Penetration Testing mailing list archives
Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack
From: The Dead <th3d34d () gmail com>
Date: Wed, 9 Jun 2010 11:23:14 -0300
Hello Shohn, Well, I think you will have to implement your own TSGrinder. The idea behind is to build a tool that lanches connection to the target, get the handle and work throught sendkeys to the window. So, you will send key enter to the banner button and perform the others functions. That´s it. On Tue, Jun 8, 2010 at 3:53 PM, Shohn Trojacek <trojacek () gmail com> wrote:
Thanks for writing back; however, the question still stands with regard to the legal banner ;) Shohn On Tue, Jun 8, 2010 at 1:46 PM, Jacky Jack <jacksonsmth698 () gmail com> wrote:I never do bruteforce on this except checking weak passwords a few times mainly because of account lockout, which is not a desired option in pentest engagement. On Fri, Jun 4, 2010 at 9:29 PM, Shohn Trojacek <trojacek () gmail com> wrote:Hello: Trying not to reinvent the wheel here, does anyone have any idea with regard to a method for performing dictionary attack against terminal servers that have the legal banner enabled? I'm finding that in all cases the legal banner seems to stop the password guessing. I'm guessing that a modification to simply send a keypress through is all that is needed. I've tried this with rdesktop brute force patch (both patches), tsgrinder, tscrack, etc. but to no avail. Any plans by the authors of those tools to update or release source :P Shohn ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Terminal Services Banner - Rdesktop, Tsgrind, Tscrack Shohn Trojacek (Jun 08)
- Message not available
- Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack Jacky Jack (Jun 08)
- Message not available
- Message not available
- Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack Shohn Trojacek (Jun 08)
- Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack The Dead (Jun 09)
- Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack Shohn Trojacek (Jun 09)
- Message not available
- Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack Shohn Trojacek (Jun 09)
- Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack Shohn Trojacek (Jun 08)