Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Terminal Services

from [Ola] Network Security [Permanent Link]
Subject: RE: Terminal Services
Date: Sun, 13 Mar 2005 09:08:40 -0700 
Gentlemen,

You can use a tool called TSGrinder to brute force a terminal server using a
dictionary password for the administrator account. I have been playing
around with this tool this weekend and it really rocks. You will find
detailed information from the hammerofgod site:
http://www.hammerofgod.com/download.htm

TSGringer is a "dictionary" based attack tool, but it does have some
interesting features like "l337" conversion, and supports multiple attack
windows from a single dictionary file.  It supports multiple password
attempts in the same connection, and allows you to specify how many times to
try a username/password combination within a particular connection. 
Note that the tool requires the Microsoft Simulated Terminal Server Client
tool, "roboclient," which may be found here:
ftp://ftp.microsoft.com/ResKit/win2000/roboclient.zip

Hope this helps.
Kind regards
Ola  

-----Original Message-----
From: John the Kiwi [mailto:kiwi@kiwicomputing.com] 
Sent: March 11, 2005 3:30 PM
To: AEHeald
Cc: pen-test@securityfocus.com
Subject: Re: Terminal Services

I don't use any tools for RDP testing. I have thought about writing a
perl script to try and brute force with rdesktop, but thinking about it
is all I have done.

I consider the RDP Protocol to be pretty reliable and secure, there are
some things you can do to obfuscate it.

I normally change the default RDP Port that the server listens on.
There's a registry entry you can change the port 3389 to something else,
I don't have a link handy but you can probably do a search for 3389 in
the registry.

This has the added benefit of allowing you to publish as many
workstations (XP Professional anyway) behind your NAT as your router
will let you forward ports for. It's not bullet proof, but it defeats
random scans.

I've also heard you can use ZeBeDee - http://www.winton.org.uk/zebedee/
to add an extra layer of encryption on a different port. I've never had
a customer request it and it adds a lot of complexity for the user but
the example usage I saw made setting it up look pretty straight forward.

John the Kiwi

On Thu, 2005-03-10 at 17:13 -0500, AEHeald wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings, group!

I am de-lurking to inquire if anyone has some pointers on Microsoft
Terminal Services.  I'm testing a client who allows 3389 into their
terminal server for the Remote Desktop Client.

Other than the Bad Thing of allowing inbound traffic onto their LAN,
I'm trying to hunt down ways to enter all the way in.  I have seen
TSCrack referenced, but the program is nowhere to be found.

Any suggestions gratefully received.

Eigen


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBQjDGeQGhZ4M3hyK+EQIh2QCg8y1LWs/oc4B303gBM5CLAD0BG4QAoJ+A
QyWBGr7piv9nmNmHjFIUuRVi
=xKXQ
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nessus against Novell file servers., John Thomas
Next by Date:  Pen Testing capabilities of Flash Files, roger . franks
Previous by Thread:  Re: Terminal Services, John the Kiwi
Next by Thread:  RE: Terminal Services, Mark Woan
Indexes:  [Date] [Thread] [Top] [All Lists]