Attack Vector for RDP

This topic contains 2 replies, has 3 voices, and was last updated by  dynamik 6 years, 8 months ago.

  • Author
    Posts
  • #8303
     24772433 
    Participant

    OK, to be clear, this is purely hypothetical and only for lab testing.

    If a Windows Server only has port 3389 open, given that no remote code exploit for MS12-020 has yet to manifest itself, what are the available attack vectors? Brute force?

    Thanks. 

  • #52312
     Dark_Knight 
    Participant

    tsgrinder maybe….ncrack also now supports terminal services cracking…….anybody use these with success ?

  • #52313
     dynamik 
    Participant

    I usually just try SMB because it’s so much faster and uses the same account database. The only time I usually see RDP open when SMB isn’t is for jump boxes, and those are usually configured to use multi-factor authentication, so there’s no real point in trying a password-guessing attack.

    If you can MitM with Cain, it’ll try to drop the security level of the RDP session, and if successful, can capture RDP network communications in clear-text.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?