Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Status Report #11 of 15

From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Tue, 13 Jul 2010 04:45:27 +0300

Hello nmap-dev folks.

The focus of this week was the dissection of the Remote Desktop Protocol
and the creation of the RDP module for Ncrack. RDP has proven to be quite
complex and requires a lot of work even with the help of the rdesktop
source code as a general guideline. As you can see in Microsoft's official
specs http://msdn.microsoft.com/en-us/library/cc240452%28v=PROT.10%29.aspx
there are quite a lot of packets involved in RDP negotiation. In addition,
it seems there are many fields in the packet headers and PDUs that are
quite ambiguous with regard to their actual importance and meaning. There
is also a newer version of RDP (version 5) which has some differences with
the older version 4. Unfortunately, a wireshark RDP dissector doesn't exist
yet: http://wiki.wireshark.org/RDP



Accomplishments:

* Coded and tested a large part of the RDP module.

* Studied a thesis on reverse-engineering RDP:
  http://efod.se/media/thesis.pdf

* Found a copy of rdpproxy, which is a tool for conducting a MITM attack
  against an RDP session. This will prove very valuable in watching the
  decrypted network data exchanged even after the encryption phase.


Priorities:

* Continue working on RDP module.



Regards,
ithilgore


-- 
http://sock-raw.org
http://twitter.com/ithilgore
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: