Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack



Hello Shohn,

Well, I think you will have to implement your own TSGrinder.
The idea behind is to build a tool that lanches connection to the
target, get the handle and work throught sendkeys to the window.
So, you will send key enter to the banner button and perform the
others functions.

That´s it.

On Tue, Jun 8, 2010 at 3:53 PM, Shohn Trojacek <trojacek@xxxxxxxxx> wrote:
Thanks for writing back; however, the question still stands with
regard to the legal banner ;)

Shohn

On Tue, Jun 8, 2010 at 1:46 PM, Jacky Jack <jacksonsmth698@xxxxxxxxx> wrote:
I never do bruteforce on this except checking weak passwords a few times
mainly because of account lockout, which is not a desired option in pentest
engagement.

On Fri, Jun 4, 2010 at 9:29 PM, Shohn Trojacek <trojacek@xxxxxxxxx> wrote:

Hello:

Trying not to reinvent the wheel here, does anyone have any idea with
regard to a method for performing dictionary attack against terminal
servers that have the legal banner enabled? I'm finding that in all
cases the legal banner seems to stop the password guessing. I'm
guessing that a modification to simply send a keypress through is all
that is needed.

I've tried this with rdesktop brute force patch (both patches),
tsgrinder, tscrack, etc. but to no avail. Any plans by the authors of
those tools to update or release source :P

Shohn

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack
    ... servers that have the legal banner enabled? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Terminal Services Banner - Rdesktop, Tsgrind, Tscrack
    ... regard to a method for performing dictionary attack against terminal ... servers that have the legal banner enabled? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Pentest exams
    ... My GPEN cost me 700.00 since I volunteered as a facilitator at a SANS ... IACRB CPT and CEPT certs require a full ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: OSCP ?
    ... I like to say that the OSCP training is like a set of carpenter tools. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: OSCP ?
    ... Also IMHO if they exam was like the material then where is the challenge? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)