2

We're currently writing a tool aimed at checking the validity of credentials over various applications (http, ssh, smb, rdp). No problem for the 3 former. But for RDP, I couldn't find a single way of doing this easily.

The tool is embedded within a web app hosted on a linux box, therefore there is no X Server available.

The only tool I have successfully used to validate RDP credentials from the command line is THC-Hydra, by supplying a single username and password, it works correctly for older versions of RDP servers, of for those where the Network Level Authentication has been lowered.

However, THC-Hydra seems to hang when checking RDP credentials for newest versions of Windows, or where Network Level Authentication has been hardened.

Medusa with a patched version of the rdesktop client fails as well. (some servers require CredSSP, SSL, ...)

There's also nmap's ncrack, but for some reason I only get "READ" timeouts.

EDIT: I got Ncrack to work, however it fails - at least on Windows 2008 R2 (doesn't find credentials even when providing the correct ones).

Any clues to help me?

Cheers

jrm
  • 599
  • 6
  • 12

1 Answers1

6

Actually I found a reliable way to do that. It's always when you stop looking for something that you find it :)

Using the super awesome remote desktop client FreeRDP and the "+auth-only" switch. The exit status is 0 when authentication succeeds, 1 otherwise. There also are the error message that you can grep for.

Failed auth:

jrm@deb-jrm:~$ static/xfreerdp /v:10.0.0.1 /cert-ignore /u:MyUser /MyDomain /p:WRONGPASS +auth-only
Authentication only. Don't connect to X.
credssp_recv() error: -1
freerdp_set_last_error 0x20009
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
Error: protocol security negotiation or connection failure
Authentication only, exit status 1
Authentication only, exit status 1

Valid auth:

jrm@deb-jrm:~$ static/xfreerdp /v:10.0.0.1 /cert-ignore /u:MyUser /MyDomain /p:GOODPASS +auth-only
Authentication only. Don't connect to X.
Authentication only, exit status 0
Authentication only, exit status 0
jrm
  • 599
  • 6
  • 12
  • when does it still tries to connect to x, I still get failed to connect to display – Rainb Jan 05 '21 at 20:17
  • This is not useful if you need to run this from a Linux Server without the GUI as it still complains about the DISPLAY property not set – PSfan May 31 '22 at 09:33