Cloned Certificate Mismatch
djhohnstein opened this issue · comments
Hey there, recently tested the script in a lab between two unpatched Windows 10 boxes. Here's the setup:
Seth Server at 192.168.234.141
RDP Server at 192.168.234.128
Connecting Victim at 192.168.234.130
Without Seth running, the certificate warning should look as follows:
However, when I run Seth by:
root@kali:~/Seth# ./seth.sh eth0 192.168.234.141 192.168.234.130 192.168.234.128
Then connect from the victim machine again, I see the following certificate error presented by Seth's fake cert:
Is there something that I'm missing in running this script, or something that's changed in Windows 10?
You're not missing anything. If you (or rather the victim) would use the host name instead of the IP address to connect, you wouldn't notice a difference.
I realize that Windows does not warn about the name mismatch if you connect to the genuine host even if you use the IP address to connect. Not sure why, as the certificates are for sure identical (up to the public key). I'll have to investigate. It would be nice to have it behave exactly the same even when IP addresses are used.
Ah, I see now. A strange quirk but good to know; thanks!