Nmap Development mailing list archives
Re: Cannot forward RDP using ncat
From: David Fifield <david () bamsoftware com>
Date: Wed, 7 Jul 2010 11:26:12 -0600
On Tue, Jun 29, 2010 at 07:30:11PM -0400, Green Natalie wrote:
Hello, I have found that I cannot redirect RDP (mstsc.exe) connections to another Microsoft host. After turning off Remote Desktop Protocol on my own host so that ncat can accept the session redirect handling, I run the following on my host: ncat --sh-exec "ncat target1 3389" -l 3389 Where "target1" is the host that I want my RDP session to get forwarded to. I then open mstsc.exe, type in my own hostname, I disable "Bitmap Caching", and try to connect. Only twice out of about ten attempts did I get an RDP screen, but I never got anything but a black screen; I should have gotten a login screen. I researched this but found nothing. When running it in debug mode ("-vvv") here's how it looks after starting ncat, and after an RDP connection attempt is made through it: C:\>ncat -vvv -l 3389 --sh-exec "ncat target1:3389" Ncat: Version 5.21 ( http://nmap.org/ncat ) Ncat: Listening on 0.0.0.0:3389 NCAT DEBUG: Initialized fdlist with 102 maxfds NCAT DEBUG: Added fd 1932 to list, nfds 1, maxfd 1932 NCAT DEBUG: Added fd 0 to list, nfds 2, maxfd 1932 NCAT DEBUG: Initialized fdlist with 100 maxfds NCAT DEBUG: selecting, fdmax 1932 NCAT DEBUG: select returned 1 fds ready NCAT DEBUG: fd 1932 is ready Ncat: Connection from source1. NCAT DEBUG: Executing: C:\WINDOWS\system32\cmd.exe /C ncat target1:3389 NCAT DEBUG: Creating named pipe "\\.\pipe\ncat-0" NCAT DEBUG: Register subprocess 0000074C at index 0. NCAT DEBUG: selecting, fdmax 1932 NCAT DEBUG: Subprocess ended with exit code 259. NCAT DEBUG: Unregister subprocess 0000074C from index 0. NCAT DEBUG: Terminating subprocesses NCAT DEBUG: max_index 1 NCAT DEBUG: Terminating subprocesses NCAT DEBUG: max_index 1 Do you have any thoughts on this? Is there something I'm missing, or is this not possible to do to RDP? Thanks in advance!
Thanks for this good report. Please try version 5.30BETA1. I think this is already fixed as described in this thread: http://seclists.org/nmap-dev/2010/q1/731. The clue was the "exit code 259". David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Cannot forward RDP using ncat David Fifield (Jul 07)
- RE: Cannot forward RDP using ncat Green Natalie (Jul 09)