View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007909 | Kali Linux | [All Projects] Kali Package Bug | public | 2022-09-06 21:49 | 2022-09-09 14:00 |
| Reporter | X0RW3LL | Assigned To | arnaudr | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2022.3 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0007909: (python3-impacket) impacket-rdp_check raises OpenSSL.crypto.Error on testing against targets | ||||
| Description | Running impacket-rdp_check raises OpenSSL.crypto.Error as the python3-impacket package on Kali hasn't received the June 29 and July 20 commits The updated code in the SecureAuth impacket repo adds support for pyOpenSSL >= 21.0.0, while the package in the Kali repo contains the outdated code Proposed fix: pull the latest commits from the SecureAuth impacket repo | ||||
| Steps To Reproduce | $ impacket-rdp_check [[domain/]username[:password]@]<targetName or address> | ||||
| Additional Information | https://github.com/SecureAuthCorp/impacket/commit/01cae775df2d2ac7f6be4ed27b3885aaed9f3350 Changed the setting up for new SSL connections * Modified the SSL context setting. Using TLS_METHOD the protocol version used will be negotiated to the highest version mutually supported by the client and the server * Modified cipher list setting. Defining 'ALL:@SECLEVEL=0' enables compatibility with previous versions. * Updated pyOpenSSL requirement to >=v21.0.0. This version included the TLS_METHOD definition. ----------------------------------------------------------------------------------------------------------------------------------------------------- https://github.com/SecureAuthCorp/impacket/commit/e10ae8e6549f0d5fbc537582e34b65ed1be45aa0 Updated rdp_check.py * Since the pyOpenSSL requirement has been updated, we can now use the dump_publickey() function. ----------------------------------------------------------------------------------------------------------------------------------------------------- https://github.com/SecureAuthCorp/impacket/commit/c74caff0f2dd91a5be78140358dd30b653f7be6a Added support for TLS1.0 ----------------------------------------------------------------------------------------------------------------------------------------------------- Traceback (most recent call last): File "/usr/share/doc/python3-impacket/examples/rdp_check.py", line 574, in <module> check_rdp(address, username, password, domain, options.hashes) File "/usr/share/doc/python3-impacket/examples/rdp_check.py", line 470, in check_rdp dump = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pkey) File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 2090, in dump_privatekey _openssl_assert(result_code != 0) File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 71, in openssl_assert exception_from_error_queue(error) File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue raise exception_type(errors) OpenSSL.crypto.Error: [('asn1 encoding routines', '', 'illegal zero content'), ('Provider routines', '', 'malloc failure'), ('asn1 encoding routines', '', 'illegal zero content'), ('Provider routines', '', 'malloc failure'), ('asn1 encoding routines', '', 'unsupported type')] ----------------------------------------------------------------------------------------------------------------------------------------------------- cat /etc/os-release PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" ID=kali VERSION="2022.3" VERSION_ID="2022.3" VERSION_CODENAME="kali-rolling" ----------------------------------------------------------------------------------------------------------------------------------------------------- Python v3.10.6 pyOpenSSL v21.0.0 python3-impacket v0.10.0-2 ----------------------------------------------------------------------------------------------------------------------------------------------------- | ||||
|
|
Thanks for the thorough but report! This package comes from Debian, so we fixed it there. It has just been uploaded to Debian: https://tracker.debian.org/pkg/impacket (version 0.10.0-3, this is the version with the fix). It should reach Kali mirrors in a few days, |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-09-06 21:49 | X0RW3LL | New Issue | |
| 2022-09-09 06:29 | arnaudr | Assigned To | => arnaudr |
| 2022-09-09 06:29 | arnaudr | Status | new => assigned |
| 2022-09-09 13:51 | arnaudr | Note Added: 0016716 | |
| 2022-09-09 14:00 | arnaudr | Status | assigned => resolved |
| 2022-09-09 14:00 | arnaudr | Resolution | open => fixed |