Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Status Report for ithilgore #16 of 16

From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Tue, 17 Aug 2010 04:58:53 +0200
Hello nmap-dev.

This week was spent finalizing the RDP module: fixing some remnant bugs,
adding iteration logic (which of course spawned a couple more bugs),
general testing and finally finding generic fingerprints for the RDP
service in Windows Vista and above.

Let me remind you from my last Status Report that there are no special
status codes in RDP to signify that you failed to authenticate. In
addition, as I discovered, Microsoft changed the way the RDP service tells
you that for Windows Vista editions and above. Previously (Windows XP etc),
you would only need to parse a text message which was embedded in some
certain packets and then check that message against certain patterns.
However, the latest Windows versions don't send any kind of such text
strings, rather they show you the message in a completely "graphical" way.
By this I mean that whenever Windows RDP shows you that your password was
wrong or any relevant message, this isn't a string but a collection of
graphical data that when combined, show you the visual representation of
the text message.

As a result, this required different methods of fingerprinting.
The good news is that I managed to find a certain fingerprint that seems to
be working against all Windows Vista, Windows 7, Windows Server 2008
editions. This required some deep RDP packet inspection and parsing, since
other patterns like for example checking for the length of some packets or
the sequence of them wasn't good enough: these things tended to change the
whole time and they would vary depending on network conditions etc.


Accomplishments

* Added iteration logic to RDP module.

* Fixed several bugs.

* Found generic fingerprint for all Windows Vista, Windows 7 and Windows
  Server 2008 versions.

* Finalized module by removing debugging output, which previously
  appeared by default.

* Updated the manual page by adding sections with brief documentation on
  the SMB and RDP modules.

* Updated the TODO file with some ideas on potentially extending and
  making the RDP module faster.


Priorities

* Write call-for-testers RDP email.
* Make new Ncack release.
* Finish username gathering project.
* Complete GSoC paperwork and code submission.


Cheers,
ithilgore


-- 
http://sock-raw.org
http://twitter.com/ithilgore
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: