@@ -168,26 +168,24 @@ def create_conn_obj(self):
168168
169169 async def check_nla (self ):
170170 self .logger .debug (f"Checking NLA for { self .host } )
171- # Test protocols in order: SSL first, then pure RDP for legacy servers
172- for proto in self .protoflags_nla :
173- try :
174- self .iosettings .supported_protocols = proto
175- self .conn = RDPConnection (
176- iosettings = self .iosettings ,
177- target = self .target ,
178- credentials = None ,
179- )
180- packetizer = TPKTPacketizer ()
181- client = UniClient (self .target , packetizer )
182- self .conn ._connection = await asyncio .wait_for (client .connect (), timeout = self .args .rdp_timeout )
183- self .conn ._x224net = X224Network (self .conn ._connection )
184- _ , err = await asyncio .wait_for (self .conn ._x224net .client_negotiate (0 , proto ), timeout = self .args .rdp_timeout )
185- # If no error, RDP or SSL is supported so no NLA
186- if err is None :
187- self .nla = False
188- return
189- except Exception :
190- pass
171+ try :
172+ self .iosettings .supported_protocols = SUPP_PROTOCOLS .SSL
173+ self .conn = RDPConnection (
174+ iosettings = self .iosettings ,
175+ target = self .target ,
176+ credentials = None ,
177+ )
178+ packetizer = TPKTPacketizer ()
179+ client = UniClient (self .target , packetizer )
180+ self .conn ._connection = await asyncio .wait_for (client .connect (), timeout = self .args .rdp_timeout )
181+ self .conn ._x224net = X224Network (self .conn ._connection )
182+ _ , err = await asyncio .wait_for (self .conn ._x224net .client_negotiate (0 , SUPP_PROTOCOLS .SSL ), timeout = self .args .rdp_timeout )
183+ # If no error SSL supported if SSL_NOT_ALLOWED_BY_SERVER error, plain RDP supported
184+ if err is None or "SSL_NOT_ALLOWED_BY_SERVER" in str (err ):
185+ self .nla = False
186+ return
187+ except Exception :
188+ pass
191189
192190 async def connect_rdp (self ):
193191 _ , err = await asyncio .wait_for (self .conn .connect (), timeout = self .args .rdp_timeout )
0 commit comments