Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request for Ncrack/NSE

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 30 Mar 2010 23:08:33 +0200

On 30 mar 2010, at 23.02, Brandon Enright wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 30 Mar 2010 15:58:02 -0500
Ron <ron () skullsecurity net> wrote:


Apparently, nobody has a good program to crack passwords for rdp yet
(port 3389) -- there are patches for the "rdesktop" program, and a
Windows tool called tsgrinder, but both are slow/unreliable. 

Anybody feel like researching the protocol and writing a tool? 




Having been on the receiving side of some serious mass RDP pwnage, I
know good tools exist in the underground.  I have wanted to audit our
machines for weak passwords via RDP but haven't been able to.  I did
some research about a year back and it was my understanding that there
was no protocol code that tells you if you log in successfully.  Unless
somebody has figured something out recently I think you must validate
successful login via image analysis.  That is, does it *look* like you
logged in.


This was the same conclusion that I came to back in the days when I released this:
http://www.cqure.net/wp/rdesktop-patches/

The patches kind of suck, but at the time it outperformed tsgrinder at least.



I know on at least one of our boxes we found a RDP scanning tool.  If I
can think of where I put that binary I'll send it along.

If you do find it, I would much appreciate a copy to.



Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkuyZwMACgkQqaGPzAsl94LOSACfVNIUzqbMRxobGkWuShu9+4Rq
cWIAnAv12sSgIv1F2D3ZbmX0zFTnijmk
=yYFV
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: