Nmap Development mailing list archives
[NSE] Idea: Radmin brute force password script
From: Pavel Zhovner <pavel () zhovner com>
Date: Thu, 28 Apr 2011 14:23:37 +0300
Hello, folks. I have a proposal. Radmin — remote control service for Windows. The same as microsft RDP but with remote access to file system, command interpreter and more. Unlike RDP, connection to Radmin is sneaky. It means all features (desktop sharing, file sharing, cmd.exe) not visible for user. It will be great to have script for guessing password. Difficult is that Radmin protocol is proprietary and there is no open protocol specification, but it alredy successfully reverse-engineered. It use Twofish cipher for connection encryption and radmin version 3.x use SRP (RFC 2945) for authentication. In attachment radmin ver. 2.x, 3.x authentication module written in C taken from opensource windows tool Lamescan. I try to translate comments in code from russian. I'm also attach Lamescan sources. If someone interested of this, I can give the playground with all versions radmin and contact with guy who worked on reverse-engineering.
Attachment:
radmin.c
Description:
Attachment:
radmin.h
Description:
Attachment:
lamescan3_src.tar.gz
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Idea: Radmin brute force password script Pavel Zhovner (Apr 28)
- <Possible follow-ups>
- Re: [NSE] Idea: Radmin brute force password script Toni Ruottu (Apr 28)