Hi,


I noticed that many many computers got the port 3389 opened ... but is there any exploit that allows us to get a shell ?

It would be great, 'coz its kinda long for trying each one of the results with the Terminal Service Manager from Microshit


any exploit ?

thx

3389 is the mysql port isnt it? but i never saw a working exploit for mysql.... :/

Hmm no, its not mysql.... it is the port used for sharing access to a computer... like pcanywhere does

this is terminal services port which is installed by default on XP machines,
jsut not always able to connect over the net, it is used to switch yer users
sessions without closing'em...

yeah this is remote desktop connection port on windows and if you wanna exploit it you could always try a remote desktop connection to it heh and see if it has no pass or not

POrt 3389 = Terminal Services
By Default on Windows XP
To Install on Windows 2000 server

You can use Tscrack to scan and try password ( as an Ipcscan scanner )
But after some logon tentatives you're kicked. And more If admin configured in Domain security Strategie to make a windows before the login, tscrack doesn't work.
In consequence I think it s difficult to build a performant tool. It s only interesting to use Terminal services when you have already the admin password.

Windows Terminal services is NOT enabled by default on either XP or 2000.

Other than tsgrind / tscrack i'm not aware of any "remote exploit".

Both tsgrind and trcrack arn't very usefull unless youve manages to get a list of users from the machine - and they are *very* slow.

I don't think there is an exploit for terminal services. And thats good, otherwise 20% of all comps would be vulnerable.

But it can be very helpfull when this port is open! If you can have a shell through an exploit or mssql or...., just add a user in shell and login through TS 3389 with your new account:

net user <username> <password> /add
net localgroup administrators <username> /add

Or you can download the password hashes of existing accounts with Pwdump3 and crack them at your home with Lopht crack.

Or you can use TsGrinder to brute-force accounts with your wordlist.

You Need An Account from Remote Host to Connect to Terminal Services(Remote Desktop) on port 3389
MSTSC.exe is Remote Desktop Connection Viewer
so u must have an Administrator Account ro Access Remote Host
u can Crack Sam file , or Add new user with Net Commands And put in on Administrators Group


My English SuX:D

1433 is sql if i'm right

yeah you`re right

i have seen some dated DoS expolits but thats all..

hmm nice you can always post it here so we can check hehe

There is an exploit for it (Windows Terminal Services Exploit). Heared about it 4/5 weeks back. Never saw any code for it

There is a couple brute forcers out there 4 it, tsgrinder, got a full version, but no axx to start a thread or file downloads, so you will have to search google 4 it ;)

nope

So if I add an account with admin access I can just remote to that port and login?