22 replies to this topic

[tazthedev]

Hi,


I noticed that many many computers got the port 3389 opened ... but is there any exploit that allows us to get a shell ?

It would be great, 'coz its kinda long for trying each one of the results with the Terminal Service Manager from Microshit


any exploit ?

thx

[BuzzDee]

3389 is the mysql port isnt it? but i never saw a working exploit for mysql.... :/

[tazthedev]

Hmm no, its not mysql.... it is the port used for sharing access to a computer... like pcanywhere does

[KoNh]

this is terminal services port which is installed by default on XP machines,
jsut not always able to connect over the net, it is used to switch yer users
sessions without closing'em...

[tazthedev]

yeah this is remote desktop connection port on windows and if you wanna exploit it you could always try a remote desktop connection to it heh and see if it has no pass or not

This thread IS for saving my time .... not for trying each results with the remote manager

[pdf]

3389 is the mysql port isnt it? but i never saw a working exploit for mysql.... :/

port 3389 for terminal service (remote desktop)

[Pro21]

POrt 3389 = Terminal Services
By Default on Windows XP
To Install on Windows 2000 server

You can use Tscrack to scan and try password ( as an Ipcscan scanner )
But after some logon tentatives you're kicked. And more If admin configured in Domain security Strategie to make a windows before the login, tscrack doesn't work.
In consequence I think it s difficult to build a performant tool. It s only interesting to use Terminal services when you have already the admin password.

[muts]

Windows Terminal services is NOT enabled by default on either XP or 2000.

Other than tsgrind / tscrack i'm not aware of any "remote exploit".

Both tsgrind and trcrack arn't very usefull unless youve manages to get a list of users from the machine - and they are *very* slow.

[TheOther]

I don't think there is an exploit for terminal services. And thats good, otherwise 20% of all comps would be vulnerable.

But it can be very helpfull when this port is open! If you can have a shell through an exploit or mssql or...., just add a user in shell and login through TS 3389 with your new account:

net user <username> <password> /add
net localgroup administrators <username> /add

Or you can download the password hashes of existing accounts with Pwdump3 and crack them at your home with Lopht crack.

Or you can use TsGrinder to brute-force accounts with your wordlist.

[Pro21]

Windows Terminal services is NOT enabled by default on either XP or 2000.

(k)

It s enabled but you must config account to access on remote desktop but enable or it s the same result

[usch]

yeah you`re right