.

Attack Vector for RDP

<<

24772433

User avatar

Newbie
Newbie

Posts: 34

Joined: Thu Oct 20, 2011 3:22 pm

Location: UK

Post Sat Mar 16, 2013 7:18 pm

Attack Vector for RDP

OK, to be clear, this is purely hypothetical and only for lab testing.

If a Windows Server only has port 3389 open, given that no remote code exploit for MS12-020 has yet to manifest itself, what are the available attack vectors? Brute force?

Thanks. 
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sat Mar 16, 2013 10:18 pm

Re: Attack Vector for RDP

tsgrinder maybe....ncrack also now supports terminal services cracking.......anybody use these with success ?
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Mar 16, 2013 10:33 pm

Re: Attack Vector for RDP

I usually just try SMB because it's so much faster and uses the same account database. The only time I usually see RDP open when SMB isn't is for jump boxes, and those are usually configured to use multi-factor authentication, so there's no real point in trying a password-guessing attack.

If you can MitM with Cain, it'll try to drop the security level of the RDP session, and if successful, can capture RDP network communications in clear-text.
The day you stop learning is the day you start becoming obsolete.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software