aardwolf
aardwolf copied to clipboard
skelsec
Kerberos broken ?
Hello,
I feel like kerberos auth is broken, i try the most simple script:
import asyncio
from aardwolf.commons.factory import RDPConnectionFactory
from aardwolf.commons.iosettings import RDPIOSettings
async def check_rdp_kerberos(hostname, username, password, domain, port=3389, dc_ip=None, timeout=10):
"""Check if RDP Kerberos login works using URL format"""
connection = None
rdp_url = f'rdp+kerberos-password://{domain}\\{username}:{password}@{hostname}:{port}/?dc={dc_ip}'
# Configure minimal RDP settings
iosettings = RDPIOSettings()
iosettings.channels = []
iosettings.clipboard_use_pyperclip = False
# Create connection factory and connect
factory = RDPConnectionFactory.from_url(rdp_url, iosettings)
connection = factory.get_connection(iosettings)
success, error = await asyncio.wait_for(connection.connect(), timeout=timeout)
if error is None:
print("✅ Kerberos login successful")
return True
else:
print(f"❌ Login failed: {error}")
return False
if __name__ == "__main__":
# Test configuration
HOSTNAME = 'dc01.gotham.city'
USERNAME = 'Administrator'
PASSWORD = 'October2022'
DOMAIN = 'gotham.city'
DC_IP = '192.168.231.150' # Optional
asyncio.run(check_rdp_kerberos(HOSTNAME, USERNAME, PASSWORD, DOMAIN, dc_ip=DC_IP))
If y replace rdp+kerberos-password by rdp+ntlm-password it's working
More info, it's working on a windows server 2022 but not on a windows server 2025