From 793ddfcf59df6c38ae20122073af7c9c0590fcc0 Mon Sep 17 00:00:00 2001 From: aschumann-virtualcable Date: Wed, 21 Jan 2026 13:30:59 +0100 Subject: [PATCH] Adds password as argument for Thincast RDP launch Updates the logic for launching Thincast to pass the password as a command-line argument instead of writing it unencrypted to the RDP file. Improves security by avoiding plaintext password storage and ensures compatibility with Thincast's CLI options. Adjusts debug logging accordingly. --- .../transports/RDP/scripts/macosx/direct.py | 29 ++++++++++++++----- .../RDP/scripts/macosx/direct.py.signature | 2 +- .../transports/RDP/scripts/macosx/tunnel.py | 12 ++++++-- .../RDP/scripts/macosx/tunnel.py.signature | 2 +- 4 files changed, 33 insertions(+), 12 deletions(-) diff --git a/server/src/uds/transports/RDP/scripts/macosx/direct.py b/server/src/uds/transports/RDP/scripts/macosx/direct.py index 43a1a55de..178befcd1 100644 --- a/server/src/uds/transports/RDP/scripts/macosx/direct.py +++ b/server/src/uds/transports/RDP/scripts/macosx/direct.py @@ -170,10 +170,10 @@ def fix_resolution() -> typing.List[str]: # filename_handle.close() # add to file the password without encryption (Thincast will encrypt it) - filename_handle = open(filename, 'a') # type: ignore - if sp.get('password', ''): # type: ignore - filename_handle.write(f'password 51:b:{sp["password"]}\n') # type: ignore - filename_handle.close() + # filename_handle = open(filename, 'a') # type: ignore + # if sp.get('password', ''): # type: ignore + # filename_handle.write(f'password 51:b:{sp["password"]}\n') # type: ignore + # filename_handle.close() # Rename as .rdp, so open recognizes it shutil.move(filename, filename + '.rdp') # type: ignore @@ -181,9 +181,17 @@ def fix_resolution() -> typing.List[str]: 'open', '-a', executable, - filename + '.rdp', # type: ignore ] - logger.debug('Opening Thincast with RDP file with params: %s', ' '.join(params)) # type: ignore + + if sp.get('password', ''): # type: ignore + params.append('--args') # type: ignore + params.append('/p:{}'.format(sp['password'])) # type: ignore + else: + logger.debug('No password provided for Thincast RDP file') + + params.append(filename + '.rdp') # type: ignore + + # logger.debug('Opening Thincast with RDP file with params: %s', ' '.join(params)) # type: ignore tools.addTaskToWait( # type: ignore subprocess.Popen(params) # type: ignore ) @@ -196,14 +204,19 @@ def fix_resolution() -> typing.List[str]: except Exception as e: xfparms = list(map(lambda x: x.replace('#WIDTH#', '1400').replace('#HEIGHT#', '800'), sp['as_new_xfreerdp_params'])) # type: ignore - params = [ # type: ignore + params = [ # type: ignore 'open', '-a', executable, '--args', ] + [os.path.expandvars(i) for i in xfparms + ['/v:{}'.format(sp['address'])]] # type: ignore + + # Add password argument if present + if sp.get('password', ''): # type: ignore + params.append('/p:{}'.format(sp['password'])) # type: ignore + #logger.debug('Executing: %s', ' '.join(params)) - subprocess.Popen(params) # type: ignore + subprocess.Popen(params) # type: ignore else: # for now, both xfreerdp or udsrdp # Fix resolution... try: diff --git a/server/src/uds/transports/RDP/scripts/macosx/direct.py.signature b/server/src/uds/transports/RDP/scripts/macosx/direct.py.signature index 8caa7a87b..ff084df1f 100644 --- a/server/src/uds/transports/RDP/scripts/macosx/direct.py.signature +++ b/server/src/uds/transports/RDP/scripts/macosx/direct.py.signature @@ -1 +1 @@ -rP6Eur9PlTONUNLjIRAVL/CdtT7ATNYC8l0AzvU57tqyFDFa/C8nNyq3Aaepf+SSYaYzxg9TnWUge8jpcnM20ERV6H2IA2aN3Hrg0+q76OPNlH1UmygyT1+UxxccPemnGAcVVnBXOHwONHvpE8FqdOFZn6P2CWWojOLUMB2yj/kO0l+bZDmDRlihg5sIpSd4Wkt4ezyz9j7Cjsz6JuFDQjVdaIDEFeGcqfEJIDKlpIY6GJgJYbGMx0C0uayNtQlFO653EcS7mnXhlIQwGg4YJl3fjKksjDWL2H65MsddRvZubIIrBU6jQnIj2W+gl1/xT8mRom48SogBJWzjzjT/X7sN6QRfvKCMfLwhfqHw7p0MYVV1Tcpjzn1sFMyrR4zPXGaH80+2hn9yf2HGVb6QVmir0x0VKRy0eQAEqYtb3TeMU0lmXShkuSogiOfdpqd65NKpboUuv/cVttpa8qzZhroBQXyufSEi1gmVTc6tp2PeQIXFZLrL6SOP263HXOWPirmIuLri8k3qK2L4BiuD7ZTiwursqCytoFjBCVpWPhnI3c6Q81WpzESBs6E8Kyvanr/jMX4T95i9m/kZBdLELLA7uj2dTaxsdUHJrs1fO7/hMGdgxdmWzXwXJX9VzJ+ZyF69KP0w4oZd+bazxFK0aaHqttxS2ZjATJ5rlOARtzs= \ No newline at end of file +s37W+aeOwsd7FJGBWiP+7h1L16108PhPWYTuEFq5pn3EtN9hBp1yD/Yrnz0HB1WNCS5URA3ev+fx2ojLHFdR4dABUmXMB0+yBKnql/5FoAgme5DsmEsZzV8BE1Z1BhluC6E9WiJSdIRDPkEmITyRB0H7d9n11tzRzCxX5/o2m2Bx4dYBdjfsE2NeMwk+MXw5/Y4MZfoVgCnCpmMBKB0MzGRBkFeqYaGpsf9ow9cM4pwb22J2w095KHCebCMojKO5+sD8rrQuL+coDPw+anb9a/RRPMI2oZsKrZJiYeoZY57cuO2uJIg/eeBYy1TttdHFK/kqi6ngs8bNXI79qTWdTkfKtC3aUCmd55XiZx/PbgOliVmF9jiT377AGGrSI/A2uW+8yuc/eOl0ALEtnKxQgFPHbY1FXSsvAiybsadQPStncAWc/c8rt4ficqQZdF3yfhN6Jp4npw/4Ge1GEXrJOkXDu/EtBLSi7lolqt0iNWNKHXjqwZTWaRJ6NuWnR8goTgR0CAfVLfom/+7E1iDf7JpIhnAwIIIPbGh41pd2SpL7ysy0vjQhhwjCmnW8HGJ1oF0qAf3LZy0LVV9r61pCEFNCQBDtHNvZLr3lwX7x614lifm+ZkNAY56ishUmYT8jNpcBIloAEfkbRQO3Pju4EhHL8Ch5gnUOmQ+S9D04P8o= \ No newline at end of file diff --git a/server/src/uds/transports/RDP/scripts/macosx/tunnel.py b/server/src/uds/transports/RDP/scripts/macosx/tunnel.py index a3c317a3e..03196b25e 100644 --- a/server/src/uds/transports/RDP/scripts/macosx/tunnel.py +++ b/server/src/uds/transports/RDP/scripts/macosx/tunnel.py @@ -184,9 +184,17 @@ def fix_resolution() -> typing.List[str]: 'open', '-a', executable, - filename + '.rdp', # type: ignore ] - logger.debug('Opening Thincast with RDP file with params: %s', ' '.join(params)) # type: ignore + + if sp.get('password', ''): # type: ignore + params.append('--args') # type: ignore + params.append('/p:{}'.format(sp['password'])) # type: ignore + else: + logger.debug('No password provided for Thincast RDP file') + + params.append(filename + '.rdp') # type: ignore + + #logger.debug('Opening Thincast with RDP file with params: %s', ' '.join(params)) # type: ignore tools.addTaskToWait( # type: ignore subprocess.Popen(params) # type: ignore ) diff --git a/server/src/uds/transports/RDP/scripts/macosx/tunnel.py.signature b/server/src/uds/transports/RDP/scripts/macosx/tunnel.py.signature index 5903d896b..25f7aa15d 100644 --- a/server/src/uds/transports/RDP/scripts/macosx/tunnel.py.signature +++ b/server/src/uds/transports/RDP/scripts/macosx/tunnel.py.signature @@ -1 +1 @@ -NKfVtsTQWErfjpdrXd7qGLp6c0ScKMcbj4o5QTDAfQfDEuuj1/Qcg9gx+1NCyIF0hxy9ZIKbvwaYBYu9rARxz3XYsidxpgsnhZPyshdPN236M+zRo9SBFY3Ug0aNBZSewSZ6MSfrCZkMUW0NJOOpGu41KQNUVE5+DciC618rMoD0V//zJhz4SFy7dscjLg8cm69KNS6jC1trJkX7Ep19TF5DG6s0P9lQGaMLSj2UYTsF5gaZZY1jwZcCSw0QGrXon/mxR4i/t3BiARekyUB/ygM5DfzG5BMnQIMtLPNZu89vdJ+vAU5bUq1MrQjpAI3dzhdJwiUWTSVbQ3rHAoQHyBL4yE8bvuLIB0sUD5Jqd3EkTlVBJ0mmo1dHJZj0dzbXd5cHDlK+0Ms+vDSm/Qw8rqKatSBZlavcdQ+ScIEHlj0bEf6teKD3VsMUKFDxpdIBivkSz0KIZW+HXQiiFprdeN5tnAVj8ItlxFZlItNw3Zz6CrNqHpfSdyW0uzmuN3mD1iyQhkW6+JzWC+G9hmMY9X7eFv/xzwXQHUiB8rrt5QK7PJHlK1uRC2MFQRg7s83bYeZBEhAynuyjwLAT6mo+RsINgqF3hkNUHfh7E4IvK09ynl5Dnv3ypAfYKGvlWbpH8Moo+Pp45r+8sQPa83br9+y52I8JxDxqkdHLrzmXqc4= \ No newline at end of file +hFkzy2kQewVgPgamVcsimwQxyaVESVj9qZsZWUNLcXX8tjaSGpacSB24ZxC8EaICbIz0NBGu7x/6wVIIQCCcOcIdAyzS8I6kTZZMPMisPT1dI8SOkq/NgqHwXwFxGxE/LMW6V7F1yPZK55o1z94nqz3unGmFv9FD25SXYqZedSdOLiHuWoUwkb84mqbR8qbTnFlsghBBKuhnWC0eAuoSatgpaNceR7scQ5yB3NzXdGnU8CMWU5IpJ4E96mhAugHEIioxXAunOmBLvsvWPEjGc9RLQPli9nX2yX2UpIvVeIRtYh1KAG1DQF0M00L76RBJOEvfkgziSkQMelRiC+CxpnrOY3TXZNQwObwMZy+7n2a4pQdOq+YCHFOReGmCZaswtupYL+so2pnI9D5ZBztFt/ORaPn8G+krV94HFAOTMY/7MTJLYtZabKyUdaneLxApKjCBYvP2qilhpEwJINuO1RvOJqYh/++M59hkiu0FQHuvU68s7t9Flj9l5eNb6wEpC0imslaKYisHPwjLlNpVSchixvIouyiw5XUFeRRU545I6wYiFKDC9Vx84o20iVQ94KF97Xm+Eze++M2f9/qFUS5dACQUIqBTpZe9EF3UGc3tMBf3td/k3J8sP3p+eVKMBird0h1cr9kCDjYPv7BXGDdusszAOucR2ew7RVSdKnc= \ No newline at end of file