Nmap Development mailing list archives
Status Report #11 of 15
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Tue, 13 Jul 2010 04:45:27 +0300
Hello nmap-dev folks. The focus of this week was the dissection of the Remote Desktop Protocol and the creation of the RDP module for Ncrack. RDP has proven to be quite complex and requires a lot of work even with the help of the rdesktop source code as a general guideline. As you can see in Microsoft's official specs http://msdn.microsoft.com/en-us/library/cc240452%28v=PROT.10%29.aspx there are quite a lot of packets involved in RDP negotiation. In addition, it seems there are many fields in the packet headers and PDUs that are quite ambiguous with regard to their actual importance and meaning. There is also a newer version of RDP (version 5) which has some differences with the older version 4. Unfortunately, a wireshark RDP dissector doesn't exist yet: http://wiki.wireshark.org/RDP Accomplishments: * Coded and tested a large part of the RDP module. * Studied a thesis on reverse-engineering RDP: http://efod.se/media/thesis.pdf * Found a copy of rdpproxy, which is a tool for conducting a MITM attack against an RDP session. This will prove very valuable in watching the decrypted network data exchanged even after the encryption phase. Priorities: * Continue working on RDP module. Regards, ithilgore -- http://sock-raw.org http://twitter.com/ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Status Report #11 of 15 ithilgore (Jul 12)
- <Possible follow-ups>
- status report #11 of 15 kirubakaran S (Jul 13)