Nmap Development mailing list archives
Re: Ncrack RDP test
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Fri, 03 Sep 2010 23:55:57 +0300
On 09/03/2010 03:56 PM, not () null net wrote:
Hello everyone. Today, decided to check in step a new RDP module. Ncrack was compiled from the latest SVN revision. The first two tests conducted on Windows 2003 and Windows XP with RDP enabled. I use Windows XP SP3 to do this action. ncrack --user admin --pass password -p rdp -d10 -T5 -g CL=1,cd=5s,to=10s xxx.xxx.xxx.xxx In both I have received this: rdp://xxx.xxx.xxx.xxx:3389 Initiating new Connection rdp://xxx.xxx.xxx.xxx:3389 pushed to list WAIT username: administrator pass: password --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 34 SEC LICENSE rdp packet NULL! LOOP NOTH NULL DATA --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 327 Sec length: 300 RDP length: 300 PDU DEMAND ACTIVE RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 48 Sec length: 22 RDP length: 22 PDU DATA -- DATA PDU SYNC RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 52 Sec length: 26 RDP length: 26 PDU DATA -- DATA PDU CONTROL RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 52 Sec length: 26 RDP length: 26 PDU DATA -- DATA PDU CONTROL RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 52 Sec length: 26 RDP length: 26 PDU DATA PDU data unimplemented 40 RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 1932 Sec length: 1905 RDP length: 22 PDU DATA -- DATA PDU UPDATE ------------------ RDP LOOP ----------------- NEXT PACKET RDP length: 794 PDU DATA -- DATA PDU UPDATE ------------------ RDP LOOP ----------------- NEXT PACKET RDP length: 1089 PDU DATA -- DATA PDU UPDATE -----> UPDATE ORDERs ORDER MEMBLT MEMBLT(op=0xcc,x=0,y=0,cx=16,cy=1,id=0,idx=0) RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 4141 Sec length: 4114 RDP length: 794 PDU DATA -- DATA PDU UPDATE ------------------ RDP LOOP ----------------- NEXT PACKET RDP length: 35 PDU DATA -- DATA PDU UPDATE -----> UPDATE ORDERs ORDER MEMBLT MEMBLT(op=0xcc,x=0,y=0,cx=16,cy=1,id=0,idx=0) ORDER RECT ORDER RECT ------------------ RDP LOOP ----------------- NEXT PACKET RDP length: 49 PDU DATA -- DATA PDU UPDATE ------------------ RDP LOOP ----------------- NEXT PACKET RDP length: 3236 PDU DATA -- DATA PDU POINTER RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 50 Sec length: 24 RDP length: 24 PDU DATA -- DATA PDU POINTER RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 50 Sec length: 24 RDP length: 24 PDU DATA -- DATA PDU POINTER RDP LOOP STATE --------------------------------------- FUNCTION LOOP ------------------------- -------- ------------------ RDP LOOP ----------------- TCP length: 54 Sec length: 28 RDP length: 28 PDU DATA -- DATA PDU UPDATE -----> UPDATE ORDERs ORDER RECT ORDER RECT rdp://xxx.xxx.xxx.xxx:3389 popped from list WAIT ... (some time)................. and after, fatal program error. My friend also could not get a normal result on Windows 2003. His OS Windows XP SP2. And the same as my error. With respect, ROleg _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
You run Ncrack giving it only 10 seconds with the to=10s to crack the service. Note that this option doesn't have anything to do with how long Ncrack waits before stopping cracking a service that appears to be unresponsive rather it's the *total* time Ncrack devotes for that particular service. Are the same results reproduced without specifying this option? Does it work normally against Windows 2003 Server? -- http://sock-raw.org http://twitter.com/ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncrack RDP test not (Sep 03)
- Re: Ncrack RDP test ithilgore (Sep 03)
- <Possible follow-ups>
- Re: Ncrack RDP test not (Sep 03)
- Re: Ncrack RDP test ithilgore (Sep 04)
- Ncrack RDP test not (Sep 04)