added option to negotiate obsolete ssl ciphers (old windows server)

aardwolf/commons/target.py

@@ -38,10 +38,12 @@ def __init__(
 			domain:str = None, 
 			proxies:List[UniProxyTarget] = None, 
 			protocol:UniProto = UniProto.CLIENT_TCP, 
+			unsafe_ssl:bool = False,
 			dialect:RDPConnectionDialect = RDPConnectionDialect.RDP,
 			dns:str = None):
 		UniTarget.__init__(self, ip, port, protocol, timeout, hostname = hostname, proxies = proxies, domain = domain, dc_ip = dc_ip, dns=dns)
 		self.dialect = dialect
+		self.unsafe_ssl = unsafe_ssl
 		if self.dialect == RDPConnectionDialect.VNC:
 			self.port = 5900
 
@@ -58,6 +60,7 @@ def get_copy(self, ip, port, hostname = None):
 			domain = self.domain, 
 			proxy = copy.deepcopy(self.proxy),
 			protocol = self.protocol,
+			unsafe_ssl = self.unsafe_ssl,
 			dialect = self.dialect,
 			dns=self.dns
 		)

aardwolf/connection.py

@@ -1,5 +1,6 @@
 
 import io
+import ssl
 import copy
 import typing
 import asyncio
@@ -269,7 +270,12 @@ async def connect(self):
 				self.x224_flag = self.x224_connection_reply.flags
 				logger.debug('Server selected protocol: %s' % self.x224_protocol)
 				if SUPP_PROTOCOLS.SSL in self.x224_protocol or SUPP_PROTOCOLS.HYBRID in self.x224_protocol or SUPP_PROTOCOLS.HYBRID_EX in self.x224_protocol:
-					await self.__connection.wrap_ssl()
+					ssl_ctx = ssl.create_default_context()
+					ssl_ctx.check_hostname = False
+					ssl_ctx.verify_mode = ssl.CERT_NONE
+					if self.target.unsafe_ssl: ssl_ctx.set_ciphers('ALL:@SECLEVEL=0')
+
+					await self.__connection.wrap_ssl(ssl_ctx=ssl_ctx)
 
 				# if the server expects HYBRID/HYBRID_EX authentication we do that here
 				# This is basically credSSP