Hack Tool Repository

Categories Platforms Tools List Links News

By Name | By Date | By Popularity

By Name | By Date | By Popularity | Platform overview

By Name | By Date | By Popularity | By Rating

By Name | By Date | By Popularity | By Category

By Group | By Name | By Date | By Popularity

By Date | By Popularity

rdp-brute-force

Web	www.hacktoolrepository.com

rdp-brute-force

The following patch to rdesktop adds the ability to perform brute-force password guessing against Microsoft Terminal Servers. This functionality was initially based off of a patch found at cqure.net. However, significant modifications were made to allow testing against Windows 2000 and detection of error messages beyond simple pass/fail. The following is a brief summary of the included changes:

Fixed segfault with original cqure.net patch when no dictionary file was supplied.
Enhanced success detection. The cqure.net patch basically starts a connection, sends login info and immediately checks to see if we've successfully authenticated. It seems that about 50% of the time it does this check mid-auth and incorrectly assumes we've failed to authenticate.
Basic OS detection (2K vs 2K3/XP).
Basic error message detection (password expired, account locked, etc.).
Modified rdesktop to support basic Windows 2000 brute-forcing. Unfortunately, unlike XP/2003, you can't just send the password in the initial RDP packet. I've modified Rdesktop to look for the W2K logon screen and then send the password via key presses/releases. Kinda kludgy, but seems to work. Matching errors such as 'Not permitted to logon due to policy' when testing 2000 is not as good as 2K3/XP. Of course, NetBIOS is typically open on 2K, so don't use RDP for brute-forcing. MEDUSA is your friend.

Site:	http://www.foofus.net/~jmk/rdesktop.html
Source URL:	files/Passwords/rdp-brute-force/rdp-brute-force-r806.diff
Category:	Passwords
Hits:	12704
Rating:	10
Added:	2007-11-10 17:41:23
Updated:	2010-06-06 14:11:48

Tested on:

Fedora Core	install.sh
	10
	11
OpenSUSE	install.sh
	10
	11
Ubuntu	install.sh
	7.10
	8.10
	9.10

Comments:

cqures patch to rdesktop works, but segfaults at the end. So I use this one as an alternative to TSGrinder on Linux.

Download rdesktop and untar it. Download the patch and run the command:
patch -p0 < rdp-brute-force-r805.diff
Change to the rdesktop directory and configure && make && make install. Use the following command to run a brute force on the rdp host:
rdesktop -u administrator -p passwords.txt 192.168.0.100

by marc at 2007-12-20 22:17:21