Full Version: Terminal Hacking Windows Systems
Anybody in here who could give me some information about "terminal hacking windows systems" on port 3389 on a lan?
try a null session to get the pass ...
try to scan it with any nt password scanner ...
ipcscan
ntscan ...
or
Tscrack ...
there is some topics which speaking of the teminal exploits ...
like enables them for exemple ...
pleX
try to scan it with any nt password scanner ...
ipcscan
ntscan ...
or
Tscrack ...
there is some topics which speaking of the teminal exploits ...
like enables them for exemple ...
pleX
| QUOTE (PL3X59 @ Feb 13 2004, 02:23 PM) |
| try a null session to get the pass ... |
He asked for port 3389 attacks
- anyways the "TSCrack" part of your reply is right 
the other answers are okay too..because if you find an adminaccount with ipcscan or ntscan, you can also log in at the terminal server with that account :->
note that u cant log in with an account with null password 
tscrack is your best bet
i dont think Remote Desktop has any exploit till now , maybe after the leak of the source code , something appears 
| QUOTE (demesmaeker @ Feb 13 2004, 11:33 PM) |
| the other answers are okay too..because if you find an adminaccount with ipcscan or ntscan, you can also log in at the terminal server with that account :-> |
Wrong. It was specifically asked for a port 3389 based attack. Anyway, good try
ay) TSgrind and Tscrack are your best bets. Personally i have had little luck with bruteforcing RDP, especially with no prior information od usernames (By SMB enumeration for example).
be) Account restriction on null passwords are usually set on Windows XP (not sure bout 2003, but it makes sense). XP supports only one terminal session, which forces the active user to lock out - so it's not that great.
be) Account restriction on null passwords are usually set on Windows XP (not sure bout 2003, but it makes sense). XP supports only one terminal session, which forces the active user to lock out - so it's not that great.
How about using HyperTerminal?
I mean using a Telephone Number istead of IP !
I mean using a Telephone Number istead of IP !
s54
TS are on NT system ...
maybe null session is possible.
but TSCRACK is not very fast ...
you can also try nt scan with 3389port :-p
boshcash,
null password is possible on 2K servers
like administrator / [/null]
Terminal services ....... So goodd
lol
french PL3X ;-)
TS are on NT system ...
maybe null session is possible.
but TSCRACK is not very fast ...
you can also try nt scan with 3389port :-p
boshcash,
null password is possible on 2K servers
like administrator / [/null]
Terminal services ....... So goodd
lol
french PL3X ;-)
Don't try correcting me when I ain't wrong. He asked for a solution based on port 3389. Null session ain't the way then.
:-p
I don't want to correct u
i just say that it is possible like this
peace :-p
I don't want to correct u
i just say that it is possible like this
peace :-p
tscrack is your best
| QUOTE (starwilli @ Feb 24 2004, 06:55 PM) |
| tscrack is your best |
It can be the best, but it's awefully slow !!!
bruteforcing the shit takes a load of time + you need a big dictionary..
i suggest you scan for open ports, and try to get a shell..
then use the net.exe to add an account
i suggest you scan for open ports, and try to get a shell..
then use the net.exe to add an account
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
