View Issue Details

IDProjectCategoryView StatusLast Update
0007909Kali LinuxKali Package Bugpublic2022-09-09 14:00
ReporterX0RW3LL Assigned Toarnaudr  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Version2022.3 
Summary0007909: (python3-impacket) impacket-rdp_check raises OpenSSL.crypto.Error on testing against targets
Description

Running impacket-rdp_check raises OpenSSL.crypto.Error as the python3-impacket package on Kali hasn't received the June 29 and July 20 commits

The updated code in the SecureAuth impacket repo adds support for pyOpenSSL >= 21.0.0, while the package in the Kali repo contains the outdated code

Proposed fix: pull the latest commits from the SecureAuth impacket repo

Steps To Reproduce

$ impacket-rdp_check [[domain/]username[:password]@]<targetName or address>

Additional Information

https://github.com/SecureAuthCorp/impacket/commit/01cae775df2d2ac7f6be4ed27b3885aaed9f3350

Changed the setting up for new SSL connections

  • Modified the SSL context setting. Using TLS_METHOD the protocol version used will be negotiated to the highest version mutually supported by the client and the server
  • Modified cipher list setting. Defining 'ALL:@SECLEVEL=0' enables compatibility with previous versions.
  • Updated pyOpenSSL requirement to >=v21.0.0. This version included the TLS_METHOD definition.

    https://github.com/SecureAuthCorp/impacket/commit/e10ae8e6549f0d5fbc537582e34b65ed1be45aa0

Updated rdp_check.py

Added support for TLS1.0

Traceback (most recent call last):
File "/usr/share/doc/python3-impacket/examples/rdp_check.py", line 574, in <module>
check_rdp(address, username, password, domain, options.hashes)
File "/usr/share/doc/python3-impacket/examples/rdp_check.py", line 470, in check_rdp
dump = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pkey)
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 2090, in dump_privatekey
_openssl_assert(result_code != 0)
File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 71, in openssl_assert
exception_from_error_queue(error)
File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.crypto.Error: [('asn1 encoding routines', '', 'illegal zero content'), ('Provider routines', '', 'malloc failure'), ('asn1 encoding routines', '', 'illegal zero content'), ('Provider routines', '', 'malloc failure'), ('asn1 encoding routines', '', 'unsupported type')]

cat /etc/os-release
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2022.3"
VERSION_ID="2022.3"
VERSION_CODENAME="kali-rolling"

Python v3.10.6
pyOpenSSL v21.0.0
python3-impacket v0.10.0-2

Activities

arnaudr

arnaudr

2022-09-09 13:51

manager   ~0016716

Thanks for the thorough but report!

This package comes from Debian, so we fixed it there. It has just been uploaded to Debian: https://tracker.debian.org/pkg/impacket (version 0.10.0-3, this is the version with the fix). It should reach Kali mirrors in a few days,

Issue History

Date Modified Username Field Change
2022-09-06 21:49 X0RW3LL New Issue
2022-09-09 06:29 arnaudr Assigned To => arnaudr
2022-09-09 06:29 arnaudr Status new => assigned
2022-09-09 13:51 arnaudr Note Added: 0016716
2022-09-09 14:00 arnaudr Status assigned => resolved
2022-09-09 14:00 arnaudr Resolution open => fixed