Re: W2K Terminal Services pwd cracker
From: Thor@HammerofGod.comDate: 11/30/01
- Previous message: Secterm .: "Re: W2K Terminal Services pwd cracker"
- In reply to: Secterm .: "Re: W2K Terminal Services pwd cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Thor@HammerofGod.com To: securityterminal@hotmail.com, pen-test@securityfocus.com Message-Id: <5.1.0.14.0.20011129145830.00b12c68@192.168.3.190> Date: Thu, 29 Nov 2001 15:10:37 -0800 Subject: Re: W2K Terminal Services pwd cracker
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
>Tim Mullen (Thor) is building a tool called TSGrinder. I don't think it
>is avaible yet but you may be able to convince him to let you beta test
>it. He has a couple of other tools out for TS that might interest
>you. Check out http://www.hammerofgod.com/download.htm
Thanks for the shout-outs! I saw the original post, but with TSGrinder
being in Beta, I thought it best not to reply- I don't like to promote
stuff that isn't ready yet :)
For those interested, here is where I am... The original TSGrinder
basically used the TS ActiveX client, and exposed the TSNonScriptable
interface via vtable binding in C++... You can also do it in VB, but I
didn't know that at the time...
Anyway, even with the TS ActiveX client scripted, the server setup had to
be non-default (you had to allow users to connect w/o requiring manual
password entry) and that basically blew.
Sozni turned me on to a different dll that *does* allow direct manipulation
of the send and receive channels of the ts client, and that is what I am
trying to figure out. I'm doing a LoadLibrary() and creating pointers to
each function and basically fumbling through determining what the correct
parameters are (no libs or anything available- just the .dll) So it is a
bit slow going. I think I'll break down and buy IDA which should help me
out some. We're starting to get a bit snow-bound up here in the mountains,
so I should have some time to finish this guy up by XMas. This will also
allow me to programmatically check for the presence of a "logon banner" and
dispatch it, which would thwart the earlier TSGrinder based on the web
client. We can also by-pass the clients failed logon limit (5?) and keep
the channel up all the time, rather than tearing it down each time to
failed to log on. It should be cool.
Thought I would let you all know the status on the project. If there are
any C++ geniuses out there who have nothing better to do than help me code
up a free tool, then let me know!
Later.
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPAbAbYhsmyD15h5gEQJarwCg8bJQIU4x1bXxOGHmY2wbCAzCLsAAnRLV
nqRaatikMCyi88Mskpxv2cOT
=YJ7u
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Secterm .: "Re: W2K Terminal Services pwd cracker"
- In reply to: Secterm .: "Re: W2K Terminal Services pwd cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
