Capturing RDP Screenshots with EyeWitness in 2023
I recently needed to get remote RDP screenshots from older Windows machines. In the past, EyeWitness worked perfectly. In 2023, not so much.
EyeWitness dropped support for RDP in 2019 and seems to only support web screenshots.
Scrying was built specifically to replace this functionality. However, scrying does not support “plain RDP” mode and throws the following error: error: RDP error: RdpError(RdpError { kind: ProtocolNegFailure, message: "Error during negotiation step" })
It’s possible to install an older version of EyeWitness on an Ubuntu 18.04 running Python 2. Dependencies can be manually installed.
Installation
First, install a clean Ubuntu 18.04 VM. Note that this could also be done in a container, but an X server is required.
Install the required apt packages.
1sudo apt update
2sudo apt install git python2.7 python2.7-dev libffi-dev libssl-dev python-qt4 pyqt4-dev-tools qt4-designer libcanberra-gtk-module
Run the EyeWitness installer and download phantomjs.
1wget https://github.com/FortyNorthSecurity/EyeWitness/archive/refs/tags/2.0.tar.gz
2tar xf 2.0.tar.gz
3cd EyeWitness-2.0/setup/
4sudo ./setup.sh
5
6wget --no-check-certificate http://www.christophertruncer.com/InstallMe/phantomjs
7chmod +x phantomjs
Set up and install PyQT4 and SIP (note: this will break apt).
1sudo apt purge sip-dev python-sip-dev
2wget 'http://archive.ubuntu.com/ubuntu/pool/universe/s/sip4/sip-dev_4.19.21+dfsg-1build1_amd64.deb'
3wget 'http://archive.ubuntu.com/ubuntu/pool/universe/s/sip4/python-sip_4.19.21+dfsg-1build1_amd64.deb'
4sudo dpkg -i 'sip-dev_4.19.21+dfsg-1build1_amd64.deb'
5sudo dpkg --force-all -i 'python-sip_4.19.21+dfsg-1build1_amd64.deb'
6
7wget https://www.riverbankcomputing.com/static/Downloads/sip/4.19.25/sip-4.19.25.tar.gz
8tar xf sip-4.19.25.tar.gz
9cd sip-4.19.25
10python configure.py --sip-module PyQt4.sip --no-dist-info --no-tools
11make
12sudo make install
13cd ../
14
15wget https://www.riverbankcomputing.com/static/Downloads/PyQt4/4.12.3/PyQt4_gpl_x11-4.12.3.tar.gz
16tar xf PyQt4_gpl_x11-4.12.3.tar.gz
17cd PyQt4_gpl_x11-4.12.3
18python configure.py
19make
20sudo make install
21cd ../
Downgrade some Pip packages.
1sudo pip install cryptography==2.7
2sudo pip install rsa==3.3
3sudo pip install pyvirtualdisplay==0.2.5
4sudo pip install easyprocess==0.2
5sudo pip install pyopenssl==17.5.0
6sudo pip install pathlib
7sudo pip install twisted
Install the RDP library.
1git clone https://github.com/ChrisTruncer/rdpy
2cd rdpy
3sudo python setup.py install
4cd ../../
And finally, run it!
1python EyeWitness.py --rdp -f hosts.txt