A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application

Related tags

Third-party APIs Wrapperspythonwebactive-directorydomainrdpreconrdwa
Overview

banner

A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
GitHub release (latest by date)

This python script allow to extract various information from a Microsoft Remote Desktop Web Access (RDWA) application, such as the FQDN of the remote server, the internal AD domain name (from the FQDN), and the remote Windows Server version

Usage

$ ./RDWArecon.py -h

        ____  ____ _       _____                             
       / __ \/ __ \ |     / /   |  ________  _________  ____ 
      / /_/ / / / / | /| / / /| | / ___/ _ \/ ___/ __ \/ __ \   @podalirius_
     / _, _/ /_/ /| |/ |/ / ___ |/ /  /  __/ /__/ /_/ / / / /   
    /_/ |_/_____/ |__/|__/_/  |_/_/   \___/\___/\____/_/ /_/    v1.1
                                                             
    
usage: RDWArecon.py [-h] -u URL [-v] [-k] [-L] [--no-colors]

Description message

optional arguments:
  -h, --help         show this help message and exit
  -u URL, --url URL  Target RDWeb url
  -v, --verbose      Verbose mode. (default: False)
  -k, --insecure     Allow insecure server connections when using SSL (default: False)
  -L, --location     Follow redirects (default: False)
  --no-colors        Disable colored output (default: False)

How it works

Getting information about the remote server

There is many pre-filled information on the login.aspx page of the Remote Desktop Web Access (RDWA) application. In the input fields WorkSpaceID and/or RedirectorName we can find the FQDN of the remote server, and WorkspaceFriendlyName can contain a text description of the workspace.

... "> 
<form id="FrmLogin" name="FrmLogin" action="login.aspx?ReturnUrl=%2FRDWeb%2FPages%2Fen-US%2FDefault.aspx" method="post" onsubmit="return onLoginFormSubmit()">
    <input type="hidden" name="WorkSpaceID" value="DC01.lab.local"/>
    <input type="hidden" name="RDPCertificates" value="E7100C72B6C11A5D14DE115D801E100C79143C19"/>
    <input type="hidden" name="PublicModeTimeout" value="20"/>
    <input type="hidden" name="PrivateModeTimeout" value="240"/>
    <input type="hidden" name="WorkspaceFriendlyName" value="Workspace%20friendly%20name%20or%20description"/>
    <input type="hidden" name="EventLogUploadAddress" value=""/>
    <input type="hidden" name="RedirectorName" value="DC01.lab.local"/>
    <input type="hidden" name="ClaimsHint" value=""/>
    <input type="hidden" name="ClaimsToken" value=""/>
    
    <input name="isUtf8" type="hidden" value="1"/>
    <input type="hidden" name="flags" value="0"/>
...
form>

The RDWArecon.py tool automatically parses this form and extract all the information.

OS version banner image

If the remote RDWeb installation was not hardened, there is a high chance that the default version image file /RDWeb/Pages/images/WS_h_c.png is still accessible (even if not mentioned on the login page). This is really awesome as we can compare its sha256 hash value directly with a known table of the windows banners of this service:

Windows OS SHA256 hash Banner
Windows Server 2008 R2 5a8a77dc7ffd463647987c0de6df2c870f42819ec03bbd02a3ea9601e2ed8a4b
Windows Server 2012 R2 4560591682d433c7fa190c6bf40827110e219929932dc6dc049697529c8a98bc
Windows Server 2012 R2 3d9b56811a5126a6d3b78a692c2278d588d495ee215173f752ce4cbf8102921c
Windows Server 2016 fb1505aadeab42d82100c4d23d421f421c858feae98332c55a4b9595f4cea541
Windows Server 2016 3dbbeff5a0def7e0ba8ea383e5059eaa6acc37f7f8857218d44274fc029cfc4b
Windows Server 2019 2da4eb15fda2b7c80a94b9b2c5a3e104e2a9a2d9e9b3a222f5526c748fadf792
Windows Server 2022 256a6445e032875e611457374f08acb0565796c950eb9c254495d559600c0367

The RDWArecon.py tool automatically gets this file and compare its hash to get the remote Windows Server version.

Example of output

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

You might also like...
Bot made with Microsoft Azure' cloud service
Bot made with Microsoft Azure' cloud service

IttenWearBot Autori: Antonio Zizzari Simone Giglio IttenWearBot è un bot intelligente dotato di sofisticate tecniche di machile learning che aiuta gli

Antonio Zizzari 1 Jan 24, 2022
Automatic login to Microsoft Teams conferences

Automatic login to Microsoft Teams conferences

Xhos 1 Jan 24, 2022
A self-bot for discord, written in Python, which will send you notifications to your desktop if it detects an intruder on your discord server

A self-bot for discord, written in Python, which will send you notifications to your desktop if it detects an intruder on your discord server

LevPrav 1 Jan 11, 2022
Modern Desktop Jellyfin Client written in Python and Vue for the UI [WIP]

JellyPlayer Modern Jellyfin Client Installation Install Requirements: Install Python 3 Install dependencies Install node deps for frontend, go to Jell

Prayag Prajapati 57 Dec 12, 2022
Python bindings for Alexa Web Information Service (AWIS) API

Attention! This package is no longer maintained. See this ticket for more info. Wraps Alexa Web Information Service. Usage Making UrlInfo requests: ap

Atamert Ölçgen 51 Feb 12, 2022
Changes your desktop wallpaper based on the weather.
Changes your desktop wallpaper based on the weather.

WallPaperChanger 🖼️ Description ⛈️ This Python script changes your desktop wallpaper based on the weather. Cloning 🌀 $ git clone https://github.com/

Clarence Yang 74 Nov 29, 2022
Library to manage your own custom RPC on your desktop

Info I don't recommend novices setting this up yourself. It requires Redis, a server to host the API on, and a bit of understanding of Windows & Pytho

Isaac K 1 Apr 16, 2022
A simple program to display current playing from Spotify app on your desktop
A simple program to display current playing from Spotify app on your desktop

WallSpot A simple program to display current playing from Spotify app on your desktop How to Use: Linux: Currently Supports GNOME and KDE. If you want

Nannan 4 Feb 19, 2022
PRAW, an acronym for "Python Reddit API Wrapper", is a python package that allows for simple access to Reddit's API.

PRAW: The Python Reddit API Wrapper PRAW, an acronym for "Python Reddit API Wrapper", is a Python package that allows for simple access to Reddit's AP

Python Reddit API Wrapper Development 3k Dec 29, 2022
Releases(1.1)
Owner
Podalirius
Security Researcher 🕵️‍♂️ | Speaker 📣
Podalirius
GitHub Repository https://podalirius.net/
A feishu bot daily push arxiv latest articles.

arxiv-feishu-bot We develop A simple feishu bot script daily pushes arxiv latest articles. His effect is as follows: Of course, you can also use other

huchi 6 Apr 06, 2022
A script to automatically update bot status at GitHub as well as in Telegram channel.

Support BotStatus ~ A simple & short repository to show your bot's status in your GitHub README.md file as well as in you channel. ⚠️ This repo should

Jainam Oswal 55 Dec 13, 2022
Play Video & Music on Telegram Group Video Chat

Video Stream is an Advanced Telegram Bot that's allow you to play Video & Music on Telegram Group Video Chat 🧪 Get SESSION_NAME from below: Pyrogram

Sehath Perera 1 Jan 17, 2022
提供火币网交易接口API最简封装,提供现货买入、卖出、huobi币安查询账户余额等接口,数字货币,虚拟货币,BTC量化交易框架,自动交易,轻量便携,不用安装,即开即用

火币网交易接口的最简封装(只管用,不用再关注细节) 提供火币网交易接口的python封装,提供买入、卖出、查询账户余额等接口 接口说明 order_value() 进行买入操作,参数为买入的币和买入的金额 买入返回的详情数据: {'单号': '272229546125038', '成交数量': 0.

dev 95 Sep 24, 2021
SEBUAH TOOLS CRACK FACEBOOK & INSTAGRAM DENGAN FITUR YANGMENDUKUNG

SEBUAH TOOLS CRACK FACEBOOK & INSTAGRAM DENGAN FITUR YANGMENDUKUNG

Jeeck X Nano 1 Dec 27, 2021
Slam Mirror Bot is a multipurpose Telegram Bot written in Python for mirroring files on the Internet to our beloved Google Drive.

Slam Mirror Bot is a multipurpose Telegram Bot written in Python for mirroring files on the Internet to our beloved Google Drive.

Abinash939 1 Oct 10, 2021
Telegram Voice Chat Music Player UserBot Written with Pyrogram Smart Plugin and tgcalls

Telegram Voice Chat UserBot A Telegram UserBot to Play Audio in Voice Chats. This is also the source code of the userbot which is being used for playi

Dash Eclipse 7 May 21, 2022
Free and Open Source Group Voice chat music player for telegram ❤️ with button support youtube playback support

Free and Open Source Group Voice chat music player for telegram ❤️ with button support youtube playback support

Sehath Perera 1 Jan 08, 2022
This is a tutorial on how to make a Discord Bot using the discord.py library

HowToMakeADiscordBot This Github repository is here to help you code a Discord Bot using the discord.py library! 1 - Setup: Download the code inside t

Baz 1 Oct 31, 2021
Discord-Bot - Bot using nextcord for beginners

Discord-Bot Bot using nextcord for beginners! Requirements: 1 :- Install nextcord by typing "pip install nextcord" Thats it! You can use this code any

INFINITE_. 3 Jan 10, 2022
Asynchronous Python Wrapper for the Ufile API

Ufile.io Asynchronous Python Wrapper for the Ufile API (Unofficial).

Gautam Kumar 16 Aug 31, 2022
A tool to build scripts to toggle between minimal & default services in Windows based on user defined lists.

A tool to build scripts to toggle between minimal & default services in Windows based on user defined lists.

AMIT 29 Jan 01, 2023
Autov2new - Pro Auto Filter Bot V2

Pro Auto Filter Bot V2 Deploy You can deploy this bot anywhere. Watch Deploying

1 Jan 06, 2022
A simple Telegram bot that converts a phone number to a direct whatsapp chat link

Open in WhatsApp I was using a great app to open a whatsapp chat with a given number directly without saving that number in my contact list, but I fel

Pathfinder 19 Dec 24, 2022
Pythonic wrapper for the Aladhan prayer times API.

aladhan.py is a pythonic wrapper for the Aladhan prayer times API. Installation Python 3.6 or higher is required. To Install aladhan.py with pip: pip

HETHAT 8 Aug 17, 2022
Some random bot for Discord which was created just for fun (Made with Discord.py library)

Ghosty Previously known as 'secondthunder-py-bot' This is repository of some random bot for Discord which was created just for fun and for some educat

Владислав 8 Oct 02, 2022
tgEasy's Official Assistant Bot and Example Bot

tgEasy Assistant The assistant bot that helps people with tgEasy directly on Telegram. This repository contains the source code of @tgEasyRobot and th

Divide Projects™ 4 Dec 26, 2022
A better rename and convert bot with upload mode option and Auto detection

A better rename and convert bot with upload mode option and Auto detection

Code X Mania 2 Nov 09, 2021
A Python interface to AFL, allowing for easy injection of testcases and other functionality.

Fuzzer This module provides a Python wrapper for interacting with AFL (American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/). It supports starting an A

Shellphish 614 Dec 26, 2022
A Telegram Repo For Devs To Controll The Bots Under Maintenance.This Bot Is For Developers, If Your Bot Is Down, Use This Repo To Give Your Dear Subscribers Some Support By Providing Them Response.

Maintenance Bot A Telegram Repo For Devs To Controll The Bots Under Maintenance About This Bot This Bot Is For Developers, If Your Bot Is Down, Use Th

Vɪᴠᴇᴋ 47 Dec 29, 2022