Terminal Service Brute Force Tool?

Full Version: Terminal Service Brute Force Tool?

GovernmentSecurity.org > System Security > Windows Systems

globey

Jun 7 2005, 08:24 PM

hello people.
i need to check something about users\pass @ Terminal service.
you can give a tool or name of brute force scanner for TS?
i got tscrack, but he dont good for what i need.
someone know another tool?

greetz globey.

Blade

Jun 7 2005, 09:48 PM

TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts.
TSGringer is a "dictionary" based attack tool, but it does have some interesting features like "l337" conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a username/password combination within a particular connection.
Note that the tool requires the Microsoft Simulated Terminal Server Client tool, "roboclient," which may be found here:
ftp://ftp.microsoft.com/ResKit/win2000/roboclient.zip

There are still a couple of bugs we are working out- for instance, we've got a problem with using "l337" conversion with more than 2 threads open. There have also been requests to support standard brute-force-via-character-iteration attacks, and we will get to this when we can. In the meantime, enjoy the tool, and let me know how it works for you.
For those interested in the Blackhat presentation Ryan Russell and I made in Vegas, you can find that here:
http://www.blackhat.com/presentations/bh-u...s-03-mullen.pdf

tsgrinder-2.03

GhostShell

Jun 7 2005, 09:52 PM

hxxp://www.hammerofgod.com/download/tsgrinder-2.03.zip
should work...
but i could never get results with it so i dont think it does the job but hey maybe itsa just me...
anyways this is the only tool i can think of at the moment. hope ya have some luck

(Gh0stSheLL)
ps haha i just posted and noticed the guy above me posted like two minutes before me and lol he said basically the same info...sorry about that...

fulvioo

Jun 7 2005, 10:46 PM

Here is another link:
http://www.governmentsecurity.org/forum/in...?showtopic=8545

QUOTE

11. No requesting Programs...like looking for "brute force program" or a specific tool like "autohaxor elite" etc... Search Google for them !!!!!!!

Jumpi

Jun 8 2005, 01:21 AM

bruteforcing TS is senseless, it is much to slow.

s3ntinel

Jun 8 2005, 02:59 AM

Cain and Abel have a new module to perform a MITM attack against TS/RDP.

Brute forcing is then redundant, and there is no fix for it.

This is also matched by an associated advisroy for TS/RDP from www.oxid.it

http://www.oxid.it/topics.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Terminal Service Brute Force Tool? GovernmentSecurity.org > System Security > Windows Systems globey Jun 7 2005, 08:24 PM hello people. i need to check something about users\pass @ Terminal service. you can give a tool or name of brute force scanner for TS? i got tscrack, but he dont good for what i need. someone know another tool? greetz globey. Blade Jun 7 2005, 09:48 PM TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts. TSGringer is a "dictionary" based attack tool, but it does have some interesting features like "l337" conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a username/password combination within a particular connection. Note that the tool requires the Microsoft Simulated Terminal Server Client tool, "roboclient," which may be found here: ftp://ftp.microsoft.com/ResKit/win2000/roboclient.zip There are still a couple of bugs we are working out- for instance, we've got a problem with using "l337" conversion with more than 2 threads open. There have also been requests to support standard brute-force-via-character-iteration attacks, and we will get to this when we can. In the meantime, enjoy the tool, and let me know how it works for you. For those interested in the Blackhat presentation Ryan Russell and I made in Vegas, you can find that here: http://www.blackhat.com/presentations/bh-u...s-03-mullen.pdf tsgrinder-2.03 GhostShell Jun 7 2005, 09:52 PM hxxp://www.hammerofgod.com/download/tsgrinder-2.03.zip should work... but i could never get results with it so i dont think it does the job but hey maybe itsa just me... anyways this is the only tool i can think of at the moment. hope ya have some luck (Gh0stSheLL) ps haha i just posted and noticed the guy above me posted like two minutes before me and lol he said basically the same info...sorry about that... fulvioo Jun 7 2005, 10:46 PM Here is another link: http://www.governmentsecurity.org/forum/in...?showtopic=8545 QUOTE 11. No requesting Programs...like looking for "brute force program" or a specific tool like "autohaxor elite" etc... Search Google for them !!!!!!! Jumpi Jun 8 2005, 01:21 AM bruteforcing TS is senseless, it is much to slow. s3ntinel Jun 8 2005, 02:59 AM Cain and Abel have a new module to perform a MITM attack against TS/RDP. Brute forcing is then redundant, and there is no fix for it. This is also matched by an associated advisroy for TS/RDP from www.oxid.it http://www.oxid.it/topics.html This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.