Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: scan for RDP

From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Tue, 20 Mar 2012 10:23:56 +1100
Polloxx,

I leveraged the IIS banner grabbed by Shodan to correlate RDP to
Microsoft Small Business Server based on the
inurl:/Remote/logon.aspx?ReturnUrl=/Remote/Default.aspx (with and
without quotation marks) search query.

The Maltego Graph is available from
http://cmlh.id.au/post/19595166120/rdp-sbs if you are interested in
this alternate approach?

On Tue, Mar 20, 2012 at 2:53 AM, polloxx <polloxx () gmail com> wrote:

I would like to write an NSE script to find all Windows servers
running RDP on non-default ports on my network.
I know I can find the Version of a service by running the -sV option in nmap.
So I want to scan my IP block on all ports and find IP's where there's
a service with version "Microsoft Terminal Service".

Is there any existing useful for that? Any other advice?



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: