Re: RDP settings for Domain and initial splash screen in ncrack-0.3ALPHA

[Daniel Miller <bonsaiviking () gmail com>]

On 10/14/2010 03:23 PM, Duane.Pozzobon () sf frb org wrote:
>   Hi all,
>
> I am testing the new RDP module of Ncrack-0.3 and wanted to know if anyone
> knew the command line options to reference a AD/Domain?  I tried to tie
> the domain in with the username, but that didn't work.
>
> Below is the command I tried.  I also tried without the pt\.  This system
> has no splash screen.
> ncrack --user pt\duane --pass test@1234 -p rdp -d10 ?T3 -g
> at=1,cr=1,CL=1,cd=5s,to=10s xxx.xxx.xxx.xxx
>
> I also wanted to know if there was a switch/option to bypass an opening
> splash/warning screen.  The splash/warning screen is bypassed by hitting
> enter.
>
> I tried this in both Windows XP SP3 and Gentoo Linux.
>
> Thank you all in advance for your time and knowledge.
>
> D.
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
>
>    
Duane,

In most Linux shells, the "\" character is used to escape shell-relevant 
characters, and is ignored otherwise. So after the shell processes your 
command, it looks like this:

ncrack --user ptduane --pass test@1234 -p rdp -d10 ?T3 -g at=1,cr=1,CL=1,cd=5s,to=10s xxx.xxx.xxx.xxx


I don't know about the RDP module specifically, but you may want to try 
it like this instead:

ncrack --user pt\\duane --pass test@1234 -p rdp -d10 ?T3 -g at=1,cr=1,CL=1,cd=5s,to=10s xxx.xxx.xxx.xxx


The double backslash "\\" will be translated into a single backslash "\" 
before it is sent to the ncrack process.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/