A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application

Related tags

Third-party APIs Wrapperspythonwebactive-directorydomainrdpreconrdwa
Overview

banner

A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
GitHub release (latest by date)

This python script allow to extract various information from a Microsoft Remote Desktop Web Access (RDWA) application, such as the FQDN of the remote server, the internal AD domain name (from the FQDN), and the remote Windows Server version

Usage

$ ./RDWArecon.py -h

        ____  ____ _       _____                             
       / __ \/ __ \ |     / /   |  ________  _________  ____ 
      / /_/ / / / / | /| / / /| | / ___/ _ \/ ___/ __ \/ __ \   @podalirius_
     / _, _/ /_/ /| |/ |/ / ___ |/ /  /  __/ /__/ /_/ / / / /   
    /_/ |_/_____/ |__/|__/_/  |_/_/   \___/\___/\____/_/ /_/    v1.1
                                                             
    
usage: RDWArecon.py [-h] -u URL [-v] [-k] [-L] [--no-colors]

Description message

optional arguments:
  -h, --help         show this help message and exit
  -u URL, --url URL  Target RDWeb url
  -v, --verbose      Verbose mode. (default: False)
  -k, --insecure     Allow insecure server connections when using SSL (default: False)
  -L, --location     Follow redirects (default: False)
  --no-colors        Disable colored output (default: False)

How it works

Getting information about the remote server

There is many pre-filled information on the login.aspx page of the Remote Desktop Web Access (RDWA) application. In the input fields WorkSpaceID and/or RedirectorName we can find the FQDN of the remote server, and WorkspaceFriendlyName can contain a text description of the workspace.

... "> 
<form id="FrmLogin" name="FrmLogin" action="login.aspx?ReturnUrl=%2FRDWeb%2FPages%2Fen-US%2FDefault.aspx" method="post" onsubmit="return onLoginFormSubmit()">
    <input type="hidden" name="WorkSpaceID" value="DC01.lab.local"/>
    <input type="hidden" name="RDPCertificates" value="E7100C72B6C11A5D14DE115D801E100C79143C19"/>
    <input type="hidden" name="PublicModeTimeout" value="20"/>
    <input type="hidden" name="PrivateModeTimeout" value="240"/>
    <input type="hidden" name="WorkspaceFriendlyName" value="Workspace%20friendly%20name%20or%20description"/>
    <input type="hidden" name="EventLogUploadAddress" value=""/>
    <input type="hidden" name="RedirectorName" value="DC01.lab.local"/>
    <input type="hidden" name="ClaimsHint" value=""/>
    <input type="hidden" name="ClaimsToken" value=""/>
    
    <input name="isUtf8" type="hidden" value="1"/>
    <input type="hidden" name="flags" value="0"/>
...
form>

The RDWArecon.py tool automatically parses this form and extract all the information.

OS version banner image

If the remote RDWeb installation was not hardened, there is a high chance that the default version image file /RDWeb/Pages/images/WS_h_c.png is still accessible (even if not mentioned on the login page). This is really awesome as we can compare its sha256 hash value directly with a known table of the windows banners of this service:

Windows OS SHA256 hash Banner
Windows Server 2008 R2 5a8a77dc7ffd463647987c0de6df2c870f42819ec03bbd02a3ea9601e2ed8a4b
Windows Server 2012 R2 4560591682d433c7fa190c6bf40827110e219929932dc6dc049697529c8a98bc
Windows Server 2012 R2 3d9b56811a5126a6d3b78a692c2278d588d495ee215173f752ce4cbf8102921c
Windows Server 2016 fb1505aadeab42d82100c4d23d421f421c858feae98332c55a4b9595f4cea541
Windows Server 2016 3dbbeff5a0def7e0ba8ea383e5059eaa6acc37f7f8857218d44274fc029cfc4b
Windows Server 2019 2da4eb15fda2b7c80a94b9b2c5a3e104e2a9a2d9e9b3a222f5526c748fadf792
Windows Server 2022 256a6445e032875e611457374f08acb0565796c950eb9c254495d559600c0367

The RDWArecon.py tool automatically gets this file and compare its hash to get the remote Windows Server version.

Example of output

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

You might also like...
Bot made with Microsoft Azure' cloud service
Bot made with Microsoft Azure' cloud service

IttenWearBot Autori: Antonio Zizzari Simone Giglio IttenWearBot è un bot intelligente dotato di sofisticate tecniche di machile learning che aiuta gli

Antonio Zizzari 1 Jan 24, 2022
Automatic login to Microsoft Teams conferences

Automatic login to Microsoft Teams conferences

Xhos 1 Jan 24, 2022
A self-bot for discord, written in Python, which will send you notifications to your desktop if it detects an intruder on your discord server

A self-bot for discord, written in Python, which will send you notifications to your desktop if it detects an intruder on your discord server

LevPrav 1 Jan 11, 2022
Modern Desktop Jellyfin Client written in Python and Vue for the UI [WIP]

JellyPlayer Modern Jellyfin Client Installation Install Requirements: Install Python 3 Install dependencies Install node deps for frontend, go to Jell

Prayag Prajapati 57 Dec 12, 2022
Python bindings for Alexa Web Information Service (AWIS) API

Attention! This package is no longer maintained. See this ticket for more info. Wraps Alexa Web Information Service. Usage Making UrlInfo requests: ap

Atamert Ölçgen 51 Feb 12, 2022
Changes your desktop wallpaper based on the weather.
Changes your desktop wallpaper based on the weather.

WallPaperChanger 🖼️ Description ⛈️ This Python script changes your desktop wallpaper based on the weather. Cloning 🌀 $ git clone https://github.com/

Clarence Yang 74 Nov 29, 2022
Library to manage your own custom RPC on your desktop

Info I don't recommend novices setting this up yourself. It requires Redis, a server to host the API on, and a bit of understanding of Windows & Pytho

Isaac K 1 Apr 16, 2022
A simple program to display current playing from Spotify app on your desktop
A simple program to display current playing from Spotify app on your desktop

WallSpot A simple program to display current playing from Spotify app on your desktop How to Use: Linux: Currently Supports GNOME and KDE. If you want

Nannan 4 Feb 19, 2022
PRAW, an acronym for "Python Reddit API Wrapper", is a python package that allows for simple access to Reddit's API.

PRAW: The Python Reddit API Wrapper PRAW, an acronym for "Python Reddit API Wrapper", is a Python package that allows for simple access to Reddit's AP

Python Reddit API Wrapper Development 3k Dec 29, 2022
Releases(1.1)
Owner
Podalirius
Security Researcher 🕵️‍♂️ | Speaker 📣
Podalirius
GitHub Repository https://podalirius.net/
A very tiny python api for the stock exchange tradegate.de

pytradegate A very tiny python api for the stock exchange tradegate.de The api provides the recent ask/bid data and all other data as found on the det

dunderstr aka seimen 7 Aug 24, 2022
The worst but simplest webhook bot for GitHub and Matrix.

gh-bot gh-bot is maybe the worst (but simplest) Matrix webhook bot for Github. Example of commits: Example of workflow finished: Setting up Server You

Jae Lo Presti 4 Aug 18, 2022
Another secured and Yet Fastest telegram userbot

Vision-UserBot A stable, simple Telegram UserBot in Pyrogram! Support Variables ➨ TG_APP_ID - Your Telegram Api id. ➨ TG_API_HASH - Your Telegram Api

TeamVision 40 Oct 24, 2022
A stable and Fast telegram video convertor bot which can compress, convert(video into audio and other video formats), rename with permanent thumbnail and trim.

ᴠɪᴅᴇᴏ ᴄᴏɴᴠᴇʀᴛᴏʀ A stable and Fast telegram video convertor bot which can compress, convert(video into audio and other video formats), rename and trim.

Mahesh Chauhan 183 Jan 04, 2023
A Telegram bot to upload files from Telegram or Direct links to Google Drive.

Google Drive Uploader Telegram Bot A Telegram bot to upload files from Telegram or Direct links to Google Drive. Features Telegram files support. Dire

IDNCoderX 21 Dec 05, 2022
Your custom slash commands Discord bot!

Slashy - Your custom slash-commands bot Hey, I'm Slashy - your friendly neighborhood custom-command bot! The code for this bot exists because I'm like

Omar Zunic 8 Dec 20, 2022
Checks if Minecraft accounts are available, or taken.

MCNameChecker Checks validity of Minecraft IGN's. Using async to make it even faster. Has rate-limit detections and Proxy support Usage Q. How do I us

Dimitri Demarkus 5 Apr 22, 2022
An unoffcial python API client for primeuploads.com

primeuploads-py An unoffcial python API wrapper for primeuploads.com Installation pip3 install primeuploads-py Usage example from prime import PrimeUp

W4RR10R 41 Dec 05, 2022
A Discord bot that rewards players in Minecraft for sending messages on Discord

MCRewards-Discord-Bot A Discord bot that rewards players in Minecraft for sending messages on Discord How to setup: Download this git as a .zip, or cl

3 Dec 26, 2021
A Telegram bot that searches for the original source of anime, manga, and art

A Telegram bot that searches for the original source of anime, manga, and art How to use the bot Just send a screenshot of the anime, manga or art or

Kira Kormak 9 Dec 28, 2022
Simple Discord bot for snekbox (sandboxed Python code execution), self-host or use a global instance

snakeboxed Simple Discord bot for snekbox (sandboxed Python code execution), self-host or use a global instance

0 Jun 25, 2022
API generated by OpenAPI for nhentai.net

nhentai-api No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) This Python package is automati

Shikanime Deva 1 Nov 01, 2021
A script to automate the process of downloading Markdown and CSV backups of Notion

Automatic-Notion-Backup A script to automate the process of downloading Markdown and CSV backups of Notion. In addition, the data is processed to remo

Jorge Manuel Lozano Gómez 2 Nov 02, 2022
Official API documentation for Highrise

Highrise API The Highrise API is implemented as vanilla XML over HTTP using all four verbs (GET/POST/PUT/DELETE). Every resource, like Person, Deal, o

Basecamp 128 Dec 06, 2022
Backlog API v2 Client Library for Python

BacklogPy - Backlog API v2 Client Library for Python BacklogPy is Backlog API v2 Client Library for Python 2/3 Install You can install the client libr

Koudai Aono 7 Dec 16, 2022
Use CSV files as a Nornir Inventory source with hosts, groups and defaults.

nornir_csv Use CSV files as a Nornir Inventory source with hosts, groups and defaults. This can be used as an equivalent to the Simple Inventory plugi

Matheus Augusto da Silva 2 Aug 13, 2022
This is a python bot that automatically logs in, clicks the new button, and sends heroes to work in the bombcrypto game

This is a python bot that automatically logs in, clicks the new button, and sends heroes to work in the bombcrypto game. It is fully open source and free.

856 Jan 04, 2023
Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

pcs-toolbox Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs. Table of Contents Support Setup Configuration Script Usage CSPM Scri

Palo Alto Networks 34 Dec 15, 2022
Python lib to control HottoH based stove devices

Project desciption This library can be used to discuss with HootoH based stove devices Actually tested and validated with a CMG Drum stove. To use thi

3 May 16, 2022
Unofficial API wrapper for seedr.cc

Seedr API Unofficial API wrapper for seedr.cc Inspired by theabbie's seedr-api Powered by @harp_tech (Telegram) How to use You can install lib via git

Anjana Madu 49 Oct 24, 2022