Attack Vector for RDP

EH-Net

May 25, 2013, 03:12:59 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Go back to The Ethical Hacker Network Online Magazine Home Page

Home

Help

Calendar

EH-Net > Ethical Hacking Discussions and Related Certifications > Network Pen Testing (Moderator: don) > Attack Vector for RDP

Pages: [1] Go Down

« previous next »

	Author	Topic: Attack Vector for RDP (Read 611 times)
0 Members and 1 Guest are viewing this topic.

24772433

Newbie

Offline

Posts: 33

Attack Vector for RDP

« on: March 16, 2013, 07:18:04 PM »

OK, to be clear, this is purely hypothetical and only for lab testing.

If a Windows Server only has port 3389 open, given that no remote code exploit for MS12-020 has yet to manifest itself, what are the available attack vectors? Brute force?

Thanks.


	Logged

Dark_Knight

Sr. Member

Offline

Posts: 292

Re: Attack Vector for RDP

« Reply #1 on: March 16, 2013, 10:18:05 PM »

tsgrinder maybe....ncrack also now supports terminal services cracking.......anybody use these with success ?


	Logged

CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com

ajohnson

Recruiters
Hero Member

Offline

Posts: 1060

aka dynamik

Re: Attack Vector for RDP

« Reply #2 on: March 16, 2013, 10:33:43 PM »

I usually just try SMB because it's so much faster and uses the same account database. The only time I usually see RDP open when SMB isn't is for jump boxes, and those are usually configured to use multi-factor authentication, so there's no real point in trying a password-guessing attack.

If you can MitM with Cain, it'll try to drop the security level of the RDP session, and if successful, can capture RDP network communications in clear-text.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

Pages: [1] Go Up

« previous next »

Jump to:

Page created in 0.087 seconds with 19 queries.