Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problem about probe open ports to determine remote desktop service

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 28 Dec 2016 07:55:29 -0600
Rujing,

Thanks for this bug report. We had received similar reports ([1], [2]), and
did some minor fixes to version detection to try to fix it. Namely, we
removed port 3389 from the list of ports that the new TLSSessionReq probe
is intended for. This probe gets a response from Microsoft Terminal
Services, but once the TLS handshake happens, we can't seem to get any
further communication from the service, so there is no match. By moving it
lower in priority, we allowed the TerminalServer probe to get the RDP
service match.

As you found out, though, this still left us unable to properly detect RDP
on non-standard ports, since in the general case, the TLSSessionReq had a
higher priority (1) than the TerminalServer probe (6). I think I've fixed
this in r36516 and r36517, by adding a more specific match for the Terminal
Services TLS handshake to the TLSSessionReq probe. This should only match
Microsoft's SChannel TLS, which Terminal Services uses. A softmatch directs
execution to the remaining probes that contain "match ssl" lines, including
the TerminalServer probe and a new TerminalServerCookie probe, that should
be able to properly identify the RDP service.

Please let us know if this solves your problem. The new service database
can be found at https://svn.nmap.org/nmap/nmap-service-probes

Dan

[1] http://seclists.org/nmap-dev/2016/q2/236
[2] https://github.com/nmap/nmap/issues/525

On Sat, Dec 24, 2016 at 11:03 PM, li rujing <it3asy () gmail com> wrote:


Merry Christmas!
English is poor, so I took some pictures, maybe you can understand what
i'm saying...

I've got a problem when I use nmap7 to determine the remote desktop
service in win7&2008:

Turned on Remote Desktop in Windows 7, changed the listening port to 3390,
Allow connections from computers running any version of Remote Desktop
(less secure):


This is my problem:
1) 6.47 works well:


2) but 7.x does not work:


3) I think it is about the TLS, I disabled the TLS 1.0 in windows7, 7.x
works well:


So, if i use nmap7 to determine the remote desktop service in win7&2008,
what should i do ?


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: