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_negotiate_security'>rdp_negotiate_security</span><span class='lparen'>(</span><span class='id identifier rubyid_channels'>channels</span><span class='comma'>,</span> <span class='id identifier rubyid_req_proto'>req_proto</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_SSL-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_SSL (constant)">PROTOCOL_SSL</a></span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_req_proto'>req_proto</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_SSL-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_SSL (constant)">PROTOCOL_SSL</a></span></span>
<span class='id identifier rubyid_swap_sock_plain_to_ssl'>swap_sock_plain_to_ssl</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_connect_initial'>pdu_connect_initial</span><span class='lparen'>(</span><span class='id identifier rubyid_channels'>channels</span><span class='comma'>,</span> <span class='id identifier rubyid_req_proto'>req_proto</span><span class='comma'>,</span> <span class='ivar'>@computer_name</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_req_proto'>req_proto</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_RDP-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_RDP (constant)">PROTOCOL_RDP</a></span></span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_connect_initial'>pdu_connect_initial</span><span class='lparen'>(</span><span class='id identifier rubyid_channels'>channels</span><span class='comma'>,</span> <span class='id identifier rubyid_req_proto'>req_proto</span><span class='comma'>,</span> <span class='ivar'>@computer_name</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rsmod'>rsmod</span><span class='comma'>,</span> <span class='id identifier rubyid_rsexp'>rsexp</span><span class='comma'>,</span> <span class='id identifier rubyid__rsran'>_rsran</span><span class='comma'>,</span> <span class='id identifier rubyid_server_rand'>server_rand</span><span class='comma'>,</span> <span class='id identifier rubyid_bitlen'>bitlen</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_parse_connect_response'>rdp_parse_connect_response</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='lbracket'>[</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_HYBRID-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_HYBRID (constant)">PROTOCOL_HYBRID</a></span></span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_HYBRID_EX-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_HYBRID_EX (constant)">PROTOCOL_HYBRID_EX</a></span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_req_proto'>req_proto</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>NLA Security protocol unsupported at this time.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unknown protocol requested (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_req_proto'>req_proto</span><span class='embexpr_end'>}</span><span class='tstring_content'>).</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='comment'># erect domain and attach user
</span> <span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending erect domain request</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_erect_domain_request'>pdu_erect_domain_request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_attach_user_request'>pdu_attach_user_request</span><span class='rparen'>)</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_user_id'>rdp_user_id</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='lbracket'>[</span><span class='int'>9</span><span class='comma'>,</span> <span class='int'>2</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>n</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='comment'># send channel requests
</span> <span class='lbracket'>[</span><span class='int'>1009</span><span class='comma'>,</span> <span class='int'>1003</span><span class='comma'>,</span> <span class='int'>1004</span><span class='comma'>,</span> <span class='int'>1005</span><span class='comma'>,</span> <span class='int'>1006</span><span class='comma'>,</span> <span class='int'>1007</span><span class='comma'>,</span> <span class='int'>1008</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_chan'>chan</span><span class='op'>|</span>
<span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_channel_join_request'>pdu_channel_join_request</span><span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_user_id'>rdp_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan'>chan</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_req_proto'>req_proto</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PROTOCOL_RDP-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PROTOCOL_RDP (constant)">PROTOCOL_RDP</a></span></span>
<span class='ivar'>@rdp_sec</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='comment'># 5.3.4 Client Random Value
</span> <span class='id identifier rubyid_client_rand'>client_rand</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='int'>32</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span> <span class='lbrace'>{</span> <span class='id identifier rubyid_client_rand'>client_rand</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>0</span><span class='op'>..</span><span class='int'>255</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_rcran'>rcran</span> <span class='op'>=</span> <span class='id identifier rubyid_bytes_to_bignum'>bytes_to_bignum</span><span class='lparen'>(</span><span class='id identifier rubyid_client_rand'>client_rand</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending security exchange PDU</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_pdu_security_exchange'>pdu_security_exchange</span><span class='lparen'>(</span><span class='id identifier rubyid_rcran'>rcran</span><span class='comma'>,</span> <span class='id identifier rubyid_rsexp'>rsexp</span><span class='comma'>,</span> <span class='id identifier rubyid_rsmod'>rsmod</span><span class='comma'>,</span> <span class='id identifier rubyid_bitlen'>bitlen</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='comment'># We aren&#39;t decrypting anything at this point. Leave the variables here
</span> <span class='comment'># to make it easier to understand in the future.
</span> <span class='id identifier rubyid_rc4encstart'>rc4encstart</span><span class='comma'>,</span> <span class='id identifier rubyid__rc4decstart'>_rc4decstart</span><span class='comma'>,</span> <span class='ivar'>@hmackey</span><span class='comma'>,</span> <span class='id identifier rubyid__sessblob'>_sessblob</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_calculate_rc4_keys'>rdp_calculate_rc4_keys</span><span class='lparen'>(</span><span class='id identifier rubyid_client_rand'>client_rand</span><span class='comma'>,</span> <span class='id identifier rubyid_server_rand'>server_rand</span><span class='rparen'>)</span>
<span class='ivar'>@rc4enckey</span> <span class='op'>=</span> <span class='const'>RC4</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_rc4encstart'>rc4encstart</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_on_channel_receive-instance_method">
#<strong>rdp_on_channel_receive</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1412</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_on_channel_receive'>rdp_on_channel_receive</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ctype'>ctype</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>1</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_ctype'>ctype</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#RDPDR_CTYP_CORE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::RDPDR_CTYP_CORE (constant)">RDPDR_CTYP_CORE</a></span></span>
<span class='id identifier rubyid_opcode'>opcode</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>2</span><span class='op'>..</span><span class='int'>3</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>S</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opcode'>opcode</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PAKID_CORE_SERVER_ANNOUNCE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PAKID_CORE_SERVER_ANNOUNCE (constant)">PAKID_CORE_SERVER_ANNOUNCE</a></span></span>
<span class='id identifier rubyid_rdp_on_core_server_announce'>rdp_on_core_server_announce</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_opcode'>opcode</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PAKID_CORE_SERVER_CAPABILITY-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PAKID_CORE_SERVER_CAPABILITY (constant)">PAKID_CORE_SERVER_CAPABILITY</a></span></span>
<span class='id identifier rubyid_rdp_on_core_server_capability'>rdp_on_core_server_capability</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_opcode'>opcode</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PAKID_CORE_CLIENTID_CONFIRM-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PAKID_CORE_CLIENTID_CONFIRM (constant)">PAKID_CORE_CLIENTID_CONFIRM</a></span></span>
<span class='id identifier rubyid_rdp_on_core_client_id_confirm'>rdp_on_core_client_id_confirm</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_on_core_client_id_confirm-instance_method">
#<strong>rdp_on_core_client_id_confirm</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1441
1442
1443
1444</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1441</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_on_core_client_id_confirm'>rdp_on_core_client_id_confirm</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Handling CLIENT ID CONFIRM ...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdpdr_client_device_list_announce_request'>rdpdr_client_device_list_announce_request</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_on_core_server_announce-instance_method">
#<strong>rdp_on_core_server_announce</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1427
1428
1429
1430
1431</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1427</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_on_core_server_announce'>rdp_on_core_server_announce</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Handling SERVER ANNOUNCE ...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdpdr_client_announce_reply'>rdpdr_client_announce_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdpdr_client_name_request'>rdpdr_client_name_request</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_on_core_server_capability-instance_method">
#<strong>rdp_on_core_server_capability</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1433
1434
1435
1436
1437
1438
1439</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1433</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_on_core_server_capability'>rdp_on_core_server_capability</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Handling SERVER CAPABILITY ...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'># change opcode 1 byte to match server capabilities
</span> <span class='id identifier rubyid_reply'>reply</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>2</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x43</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>4</span><span class='op'>..</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send_channel'>rdp_send_channel</span><span class='lparen'>(</span><span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_reply'>reply</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_parse_connect_response-instance_method">
#<strong>rdp_parse_connect_response</strong>(pkt) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/927de44c-7fe8-4206-a14f-e5517dc24b1c">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/927de44c-7fe8-4206-a14f-e5517dc24b1c</a> Parse Server MCS Connect Response PUD - 2.2.1.4</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 529</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_parse_connect_response'>rdp_parse_connect_response</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='lbracket'>[</span><span class='int'>0x49</span><span class='op'>..</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rbracket'>]</span>
<span class='kw'>while</span> <span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='id identifier rubyid_header_type'>header_type</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='lbracket'>[</span><span class='id identifier rubyid_ptr'>ptr</span><span class='op'>..</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>1</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_header_length'>header_length</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='lbracket'>[</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>2</span><span class='op'>..</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>3</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>S&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_header_type'>header_type</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02\x0c</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_server_random'>server_random</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='lbracket'>[</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>20</span><span class='op'>..</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>51</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_public_exponent'>public_exponent</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='lbracket'>[</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>84</span><span class='op'>..</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>87</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_rsa_magic'>rsa_magic</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='lbracket'>[</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>68</span><span class='op'>..</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>71</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_rsa_magic'>rsa_magic</span> <span class='op'>!=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>RSA1</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Server cert isn&#39;t RSA, this scenario isn&#39;t supported (yet).</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_bitlen'>bitlen</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='lbracket'>[</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>72</span><span class='op'>..</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>75</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>-</span> <span class='int'>8</span>
<span class='id identifier rubyid_modulus'>modulus</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_pkt'>rdp_pkt</span><span class='lbracket'>[</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>88</span><span class='op'>..</span><span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+</span> <span class='int'>87</span> <span class='op'>+</span> <span class='id identifier rubyid_bitlen'>bitlen</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>+=</span> <span class='id identifier rubyid_header_length'>header_length</span>
<span class='kw'>end</span>
<span class='comment'># vprint_status(&quot;SERVER_MODULUS: #{bin_to_hex(modulus)}&quot;)
</span> <span class='comment'># vprint_status(&quot;SERVER_EXPONENT: #{bin_to_hex(public_exponent)}&quot;)
</span> <span class='comment'># vprint_status(&quot;SERVER_RANDOM: #{bin_to_hex(server_random)}&quot;)
</span>
<span class='id identifier rubyid_rsmod'>rsmod</span> <span class='op'>=</span> <span class='id identifier rubyid_bytes_to_bignum'>bytes_to_bignum</span><span class='lparen'>(</span><span class='id identifier rubyid_modulus'>modulus</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rsexp'>rsexp</span> <span class='op'>=</span> <span class='id identifier rubyid_bytes_to_bignum'>bytes_to_bignum</span><span class='lparen'>(</span><span class='id identifier rubyid_public_exponent'>public_exponent</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rsran'>rsran</span> <span class='op'>=</span> <span class='id identifier rubyid_bytes_to_bignum'>bytes_to_bignum</span><span class='lparen'>(</span><span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='comment'># vprint_status(&quot;MODULUS = #{bin_to_hex(modulus)} - #{rsmod.to_s}&quot;)
</span> <span class='comment'># vprint_status(&quot;EXPONENT = #{bin_to_hex(public_exponent)} - #{rsexp.to_s}&quot;)
</span> <span class='comment'># vprint_status(&quot;SVRANDOM = #{bin_to_hex(server_random)} - #{rsran.to_s}&quot;)
</span>
<span class='kw'>return</span> <span class='id identifier rubyid_rsmod'>rsmod</span><span class='comma'>,</span> <span class='id identifier rubyid_rsexp'>rsexp</span><span class='comma'>,</span> <span class='id identifier rubyid_rsran'>rsran</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='comma'>,</span> <span class='id identifier rubyid_bitlen'>bitlen</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_parse_license_pdu-instance_method">
#<strong>rdp_parse_license_pdu</strong>(data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 417</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_parse_license_pdu'>rdp_parse_license_pdu</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></span> <span class='kw'>if</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&lt;</span> <span class='int'>20</span>
<span class='id identifier rubyid_rdp_version'>rdp_version</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></span> <span class='kw'>if</span> <span class='id identifier rubyid_rdp_version'>rdp_version</span> <span class='op'>!=</span> <span class='int'>3</span>
<span class='id identifier rubyid_length'>length</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>2</span><span class='op'>..</span><span class='int'>3</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>n</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_length'>length</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Got </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='embexpr_end'>}</span><span class='tstring_content'> bytes, expected </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_length'>length</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_data_len'>data_len</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>13</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_tag_offset'>tag_offset</span> <span class='op'>=</span> <span class='int'>18</span>
<span class='id identifier rubyid_tag_offset'>tag_offset</span> <span class='op'>+=</span> <span class='int'>1</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_data_len'>data_len</span> <span class='op'>&amp;</span> <span class='int'>0x80</span> <span class='op'>==</span> <span class='int'>0x80</span><span class='rparen'>)</span> <span class='comment'># 2 byte length
</span>
<span class='id identifier rubyid_tag'>tag</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='id identifier rubyid_tag_offset'>tag_offset</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Got license packet type 0x</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tag'>tag</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'> (</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_TAGS-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_TAGS (constant)">LICENSE_TAGS</a></span></span><span class='lbracket'>[</span><span class='id identifier rubyid_tag'>tag</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_tag'>tag</span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_REQUEST-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_REQUEST (constant)">LICENSE_REQUEST</a></span></span>
<span class='id identifier rubyid_rdp_handle_license_request'>rdp_handle_license_request</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='id identifier rubyid_tag_offset'>tag_offset</span> <span class='op'>+</span> <span class='int'>4</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_PLATFORM_CHALLENGE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_PLATFORM_CHALLENGE (constant)">LICENSE_PLATFORM_CHALLENGE</a></span></span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_NEW_LICENSE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_NEW_LICENSE (constant)">LICENSE_NEW_LICENSE</a></span></span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_UPGRADE_LICENSE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_UPGRADE_LICENSE (constant)">LICENSE_UPGRADE_LICENSE</a></span></span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_LICENSE_INFO-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_LICENSE_INFO (constant)">LICENSE_LICENSE_INFO</a></span></span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_NEW_LICENSE_REQ-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_NEW_LICENSE_REQ (constant)">LICENSE_NEW_LICENSE_REQ</a></span></span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_PLATFORM_CHAL_RESP-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_PLATFORM_CHAL_RESP (constant)">LICENSE_PLATFORM_CHAL_RESP</a></span></span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#LICENSE_ERROR_ALERT-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::LICENSE_ERROR_ALERT (constant)">LICENSE_ERROR_ALERT</a></span></span>
<span class='id identifier rubyid_rdp_handle_license_error_alert'>rdp_handle_license_error_alert</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='id identifier rubyid_tag_offset'>tag_offset</span> <span class='op'>+</span> <span class='int'>4</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_parse_negotiation_response-instance_method">
#<strong>rdp_parse_negotiation_response</strong>(data) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Parse RDP Negotiation Data - 2.2.1.2 Reference: <a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/13757f8f-66db-4273-9d2c-385c33b1e483">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/13757f8f-66db-4273-9d2c-385c33b1e483</a></p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>String representation of the Selected Protocol or nil on failure</p>
</div>
</li>
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Error message</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 503</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_parse_negotiation_response'>rdp_parse_negotiation_response</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Response is not an RDP Negotiation Response packet.</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x03\x00\x00..\xd0</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Negotiation Response packet too short.</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&lt;</span> <span class='int'>19</span>
<span class='id identifier rubyid_response_code'>response_code</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>11</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_response_code'>response_code</span> <span class='op'>==</span> <span class='int'>2</span> <span class='comment'># TYPE_RDP_NEG_RSP
</span> <span class='comment'># RDP Negotiation Response - 2.2.1.2.1
</span> <span class='id identifier rubyid_server_selected_proto'>server_selected_proto</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>15</span><span class='op'>..</span><span class='int'>18</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_proto_label'>proto_label</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#RDP_NEG_PROTOCOL-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::RDP_NEG_PROTOCOL (constant)">RDP_NEG_PROTOCOL</a></span></span><span class='lbracket'>[</span><span class='id identifier rubyid_server_selected_proto'>server_selected_proto</span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='id identifier rubyid_server_selected_proto'>server_selected_proto</span><span class='comma'>,</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_proto_label'>proto_label</span>
<span class='kw'>return</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unknown protocol in Negotiation Response: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_server_selected_proto'>server_selected_proto</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_response_code'>response_code</span> <span class='op'>==</span> <span class='int'>3</span> <span class='comment'># TYPE_RDP_NEG_FAILURE
</span> <span class='comment'># RDP Negotiation Failure - 2.2.1.2.2
</span> <span class='id identifier rubyid_failure_code'>failure_code</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>15</span><span class='op'>..</span><span class='int'>18</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#RDP_NEG_FAILURE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::RDP_NEG_FAILURE (constant)">RDP_NEG_FAILURE</a></span></span><span class='lbracket'>[</span><span class='id identifier rubyid_failure_code'>failure_code</span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='kw'>return</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unknown Negotiation Response code: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_response_code'>response_code</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_rc4_crypt-instance_method">
#<strong>rdp_rc4_crypt</strong>(rc4obj, data) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
668
669
670</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 668</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_rc4_crypt'>rdp_rc4_crypt</span><span class='lparen'>(</span><span class='id identifier rubyid_rc4obj'>rc4obj</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rc4obj'>rc4obj</span><span class='period'>.</span><span class='id identifier rubyid_encrypt'>encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_recv-instance_method">
#<strong>rdp_recv</strong>(length = -1,, timeout = 5) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
157
158
159
160
161
162
163
164</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 157</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_recv'>rdp_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_length'>length</span> <span class='op'>=</span> <span class='op'>-</span><span class='int'>1</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span> <span class='op'>=</span> <span class='int'>5</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='period'>.</span><span class='id identifier rubyid_get_once'>get_once</span><span class='lparen'>(</span><span class='id identifier rubyid_length'>length</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span> <span class='comment'># nil due to a timeout
</span>
<span class='id identifier rubyid_res'>res</span>
<span class='kw'>rescue</span> <span class='const'>EOFError</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="RDP/RdpCommunicationError.html" title="Msf::Exploit::Remote::RDP::RdpCommunicationError (class)">RdpCommunicationError</a></span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_salted_hash-instance_method">
#<strong>rdp_salted_hash</strong>(s_bytes, i_bytes, client_random_bytes, server_random_bytes) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p><a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/705f9542-b0e3-48be-b9a5-cf2ee582607f">docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/705f9542-b0e3-48be-b9a5-cf2ee582607f</a></p>
<pre class="code ruby"><code class="ruby">SaltedHash(S, I) = MD5(S + SHA(I + S + ClientRandom + ServerRandom))
</code></pre>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
609
610
611
612
613
614
615
616
617
618
619
620
621
622</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 609</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_salted_hash'>rdp_salted_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_s_bytes'>s_bytes</span><span class='comma'>,</span> <span class='id identifier rubyid_i_bytes'>i_bytes</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random_bytes'>client_random_bytes</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random_bytes'>server_random_bytes</span><span class='rparen'>)</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>SHA1</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>MD5</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_i_bytes'>i_bytes</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_s_bytes'>s_bytes</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_client_random_bytes'>client_random_bytes</span>
<span class='id identifier rubyid_sha1'>sha1</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_server_random_bytes'>server_random_bytes</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_s_bytes'>s_bytes</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_sha1'>sha1</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_md5'>md5</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_salted_hash16-instance_method">
#<strong>rdp_salted_hash16</strong>(s_bytes, salt1, salt2) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
597
598
599
600
601
602
603
604
605</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 597</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_salted_hash16'>rdp_salted_hash16</span><span class='lparen'>(</span><span class='id identifier rubyid_s_bytes'>s_bytes</span><span class='comma'>,</span> <span class='id identifier rubyid_salt1'>salt1</span><span class='comma'>,</span> <span class='id identifier rubyid_salt2'>salt2</span><span class='rparen'>)</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>=</span> <span class='const'>Digest</span><span class='op'>::</span><span class='const'>MD5</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_s_bytes'>s_bytes</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>15</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_salt1'>salt1</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>31</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_md5'>md5</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_salt2'>salt2</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>..</span><span class='int'>31</span><span class='rbracket'>]</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_md5'>md5</span><span class='period'>.</span><span class='id identifier rubyid_hexdigest'>hexdigest</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>H*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_salted_hash48-instance_method">
#<strong>rdp_salted_hash48</strong>(s_bytes, i_byte, client_random, server_random) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
624
625
626
627
628</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 624</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_salted_hash48'>rdp_salted_hash48</span><span class='lparen'>(</span><span class='id identifier rubyid_s_bytes'>s_bytes</span><span class='comma'>,</span> <span class='id identifier rubyid_i_byte'>i_byte</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_salted_hash'>rdp_salted_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_s_bytes'>s_bytes</span><span class='comma'>,</span> <span class='id identifier rubyid_i_byte'>i_byte</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span> <span class='op'>+</span> \
<span class='id identifier rubyid_rdp_salted_hash'>rdp_salted_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_s_bytes'>s_bytes</span><span class='comma'>,</span> <span class='lparen'>(</span><span class='id identifier rubyid_i_byte'>i_byte</span><span class='period'>.</span><span class='id identifier rubyid_ord'>ord</span> <span class='op'>+</span> <span class='int'>1</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_chr'>chr</span> <span class='op'>*</span> <span class='int'>2</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span> <span class='op'>+</span> \
<span class='id identifier rubyid_rdp_salted_hash'>rdp_salted_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_s_bytes'>s_bytes</span><span class='comma'>,</span> <span class='lparen'>(</span><span class='id identifier rubyid_i_byte'>i_byte</span><span class='period'>.</span><span class='id identifier rubyid_ord'>ord</span> <span class='op'>+</span> <span class='int'>2</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_chr'>chr</span> <span class='op'>*</span> <span class='int'>3</span><span class='comma'>,</span> <span class='id identifier rubyid_client_random'>client_random</span><span class='comma'>,</span> <span class='id identifier rubyid_server_random'>server_random</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_send-instance_method">
#<strong>rdp_send</strong>(data) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
153
154
155</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 153</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='period'>.</span><span class='id identifier rubyid_put'>put</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_send_channel-instance_method">
#<strong>rdp_send_channel</strong>(chan_user_id, chan_id, data, flags = 3, data_length = nil) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
242
243
244
245</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 242</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_send_channel'>rdp_send_channel</span><span class='lparen'>(</span><span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span> <span class='op'>=</span> <span class='int'>3</span><span class='comma'>,</span> <span class='id identifier rubyid_data_length'>data_length</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_tpkt'>tpkt</span> <span class='op'>=</span> <span class='id identifier rubyid_rdp_create_channel_msg'>rdp_create_channel_msg</span><span class='lparen'>(</span><span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data_length'>data_length</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_tpkt'>tpkt</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_send_recv-instance_method">
#<strong>rdp_send_recv</strong>(data) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
166
167
168
169</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 166</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_send_recv'>rdp_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_recv'>rdp_recv</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdp_terminate-instance_method">
#<strong>rdp_terminate</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
247
248
249
250
251</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 247</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdp_terminate'>rdp_terminate</span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x21\x80</span><span class='tstring_end'>&quot;</span></span> <span class='comment'># user requested disconnect provider ultimatum
</span>
<span class='id identifier rubyid_rdp_send'>rdp_send</span><span class='lparen'>(</span><span class='id identifier rubyid_build_data_tpdu'>build_data_tpdu</span><span class='lparen'>(</span><span class='id identifier rubyid_body'>body</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdpdr_client_announce_reply-instance_method">
#<strong>rdpdr_client_announce_reply</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1456</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdpdr_client_announce_reply'>rdpdr_client_announce_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_reply'>reply</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#RDPDR_CTYP_CORE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::RDPDR_CTYP_CORE (constant)">RDPDR_CTYP_CORE</a></span></span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PAKID_CORE_CLIENTID_CONFIRM-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PAKID_CORE_CLIENTID_CONFIRM (constant)">PAKID_CORE_CLIENTID_CONFIRM</a></span></span><span class='comma'>,</span>
<span class='int'>0x1</span><span class='comma'>,</span> <span class='comment'># Version Major
</span> <span class='int'>0xc</span><span class='comma'>,</span> <span class='comment'># Version Minor
</span> <span class='int'>0x2</span><span class='comma'>,</span> <span class='comment'># client ID (TODO: configure this? read it from the packet?
</span> <span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SSSSL</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send_channel'>rdp_send_channel</span><span class='lparen'>(</span><span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_reply'>reply</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdpdr_client_device_list_announce_request-instance_method">
#<strong>rdpdr_client_device_list_announce_request</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1446
1447
1448
1449
1450
1451
1452
1453
1454</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1446</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdpdr_client_device_list_announce_request'>rdpdr_client_device_list_announce_request</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_reply'>reply</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#RDPDR_CTYP_CORE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::RDPDR_CTYP_CORE (constant)">RDPDR_CTYP_CORE</a></span></span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PAKID_CORE_DEVICELIST_ANNOUNCE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PAKID_CORE_DEVICELIST_ANNOUNCE (constant)">PAKID_CORE_DEVICELIST_ANNOUNCE</a></span></span><span class='comma'>,</span>
<span class='int'>0x0</span><span class='comma'>,</span> <span class='comment'># Device count
</span> <span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SSL</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send_channel'>rdp_send_channel</span><span class='lparen'>(</span><span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_reply'>reply</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rdpdr_client_name_request-instance_method">
#<strong>rdpdr_client_name_request</strong>(pkt, chan_user_id, chan_id, flags, data) &#x21d2; <tt>Object</tt> <span class="extras">(protected)</span>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1468</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rdpdr_client_name_request'>rdpdr_client_name_request</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_flags'>flags</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_computer_name'>computer_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_to_unicode'>to_unicode</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@computer_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>utf-16le</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_reply'>reply</span> <span class='op'>=</span> <span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#RDPDR_CTYP_CORE-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::RDPDR_CTYP_CORE (constant)">RDPDR_CTYP_CORE</a></span></span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="RDP/RDPConstants.html" title="Msf::Exploit::Remote::RDP::RDPConstants (class)">RDPConstants</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="RDP/RDPConstants.html#PAKID_CORE_CLIENT_NAME-constant" title="Msf::Exploit::Remote::RDP::RDPConstants::PAKID_CORE_CLIENT_NAME (constant)">PAKID_CORE_CLIENT_NAME</a></span></span><span class='comma'>,</span>
<span class='int'>0x1</span><span class='comma'>,</span> <span class='comment'># Unicode flag
</span> <span class='int'>0x0</span><span class='comma'>,</span> <span class='comment'># Code Page
</span> <span class='id identifier rubyid_computer_name'>computer_name</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='comma'>,</span>
<span class='id identifier rubyid_computer_name'>computer_name</span><span class='comma'>,</span>
<span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SSLLLa*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_rdp_send_channel'>rdp_send_channel</span><span class='lparen'>(</span><span class='id identifier rubyid_chan_user_id'>chan_user_id</span><span class='comma'>,</span> <span class='id identifier rubyid_chan_id'>chan_id</span><span class='comma'>,</span> <span class='id identifier rubyid_reply'>reply</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rsa_encrypt-instance_method">
#<strong>rsa_encrypt</strong>(bignum, rsexp, rsmod) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
664
665
666</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 664</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rsa_encrypt'>rsa_encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_bignum'>bignum</span><span class='comma'>,</span> <span class='id identifier rubyid_rsexp'>rsexp</span><span class='comma'>,</span> <span class='id identifier rubyid_rsmod'>rsmod</span><span class='rparen'>)</span>
<span class='lparen'>(</span><span class='id identifier rubyid_bignum'>bignum</span> <span class='op'>**</span> <span class='id identifier rubyid_rsexp'>rsexp</span><span class='rparen'>)</span> <span class='op'>%</span> <span class='id identifier rubyid_rsmod'>rsmod</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="swap_sock_plain_to_ssl-instance_method">
#<strong>swap_sock_plain_to_ssl</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Create a new SSL session on the existing socket. Stolen from exploit/smtp_deliver.rb</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/rdp.rb', line 1171</span>
<span class='kw'>def</span> <span class='id identifier rubyid_swap_sock_plain_to_ssl'>swap_sock_plain_to_ssl</span>
<span class='id identifier rubyid_ctx'>ctx</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>SSL</span><span class='op'>::</span><span class='const'>SSLContext</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_ctx'>ctx</span><span class='period'>.</span><span class='id identifier rubyid_min_version'>min_version</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>SSL</span><span class='op'>::</span><span class='const'>TLS1_VERSION</span>
<span class='id identifier rubyid_ctx'>ctx</span><span class='period'>.</span><span class='id identifier rubyid_security_level'>security_level</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RDP_TLS_SECURITY_LEVEL</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_ssl'>ssl</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>SSL</span><span class='op'>::</span><span class='const'>SSLSocket</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='comma'>,</span> <span class='id identifier rubyid_ctx'>ctx</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_ssl'>ssl</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span>
<span class='kw'>rescue</span> <span class='const'>Errno</span><span class='op'>::</span><span class='const'>ECONNRESET</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Retry with advanced option RDP_TLS_SECURITY_LEVEL=0</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span>
<span class='kw'>end</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='period'>.</span><span class='id identifier rubyid_extend'>extend</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='op'>::</span><span class='const'>SslTcp</span><span class='rparen'>)</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='period'>.</span><span class='id identifier rubyid_sslsock'>sslsock</span> <span class='op'>=</span> <span class='id identifier rubyid_ssl'>ssl</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rdp_sock'>rdp_sock</span><span class='period'>.</span><span class='id identifier rubyid_sslctx'>sslctx</span> <span class='op'>=</span> <span class='id identifier rubyid_ctx'>ctx</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:24 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink