Penetration Testing mailing list archives
RE: Remote Desktop/Term. Serv Information leakage
From: "Paul Fields" <Infosec () plainenglishsecurity com>
Date: Tue, 5 Jul 2005 11:30:57 -0400
Thanks to everyone for your input it has all been very valuable...FYI the kind of advice I was mainly looking for is the sort of thing Paul Fields and a few others posted (on how to disable clipboard redirection). Also noted the fact that an indirect connection to the internet can have nasty results, and all your comments on alternative ways of compromising the network (DEBUG, manually typing exploits, prnt screen etc).
Again, thanks so much.
One last mention, though you may have come across this with output from a vulnerability scanner, if you haven't I thought I should mention, RDP/Terminal Services are vulnerable to a man in the middle attack. Details here: http://www.oxid.it/downloads/rdp-gbu.pdf Paul
Current thread:
- Re: Remote Desktop/Term. Serv information leakage, (continued)
- Re: Remote Desktop/Term. Serv information leakage Joachim Schipper (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Eric Smith (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Kyle Maxwell (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Terry Vernon (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Joachim Schipper (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Paul Fields (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Thor (Hammer of God) (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Andre Protas (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Ha, Jason (Jul 02)
- Re: Remote Desktop/Term. Serv Information leakage kuffya (Jul 02)
- RE: Remote Desktop/Term. Serv Information leakage Paul Fields (Jul 05)
- RE: Remote Desktop/Term. Serv information leakage Salvador.Manaois (Jul 04)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Erin Carroll (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Alexander Klimov (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? RCS (Jul 05)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Chris Brenton (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Robert BARABAS (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? Maarten Hartsuijker (Jul 06)
- Message not available
- Re: Providers blocking portscans - bad news for pentest? Christoph Puppe (Jul 07)