Nmap Development mailing list archives
Status Report for ithilgore #16 of 16
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Tue, 17 Aug 2010 04:58:53 +0200
Hello nmap-dev. This week was spent finalizing the RDP module: fixing some remnant bugs, adding iteration logic (which of course spawned a couple more bugs), general testing and finally finding generic fingerprints for the RDP service in Windows Vista and above. Let me remind you from my last Status Report that there are no special status codes in RDP to signify that you failed to authenticate. In addition, as I discovered, Microsoft changed the way the RDP service tells you that for Windows Vista editions and above. Previously (Windows XP etc), you would only need to parse a text message which was embedded in some certain packets and then check that message against certain patterns. However, the latest Windows versions don't send any kind of such text strings, rather they show you the message in a completely "graphical" way. By this I mean that whenever Windows RDP shows you that your password was wrong or any relevant message, this isn't a string but a collection of graphical data that when combined, show you the visual representation of the text message. As a result, this required different methods of fingerprinting. The good news is that I managed to find a certain fingerprint that seems to be working against all Windows Vista, Windows 7, Windows Server 2008 editions. This required some deep RDP packet inspection and parsing, since other patterns like for example checking for the length of some packets or the sequence of them wasn't good enough: these things tended to change the whole time and they would vary depending on network conditions etc. Accomplishments * Added iteration logic to RDP module. * Fixed several bugs. * Found generic fingerprint for all Windows Vista, Windows 7 and Windows Server 2008 versions. * Finalized module by removing debugging output, which previously appeared by default. * Updated the manual page by adding sections with brief documentation on the SMB and RDP modules. * Updated the TODO file with some ideas on potentially extending and making the RDP module faster. Priorities * Write call-for-testers RDP email. * Make new Ncack release. * Finish username gathering project. * Complete GSoC paperwork and code submission. Cheers, ithilgore -- http://sock-raw.org http://twitter.com/ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Status Report for ithilgore #16 of 16 ithilgore (Aug 16)