Nmap Development mailing list archives
RE: Cannot forward RDP using ncat
From: Green Natalie <Green.Natalie () pbgc gov>
Date: Fri, 9 Jul 2010 18:59:16 -0400
Hi David, Thanks for that info. I updated to the beta and it worked perfectly - when connecting from workstation to workstation or server to server, but not when they're mixed. That's when I get a 0x1104 error, but that apparently has nothing to do with ncat. See this: http://support.microsoft.com/kb/898060 We applied the MS06-007 patch to our servers, so I don't know why it's buggin', but the beta version definitely allows the connections to work perfectly in many cases. Thanks a bunch! Quick question: insecure.org is blocked, but nmap.org is open to us. I would like to send nmap protocol info but currently cannot and they will not open that site any time soon. Is there an alternate site, or an email, that I can use to get the info up? We've got lots of varieties of protocols that might well help the nmap world. :) Regards, Natalie -----Original Message----- From: David Fifield [mailto:david () bamsoftware com] Sent: Wednesday, July 07, 2010 1:26 PM To: Green Natalie Cc: 'nmap-dev () insecure org' Subject: Re: Cannot forward RDP using ncat On Tue, Jun 29, 2010 at 07:30:11PM -0400, Green Natalie wrote:
Hello, I have found that I cannot redirect RDP (mstsc.exe) connections to another Microsoft host. After turning off Remote Desktop Protocol on my own host so that ncat can accept the session redirect handling, I run the following on my host: ncat --sh-exec "ncat target1 3389" -l 3389 Where "target1" is the host that I want my RDP session to get forwarded to. I then open mstsc.exe, type in my own hostname, I disable "Bitmap Caching", and try to connect. Only twice out of about ten attempts did I get an RDP screen, but I never got anything but a black screen; I should have gotten a login screen. I researched this but found nothing. When running it in debug mode ("-vvv") here's how it looks after starting ncat, and after an RDP connection attempt is made through it: C:\>ncat -vvv -l 3389 --sh-exec "ncat target1:3389" Ncat: Version 5.21 ( http://nmap.org/ncat ) Ncat: Listening on 0.0.0.0:3389 NCAT DEBUG: Initialized fdlist with 102 maxfds NCAT DEBUG: Added fd 1932 to list, nfds 1, maxfd 1932 NCAT DEBUG: Added fd 0 to list, nfds 2, maxfd 1932 NCAT DEBUG: Initialized fdlist with 100 maxfds NCAT DEBUG: selecting, fdmax 1932 NCAT DEBUG: select returned 1 fds ready NCAT DEBUG: fd 1932 is ready Ncat: Connection from source1. NCAT DEBUG: Executing: C:\WINDOWS\system32\cmd.exe /C ncat target1:3389 NCAT DEBUG: Creating named pipe "\\.\pipe\ncat-0" NCAT DEBUG: Register subprocess 0000074C at index 0. NCAT DEBUG: selecting, fdmax 1932 NCAT DEBUG: Subprocess ended with exit code 259. NCAT DEBUG: Unregister subprocess 0000074C from index 0. NCAT DEBUG: Terminating subprocesses NCAT DEBUG: max_index 1 NCAT DEBUG: Terminating subprocesses NCAT DEBUG: max_index 1 Do you have any thoughts on this? Is there something I'm missing, or is this not possible to do to RDP? Thanks in advance!
Thanks for this good report. Please try version 5.30BETA1. I think this is already fixed as described in this thread: http://seclists.org/nmap-dev/2010/q1/731. The clue was the "exit code 259". David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Cannot forward RDP using ncat David Fifield (Jul 07)
- RE: Cannot forward RDP using ncat Green Natalie (Jul 09)