Government Security
Network Security Resources

Jump to content

Photo

Port 3389.... Any Exploit ?


  • This topic is locked This topic is locked
22 replies to this topic

#1 tazthedev

tazthedev

    Private First Class

  • Members
  • 47 posts

Posted 20 February 2004 - 06:43 PM

Hi,


I noticed that many many computers got the port 3389 opened ... but is there any exploit that allows us to get a shell ?

It would be great, 'coz its kinda long for trying each one of the results with the Terminal Service Manager from Microshit :D


any exploit ? :)

thx

#2 BuzzDee

BuzzDee

    Staff Sergeant

  • Sergeant Major
  • 454 posts

Posted 20 February 2004 - 06:50 PM

3389 is the mysql port isnt it? but i never saw a working exploit for mysql.... :/

#3 tazthedev

tazthedev

    Private First Class

  • Members
  • 47 posts

Posted 20 February 2004 - 06:57 PM

Hmm no, its not mysql.... it is the port used for sharing access to a computer... like pcanywhere does

#4 KoNh

KoNh

    Specialist

  • Members
  • 111 posts

Posted 20 February 2004 - 07:01 PM

this is terminal services port which is installed by default on XP machines,
jsut not always able to connect over the net, it is used to switch yer users
sessions without closing'em...

#5 Guest_m1k3_*

Guest_m1k3_*
  • Guests

Posted 20 February 2004 - 07:48 PM

yeah this is remote desktop connection port on windows and if you wanna exploit it you could always try a remote desktop connection to it heh and see if it has no pass or not

#6 tazthedev

tazthedev

    Private First Class

  • Members
  • 47 posts

Posted 20 February 2004 - 08:03 PM

yeah this is remote desktop connection port on windows and if you wanna exploit it you could always try a remote desktop connection to it heh and see if it has no pass or not

This thread IS for saving my time .... not for trying each results with the remote manager :P

#7 pdf

pdf

    Specialist

  • Members
  • 110 posts

Posted 20 February 2004 - 11:39 PM

3389 is the mysql port isnt it? but i never saw a working exploit for mysql.... :/

port 3389 for terminal service (remote desktop) :blink:

#8 Pro21

Pro21

    Sergeant

  • Members
  • 230 posts

Posted 21 February 2004 - 12:11 AM

POrt 3389 = Terminal Services
By Default on Windows XP
To Install on Windows 2000 server

You can use Tscrack to scan and try password ( as an Ipcscan scanner )
But after some logon tentatives you're kicked. And more If admin configured in Domain security Strategie to make a windows before the login, tscrack doesn't work. :(
In consequence I think it s difficult to build a performant tool. It s only interesting to use Terminal services when you have already the admin password.

#9 muts

muts

    Private First Class

  • Members
  • 32 posts

Posted 21 February 2004 - 02:28 AM

Windows Terminal services is NOT enabled by default on either XP or 2000.

Other than tsgrind / tscrack i'm not aware of any "remote exploit".

Both tsgrind and trcrack arn't very usefull unless youve manages to get a list of users from the machine - and they are *very* slow.

#10 TheOther

TheOther

    Private First Class

  • Members
  • 98 posts

Posted 21 February 2004 - 03:10 AM

I don't think there is an exploit for terminal services. And thats good, otherwise 20% of all comps would be vulnerable.

But it can be very helpfull when this port is open! If you can have a shell through an exploit or mssql or...., just add a user in shell and login through TS 3389 with your new account:

net user <username> <password> /add
net localgroup administrators <username> /add

Or you can download the password hashes of existing accounts with Pwdump3 and crack them at your home with Lopht crack.

Or you can use TsGrinder to brute-force accounts with your wordlist.

#11 Pro21

Pro21

    Sergeant

  • Members
  • 230 posts

Posted 21 February 2004 - 04:13 AM

Windows Terminal services is NOT enabled by default on either XP or 2000.

(k)

It s enabled but you must config account to access on remote desktop but enable or it s the same result :P

#12 Guest_l_Hacker_1987_l_*

Guest_l_Hacker_1987_l_*
  • Guests

Posted 21 February 2004 - 04:35 AM

You Need An Account from Remote Host to Connect to Terminal Services(Remote Desktop) on port 3389 ;)
MSTSC.exe :) is Remote Desktop Connection Viewer ;)
so u must have an Administrator Account ro Access Remote Host :)
u can Crack Sam file , or Add new user with Net Commands And put in on Administrators Group :)


My English SuX:D

#13 Guest_woodpecker_sjtu_*

Guest_woodpecker_sjtu_*
  • Guests

Posted 22 February 2004 - 03:34 AM

3389 is the mysql port isnt it? but i never saw a working exploit for mysql.... :/

no

#14 Guest_dragonfly_*

Guest_dragonfly_*
  • Guests

Posted 22 February 2004 - 06:16 AM

1433 is sql if i'm right ;)

#15 usch

usch

    Staff Sergeant

  • Sergeant Major
  • 269 posts

Posted 22 February 2004 - 06:31 AM

yeah you`re right




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users