ValueError: file descriptor cannot be a negative integer (-1) - Can't figure out the issue

Question

ValueError: file descriptor cannot be a negative integer (-1) - Can't figure out the issue

m0nk3y-s3c opened this issue 5 years ago · comments

[] Spoofing arp replies...
[] Turning on IP forwarding...
[] Set iptables rules for SYN packets...
[] Waiting for a SYN packet to the original destination...
[+] Got it! Original destination is 1xx.xx.xx.xxx
[] Clone the x509 certificate of the original destination...
[] Adjust the iptables rule for all packets...
[*] Run RDP proxy...
Listening for new connection
Connection received from 1xx.xx.xx.xxx:18885
Downgrading authentication options from 11 to 3
Listening for new connection
Enable SSL
Connection lost
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/opt/Seth/seth/main.py", line 47, in run
self.forward_data()
File "/opt/Seth/seth/main.py", line 155, in forward_data
readable, _, _ = select.select([self.lsock, self.rsock], [], [])
ValueError: file descriptor cannot be a negative integer (-1)
Connection received from 1xx.xx.xx.xxx:18887
Downgrading authentication options from 11 to 3
Listening for new connection
Enable SSL
Connection lost
Exception in thread Thread-2:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/opt/Seth/seth/main.py", line 47, in run
self.forward_data()
File "/opt/Seth/seth/main.py", line 155, in forward_data
readable, _, _ = select.select([self.lsock, self.rsock], [], [])
ValueError: file descriptor cannot be a negative integer (-1)

Any idea what it may be?
Thanks

Chris Farrell · Answer 1 · Thu Jan 10 2019 00:11:33 GMT+0800 (China Standard Time)

Just wanted to share that I have this identical error. Unable to resolve it.

ospf10 · Answer 2 · Tue Jan 15 2019 23:58:18 GMT+0800 (China Standard Time)

+1. Also having this issue.

Connection received from 10.104.11.6:10458
Listening for new connection
From client:
0300002c27e00000000000436f6f6b69653a206d737473686173683d647261676f730d0a010008000b000000
Downgrading authentication options from 11 to 3
From client: (modified)
0300002c27e00000000000436f6f6b69653a206d737473686173683d647261676f730d0a0100080003000000
From server:
030000130ed00000123400020f080002000000
Enable SSL
Connection lost
Exception in thread Thread-2:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/opt/Seth/seth/main.py", line 47, in run
self.forward_data()
File "/opt/Seth/seth/main.py", line 155, in forward_data
readable, _, _ = select.select([self.lsock, self.rsock], [], [])
ValueError: file descriptor cannot be a negative integer (-1)

Alton Johnson, OSCP, OSCE · Answer 3 · Thu Jan 17 2019 05:58:23 GMT+0800 (China Standard Time)

+1 same here.

I was just getting ready to create an issue as well. Not quite sure what's causing this. Tried dissecting the code and doing it all manually as much as possible.

Tijl Deneut · Answer 4 · Mon Jan 21 2019 03:31:39 GMT+0800 (China Standard Time)

Hi, also wondering why I'm seeing this issue. Happens when intercepting connections from Win10 v1803 to Server 2016 end also to Server 2019 with NLA disabled and enabled. In all cases the error message was the same.
I should look into it, because my own research (with a script created before Seth) does work in these cases: https://github.com/tijldeneut/Security/blob/master/rdpstrip.py
Regards

Adrian Vollmer · Answer 5 · Mon Jan 21 2019 14:55:57 GMT+0800 (China Standard Time)

Thanks for reporting!

Since everybody seems to suddenly have this issue, I'm inclined to believe it has to do with a recent update, maybe to openssl. Can everybody please include their output of openssl version and python3 --version as well as the name of the linux distribution you are using?

Tijl Deneut · Answer 6 · Mon Jan 21 2019 20:30:23 GMT+0800 (China Standard Time)

Hi,

openssl version

OpenSSL 1.1.1a 20 Nov 2018

python3 --version

Python 3.6.8
I am on Kali Rolling

Seems to have something to do with the way the connection closes (Windows creates several client connections and terminates some of them before continuing. The way this happens messes up you workers I think….

Adrian Vollmer · Answer 7 · Wed Jan 23 2019 22:25:28 GMT+0800 (China Standard Time)

I'm having this issue right now as well. Versions are the same as @tijldeneut as I am also using the latest Kali

Tijl Deneut · Answer 8 · Wed Jan 23 2019 22:45:58 GMT+0800 (China Standard Time)

I tried it on Debian 7, 8 and 9 with exactly the same results...

ospf10 · Answer 9 · Thu Jan 24 2019 07:17:54 GMT+0800 (China Standard Time)

same here.

openssl version

OpenSSL 1.1.1a 20 Nov 2018
python3 --version

Python 3.6.8
I am on Kali Rolling

Adrian Vollmer · Answer 10 · Thu Feb 07 2019 00:23:06 GMT+0800 (China Standard Time)

So I think this is because Kali recently got an OpenSSL version where RC4 is not compiled in. For a reason which I forgot right now, I decided to prefer RC4 is the server supports it. I think the attack worked better that way in some cases.

The latest commit introduces a check first whether the local openssl version supports RC4

Chris Farrell · Answer 11 · Thu Feb 07 2019 02:12:38 GMT+0800 (China Standard Time)

Cool! Thanks so much for looking into this. I'll give the update a test when I have a chance.