Honeypot not playing the Recorded Session Scenario (RSS)

Question

Honeypot not playing the Recorded Session Scenario (RSS)

ner00 opened this issue 6 years ago · 0 comments

I get the following error from the client when connecting to the honeypot:

Because of a protocol error, this session will be disconnected. Please try connecting to the remote computer again.

First, I used rdpy-rdpmitm.py to run the MITM server and record the RSS file:
root@root:~# rdpy-rdpmitm.py -o /root/rss/ 192.168.0.100

This recorded 2 files:

20180401215207_192.168.0.100_1.rss
20180401215208_192.168.0.100_2.rss

The first one has only 10KB and the second has 7MB. The 10KB file was not accepted by the honeypot as argument, but the 2nd file is accepted.

So, I tried using the second recorded session file with the honeypot:

root@root:~# rdpy-rdphoneypot.py /root/rss/20180401215208_192.168.0.100_2.rss
[*] INFO:	Build size map
[*] INFO:	(1920, 1080) -> /root/rss/20180401215208_192.168.0.100_2.rss

But then, when I connect a client to the honeypot, it gets disconnected with the following error (client side):

Because of a protocol error, this session will be disconnected. Please try connecting to the remote computer again.

On the honeypot console I get the following:

[*] INFO:	Connection from 192.168.0.100:24664
[*] INFO:	Connection from 192.168.0.100:24665
[*] INFO:	select file (1920, 1080) -> /root/rss/20180401215208_192.168.0.100_2.rss
[*] INFO:	Credentials:
		domain:
		username:
		password:
		hostname: DESKTOP-ASJ3R1

[*] INFO:	Credentials:
		domain:
		username:
		password:
		hostname: DESKTOP-ASJ3R1

What am I doing wrong?