Nmap Development mailing list archives
Re: Problem about probe open ports to determine remote desktop service
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 28 Dec 2016 07:55:29 -0600
Rujing, Thanks for this bug report. We had received similar reports ([1], [2]), and did some minor fixes to version detection to try to fix it. Namely, we removed port 3389 from the list of ports that the new TLSSessionReq probe is intended for. This probe gets a response from Microsoft Terminal Services, but once the TLS handshake happens, we can't seem to get any further communication from the service, so there is no match. By moving it lower in priority, we allowed the TerminalServer probe to get the RDP service match. As you found out, though, this still left us unable to properly detect RDP on non-standard ports, since in the general case, the TLSSessionReq had a higher priority (1) than the TerminalServer probe (6). I think I've fixed this in r36516 and r36517, by adding a more specific match for the Terminal Services TLS handshake to the TLSSessionReq probe. This should only match Microsoft's SChannel TLS, which Terminal Services uses. A softmatch directs execution to the remaining probes that contain "match ssl" lines, including the TerminalServer probe and a new TerminalServerCookie probe, that should be able to properly identify the RDP service. Please let us know if this solves your problem. The new service database can be found at https://svn.nmap.org/nmap/nmap-service-probes Dan [1] http://seclists.org/nmap-dev/2016/q2/236 [2] https://github.com/nmap/nmap/issues/525 On Sat, Dec 24, 2016 at 11:03 PM, li rujing <it3asy () gmail com> wrote:
Merry Christmas! English is poor, so I took some pictures, maybe you can understand what i'm saying... I've got a problem when I use nmap7 to determine the remote desktop service in win7&2008: Turned on Remote Desktop in Windows 7, changed the listening port to 3390, Allow connections from computers running any version of Remote Desktop (less secure): This is my problem: 1) 6.47 works well: 2) but 7.x does not work: 3) I think it is about the TLS, I disabled the TLS 1.0 in windows7, 7.x works well: So, if i use nmap7 to determine the remote desktop service in win7&2008, what should i do ?
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Problem about probe open ports to determine remote desktop service li rujing (Dec 27)
- Re: Problem about probe open ports to determine remote desktop service Daniel Miller (Dec 28)