A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application

Related tags

Third-party APIs Wrapperspythonwebactive-directorydomainrdpreconrdwa
Overview

banner

A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
GitHub release (latest by date)

This python script allow to extract various information from a Microsoft Remote Desktop Web Access (RDWA) application, such as the FQDN of the remote server, the internal AD domain name (from the FQDN), and the remote Windows Server version

Usage

$ ./RDWArecon.py -h

        ____  ____ _       _____                             
       / __ \/ __ \ |     / /   |  ________  _________  ____ 
      / /_/ / / / / | /| / / /| | / ___/ _ \/ ___/ __ \/ __ \   @podalirius_
     / _, _/ /_/ /| |/ |/ / ___ |/ /  /  __/ /__/ /_/ / / / /   
    /_/ |_/_____/ |__/|__/_/  |_/_/   \___/\___/\____/_/ /_/    v1.1
                                                             
    
usage: RDWArecon.py [-h] -u URL [-v] [-k] [-L] [--no-colors]

Description message

optional arguments:
  -h, --help         show this help message and exit
  -u URL, --url URL  Target RDWeb url
  -v, --verbose      Verbose mode. (default: False)
  -k, --insecure     Allow insecure server connections when using SSL (default: False)
  -L, --location     Follow redirects (default: False)
  --no-colors        Disable colored output (default: False)

How it works

Getting information about the remote server

There is many pre-filled information on the login.aspx page of the Remote Desktop Web Access (RDWA) application. In the input fields WorkSpaceID and/or RedirectorName we can find the FQDN of the remote server, and WorkspaceFriendlyName can contain a text description of the workspace.

... "> 
<form id="FrmLogin" name="FrmLogin" action="login.aspx?ReturnUrl=%2FRDWeb%2FPages%2Fen-US%2FDefault.aspx" method="post" onsubmit="return onLoginFormSubmit()">
    <input type="hidden" name="WorkSpaceID" value="DC01.lab.local"/>
    <input type="hidden" name="RDPCertificates" value="E7100C72B6C11A5D14DE115D801E100C79143C19"/>
    <input type="hidden" name="PublicModeTimeout" value="20"/>
    <input type="hidden" name="PrivateModeTimeout" value="240"/>
    <input type="hidden" name="WorkspaceFriendlyName" value="Workspace%20friendly%20name%20or%20description"/>
    <input type="hidden" name="EventLogUploadAddress" value=""/>
    <input type="hidden" name="RedirectorName" value="DC01.lab.local"/>
    <input type="hidden" name="ClaimsHint" value=""/>
    <input type="hidden" name="ClaimsToken" value=""/>
    
    <input name="isUtf8" type="hidden" value="1"/>
    <input type="hidden" name="flags" value="0"/>
...
form>

The RDWArecon.py tool automatically parses this form and extract all the information.

OS version banner image

If the remote RDWeb installation was not hardened, there is a high chance that the default version image file /RDWeb/Pages/images/WS_h_c.png is still accessible (even if not mentioned on the login page). This is really awesome as we can compare its sha256 hash value directly with a known table of the windows banners of this service:

Windows OS SHA256 hash Banner
Windows Server 2008 R2 5a8a77dc7ffd463647987c0de6df2c870f42819ec03bbd02a3ea9601e2ed8a4b
Windows Server 2012 R2 4560591682d433c7fa190c6bf40827110e219929932dc6dc049697529c8a98bc
Windows Server 2012 R2 3d9b56811a5126a6d3b78a692c2278d588d495ee215173f752ce4cbf8102921c
Windows Server 2016 fb1505aadeab42d82100c4d23d421f421c858feae98332c55a4b9595f4cea541
Windows Server 2016 3dbbeff5a0def7e0ba8ea383e5059eaa6acc37f7f8857218d44274fc029cfc4b
Windows Server 2019 2da4eb15fda2b7c80a94b9b2c5a3e104e2a9a2d9e9b3a222f5526c748fadf792
Windows Server 2022 256a6445e032875e611457374f08acb0565796c950eb9c254495d559600c0367

The RDWArecon.py tool automatically gets this file and compare its hash to get the remote Windows Server version.

Example of output

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

You might also like...
Bot made with Microsoft Azure' cloud service
Bot made with Microsoft Azure' cloud service

IttenWearBot Autori: Antonio Zizzari Simone Giglio IttenWearBot è un bot intelligente dotato di sofisticate tecniche di machile learning che aiuta gli

Antonio Zizzari 1 Jan 24, 2022
Automatic login to Microsoft Teams conferences

Automatic login to Microsoft Teams conferences

Xhos 1 Jan 24, 2022
A self-bot for discord, written in Python, which will send you notifications to your desktop if it detects an intruder on your discord server

A self-bot for discord, written in Python, which will send you notifications to your desktop if it detects an intruder on your discord server

LevPrav 1 Jan 11, 2022
Modern Desktop Jellyfin Client written in Python and Vue for the UI [WIP]

JellyPlayer Modern Jellyfin Client Installation Install Requirements: Install Python 3 Install dependencies Install node deps for frontend, go to Jell

Prayag Prajapati 57 Dec 12, 2022
Python bindings for Alexa Web Information Service (AWIS) API

Attention! This package is no longer maintained. See this ticket for more info. Wraps Alexa Web Information Service. Usage Making UrlInfo requests: ap

Atamert Ölçgen 51 Feb 12, 2022
Changes your desktop wallpaper based on the weather.
Changes your desktop wallpaper based on the weather.

WallPaperChanger 🖼️ Description ⛈️ This Python script changes your desktop wallpaper based on the weather. Cloning 🌀 $ git clone https://github.com/

Clarence Yang 74 Nov 29, 2022
Library to manage your own custom RPC on your desktop

Info I don't recommend novices setting this up yourself. It requires Redis, a server to host the API on, and a bit of understanding of Windows & Pytho

Isaac K 1 Apr 16, 2022
A simple program to display current playing from Spotify app on your desktop
A simple program to display current playing from Spotify app on your desktop

WallSpot A simple program to display current playing from Spotify app on your desktop How to Use: Linux: Currently Supports GNOME and KDE. If you want

Nannan 4 Feb 19, 2022
PRAW, an acronym for "Python Reddit API Wrapper", is a python package that allows for simple access to Reddit's API.

PRAW: The Python Reddit API Wrapper PRAW, an acronym for "Python Reddit API Wrapper", is a Python package that allows for simple access to Reddit's AP

Python Reddit API Wrapper Development 3k Dec 29, 2022
Releases(1.1)
Owner
Podalirius
Security Researcher 🕵️‍♂️ | Speaker 📣
Podalirius
GitHub Repository https://podalirius.net/
Stackoverflow Telegram Bot With Python

Template for Telegram Bot Template to create a telegram bot in python. How to Run Set your telegram bot token as environment variable TELEGRAM_BOT_TOK

PyTopia 10 Mar 07, 2022
Barbot is a discord bot made from discord.py and python, barbot is most to fun and roleplay for servers!

BarBot Main source of barbot Overview Barbot is a discord bot made from discord.py and python, barbot is most to fun and roleplay for servers! Links i

AlexyDaCoder 3 Nov 28, 2021
Azure Neural Speech Service TTS

Written in Python using the Azure Speech SDK. App.py provides an easy way to create an Text-To-Speech request to Azure Speech and download the wav file.

Rodney 1 Oct 11, 2021
A discord self bot that replies to messages using cleverbot

cleverbot-discord-self A discord self bot that replies to messages using cleverbot Bot will respond to DMs and channels in the channels list. Need to

0 Jan 11, 2022
Optimus Prime - A modular Telegram group management and drive clone bot running on Python with sqlalchemy database

Optimus Prime Bot . 🤖 A modular Telegram group management and drive clone bot r

9 Jun 01, 2022
Python function to construct an ODS spreadsheet on the fly - without having to store the entire file in memory or disk

stream-write-ods Python function to construct an ODS (OpenDocument Spreadsheet) on the fly - without having to store the entire file in memory or disk

Department for International Trade 1 Oct 09, 2022
可基于【腾讯云函数】/【GitHub Actions】/【Docker】的每日签到脚本(支持多账号使用)签到列表: |爱奇艺|全民K歌|腾讯视频|有道云笔记|网易云音乐|一加手机社区官方论坛|百度贴吧|Bilibili|V2EX|咔叽网单|什么值得买|AcFun|天翼云盘|WPS|吾爱破解|芒果TV|联通营业厅|Fa米家|小米运动|百度搜索资源平台|每日天气预报|每日一句|哔咔漫画|和彩云|智友邦|微博|CSDN|王者营地|

每日签到集合 基于【腾讯云函数】/【GitHub Actions】/【Docker】的每日签到脚本 支持多账号使用 特别声明: 本仓库发布的脚本及其中涉及的任何解锁和解密分析脚本,仅用于测试和学习研究,禁止用于商业用途,不能保证其合法性,准确性,完整性和有效性,请根据情况自行判断。

87 Nov 12, 2022
PunkScape Discord bot to lookup rarities, create diptychs and more.

PunkScape Discord Bot A Discord bot created for the Discord server of PunkScapes, a banner NFT project. It was intially created to lookup rarities of

Akuti 4 Jun 24, 2022
Discord group chat leaver.

Discord group chat leaver I know many people who have fallen victim to these weird group chat spammers including me. I made this script to help those

cliphd 3 Feb 27, 2022
Share your files on local network just by one click.

Share Your Folder This script helps you to share any folder anywhere on your local network. it's possible to use the script on both: Windows (Click he

Mehran Seifalinia 15 Oct 23, 2022
HackZ-Token-Grabber-V2 - HackZ Token Grabber V2

HackZ-Token-Grabber-V2 was made by Love ❌ code ✅ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ 🌟

! ™NightMare 2 Mar 01, 2022
GitHub action to deploy serverless functions to YandexCloud

YandexCloud serverless function deploy action Deploy new serverless function version (including function creation if it does not exist). Inputs yc_acc

Много Лосося 4 Apr 10, 2022
ShadowMusic - A Telegram Music Bot with proper functions written in Python with Pyrogram and Py-Tgcalls.

⭐️ Shadow Music ⭐️ A Telegram Music Bot written in Python using Pyrogram and Py-Tgcalls Ready to use method A Support Group, Updates Channel and ready

TeamShadow 8 Aug 17, 2022
A Superfast SMS & Call bomber for Linux And Termux

PSKR_BOMBER 💣 📱 💀 A Superfast SMS & Call bomber for Linux And Termux ! Disclaimer This tool is for educational purposes only ! Don't use this to ta

1 Dec 20, 2021
An automated tool that fetches information about your crypto stake and generates historical data in time.

Introduction Yield explorer is a WIP! I needed a tool that would show me historical data and performance of my staked crypto but was unable to find a

Sedat Can Yalçın 42 Nov 26, 2022
wrapper for facebook messenger

pyfacebook pyfacebook library for python. Requirements common Help Got a question? File a GitHub issue. Contributing Bug Reports & Feature Requests Pl

Luis Mayta 3 Nov 12, 2021
Slash util - A simple script to add application command support to discord.py v2.0

slash_util is a simple wrapper around slash commands for discord.py This is writ

Maya 28 Nov 16, 2022
Plays air warning sound when detects a certain phrase or a word in a specified Telegram chat.

Tryvoha Bot Disclaimer: this is more a convenient naming, rather than a real bot. It is designed to play air warning sound when detects a certain phra

Dmytro Novikov 2 Mar 02, 2022
A bot which provides online/offline and player status for Thicc SMP, using Replit.

AlynaaStatus A bot which provides online/offline and player status for Thicc SMP. Currently being hosted on Replit. How to use? Create a repl on Repli

QuanTrieuPCYT 8 Dec 15, 2022
un outil pour bypasser les code d'états HTTP négatif coté client ( 4xx )

4xxBypasser un outil pour bypasser les code d'états HTTP négatif coté client ( 4xx ) Liscence : MIT license Creator Installation : git clone https://g

21 Dec 25, 2022