Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Cannot forward RDP using ncat

From: Green Natalie <Green.Natalie () pbgc gov>
Date: Tue, 29 Jun 2010 19:30:11 -0400
Hello,

I have found that I cannot redirect RDP (mstsc.exe) connections to another Microsoft host. After turning off Remote 
Desktop Protocol on my own host so that ncat can accept the session redirect handling, I run the following on my host:
ncat --sh-exec "ncat target1 3389" -l 3389

Where "target1" is the host that I want my RDP session to get forwarded to.

I then open mstsc.exe, type in my own hostname, I disable "Bitmap Caching", and try to connect. Only twice out of about 
ten attempts did I get an RDP screen, but I never got anything but a black screen; I should have gotten a login screen.

I researched this but found nothing. When running it in debug mode ("-vvv") here's how it looks after starting ncat, 
and after an RDP connection attempt is made through it:

C:\>ncat -vvv -l 3389 --sh-exec "ncat target1:3389"
Ncat: Version 5.21 ( http://nmap.org/ncat )
Ncat: Listening on 0.0.0.0:3389
NCAT DEBUG: Initialized fdlist with 102 maxfds
NCAT DEBUG: Added fd 1932 to list, nfds 1, maxfd 1932
NCAT DEBUG: Added fd 0 to list, nfds 2, maxfd 1932
NCAT DEBUG: Initialized fdlist with 100 maxfds
NCAT DEBUG: selecting, fdmax 1932
NCAT DEBUG: select returned 1 fds ready
NCAT DEBUG: fd 1932 is ready
Ncat: Connection from source1.
NCAT DEBUG: Executing: C:\WINDOWS\system32\cmd.exe /C ncat target1:3389
NCAT DEBUG: Creating named pipe "\\.\pipe\ncat-0"
NCAT DEBUG: Register subprocess 0000074C at index 0.
NCAT DEBUG: selecting, fdmax 1932
NCAT DEBUG: Subprocess ended with exit code 259.
NCAT DEBUG: Unregister subprocess 0000074C from index 0.
NCAT DEBUG: Terminating subprocesses
NCAT DEBUG: max_index 1
NCAT DEBUG: Terminating subprocesses
NCAT DEBUG: max_index 1


Do you have any thoughts on this? Is there something I'm missing, or is this not possible to do to RDP? Thanks in 
advance!

Natalie Green
Security Engineer, CSC
PBGC, 1275 K Street NW, Washington, DC 20005
PBGC ITIO Contract  | P: 202.326.4000 x5430 | F: +1-202.326.4264
green.natalie () pbgc gov | ngreen9 () csc com | www.csc.com | www.pbgc.gov


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: