• slek
  • Member
  • Offline
  • Registered: 2011-01-09
  • Posts: 10
  • User Karma: 2

Topic: fun fun fun with RDP's

I made this to scan for open RDP's, it's much more efficient to use nmap but perl is nice too^^ when you find one that's open you can use/make a brute force tool to get the password, you have to use a modified version of mstsc.exe or make one (or you'll be banned after some failed logins). 

#!/usr/bin/perl

use IO::Socket;
use warnings;
use strict;

if ( @ARGV != 2 ) {
    print "Kels RDP scanner usage: \n";
    print "KelsRDPScan.pl [valid ip range] e.g: 24.156.128.0 24.156.255.255 \n";
    exit 0;
    }

my ( $startip, $end ) = map unpack( 'N',  pack 'CCCC', split /\./ ),@ARGV;

my $netmask = 0xFFFFFF00; # 255.255.255.0

my $start = unpack 'N', inet_aton(  $startip );
my $finish = unpack 'N', inet_aton( $end );
my $host='';

for my $ip ( $start .. $finish ) {
   next if ( $ip & $netmask ) == $ip or ( $ip & ~$netmask ) == ~$netmask;
   $host = inet_ntoa( pack 'N', $ip );


  if (IO::Socket::INET->new(
                        PeerAddr => $host,
                        PeerPort => '3389', #Change this if your scanning for any other service.
                        Proto    => 'tcp',
                        Timeout => "2",
                       )) {
     print "$host RDP [OPEN].\n";
   } else {
     print "$host RDP [CLOSED].\n";
   }   
    
}

And never forget, a VPN is your bestest friend!

+1

  • Registered: 2011-08-27
  • Posts: 13
  • User Karma: 1

Re: fun fun fun with RDP's

Is the only way for bruteforce to try admin/#pass# 4 times and disconnect after 4th failure to avoid 5th-fail-ban ?

PS Good tool (pioneer on this field) TSGrinder used this approach ... so its strange if nothing was changed smile on RDP since then

  • slek
  • Member
  • Offline
  • Registered: 2011-01-09
  • Posts: 10
  • User Karma: 2

Re: fun fun fun with RDP's

I dont think admin accounts have a limit (by default)

Last edited by slek (2011-12-08 10:02:41)

  • pri0n
  • New member
  • Offline
  • From: United States
  • Registered: 2011-10-21
  • Posts: 6

Re: fun fun fun with RDP's

Just depends on what your RDP'ing into.  If it's tied to an Active Directory domain, then it would depend on the domain lockout policy for regular users and or administrators.  But you your not gonna brute force shit without immediately generating a lot of traffic which will probably get you noticed, which will get you blocked.  Just sayin'.

  • iApoc
  • New member
  • Offline
  • Registered: 2011-12-19
  • Posts: 3

Re: fun fun fun with RDP's

Does anyone use DUbrute any more im getting back into this stuff just wondering?