Cracking Terminal Servers/RDP

7 replies [Last post]
EverestX's picture
SX Crew
Joined: 2009/05/15

I wanted to post this link up, we have a listing for it in the tools db, but no real info it appears after searching the site. This will get you pointed in all the write directions for brute forcing RDP/Terminal Server Session on Windows with several applications.

The link is circa 2007. but has aged well. Terminal servers are still widely used in the wild, often without even having to connect to a VPN first. This is a dismal idea. Leaving RDP in general open isn't something one should take lightly.

A tip for anyone who has a company web page where after authentication to the web page (often even over http) the terminal session will pop up with the connected address right in the bar, once you have that, you simply RDP to the same ip/hostname with whatever crack app your using.

I know a web page right off hand that has www1. www2. etc connected to wide open terminal servers. The web page auth is just to give you the warm fuzzies. however a port scan will show 3389 open or highly unlikely a redirected port for Terminal services which you can find right off the web page.

Also guys, this is from the top of the page, but handy for remote fun! blam rdp enabled remotely.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0