cracking DMZ servers username/password

TheMSsForum.com: The Microsoft Software Forum

We have a Windows 2003 server on our DMZ, it's patched up to the latest and
we have enabled Remote desktop Connection, so we can manage it remotely over
the internet. Obviuosly I think this can be a risk, but I need to know if
the username and password can be cracked etc. I did a port scan on it and it
showed the RDC port open. I have changed the administrators username, what
tool can I use?
Top

Re: cracking DMZ servers username/password by Tom

Tom
Sun Feb 05 06:54:16 CST 2006

Check out the Remote Desktop brute force tool tsgrinder here:
http://www.hammerofgod.com/download.htm

I've had problems with it, timing out after some time. You also need a
dictionary, since it doesn't support character iteration... yet.

- Tom

"SW" <SW@discussions.microsoft.com> wrote in message
news:40D1CDA5-475A-49D4-BA4A-A4DAA12397C1@microsoft.com...
> We have a Windows 2003 server on our DMZ, it's patched up to the latest
> and
> we have enabled Remote desktop Connection, so we can manage it remotely
> over
> the internet. Obviuosly I think this can be a risk, but I need to know if
> the username and password can be cracked etc. I did a port scan on it and
> it
> showed the RDC port open. I have changed the administrators username,
> what
> tool can I use?

Top

Re: cracking DMZ servers username/password by SW

SW
Sun Feb 05 07:49:10 CST 2006

where can I get a dictionary? aslo If I type \\serverIP\c$ it prompts for a
username and password can I brute force this?

"Tom Olsson" wrote:

> Check out the Remote Desktop brute force tool tsgrinder here:
> http://www.hammerofgod.com/download.htm
>
> I've had problems with it, timing out after some time. You also need a
> dictionary, since it doesn't support character iteration... yet.
>
> - Tom
>
> "SW" <SW@discussions.microsoft.com> wrote in message
> news:40D1CDA5-475A-49D4-BA4A-A4DAA12397C1@microsoft.com...
> > We have a Windows 2003 server on our DMZ, it's patched up to the latest
> > and
> > we have enabled Remote desktop Connection, so we can manage it remotely
> > over
> > the internet. Obviuosly I think this can be a risk, but I need to know if
> > the username and password can be cracked etc. I did a port scan on it and
> > it
> > showed the RDC port open. I have changed the administrators username,
> > what
> > tool can I use?
>
Top

Re: cracking DMZ servers username/password by SLK

SLK
Sun Feb 05 07:24:15 CST 2006


no its not at all easy to crack.... (though i don't know about tools)
one more step you could take is... change the Port for this
connection... so that no one can guess the default tcp 3389


--
SLK
------------------------------------------------------------------------
SLK's Profile: http://forums.techarena.in/member.php?userid=13093
View this thread: http://forums.techarena.in/showthread.php?t=454893
Free Computer Help - http://forums.techarena.in

Top

Re: cracking DMZ servers username/password by Lanwench

Lanwench
Sun Feb 05 10:12:04 CST 2006



In news:40D1CDA5-475A-49D4-BA4A-A4DAA12397C1@microsoft.com,
SW <SW@discussions.microsoft.com> typed:
> We have a Windows 2003 server on our DMZ, it's patched up to the
> latest and we have enabled Remote desktop Connection, so we can
> manage it remotely over the internet. Obviuosly I think this can be
> a risk, but I need to know if the username and password can be
> cracked etc. I did a port scan on it and it showed the RDC port
> open. I have changed the administrators username, what tool can I
> use?

It is encrypted, and isn't easy to hack, but....if you're really worried,
set up VPN and don't expose the port to the internet directly.
Changing the listening port, or the administrator account name, doesn't
really do much to protect you.
Always use a long complex password.

You might get more help in microsoft.public.windows.terminal_services.....

And note - you haven't mentioned what ports are open from WAN to DMZ, which
may make a difference here as well - also, I presume this isn't a domain
controller, Exchange server, etc (at least, I hope it isn't)



Top

Re: cracking DMZ servers username/password by Steven

Steven
Sun Feb 05 10:39:37 CST 2006

It is much more difficult than when you have direct physical access to the
computer. You could use ipsec to protect access to port 3389 that would need
to use computer authentication and give the server an ipsec require policy
for port 3389 TCP with either certificate or pre shared key authentication
that each computer would need to have. That would flat out stop password
guessing attempts because the attackers computer could not authenticate with
your server. Also use a complex pass phrase that is at least 15 characters
long which would be extremely strong. --- Steve

http://support.microsoft.com/?kbid=233256 --- ipsec and firewalls


"SW" <SW@discussions.microsoft.com> wrote in message
news:40D1CDA5-475A-49D4-BA4A-A4DAA12397C1@microsoft.com...
> We have a Windows 2003 server on our DMZ, it's patched up to the latest
> and
> we have enabled Remote desktop Connection, so we can manage it remotely
> over
> the internet. Obviuosly I think this can be a risk, but I need to know if
> the username and password can be cracked etc. I did a port scan on it and
> it
> showed the RDC port open. I have changed the administrators username,
> what
> tool can I use?


Top

Re: cracking DMZ servers username/password by Roger

Roger
Sun Feb 05 11:16:53 CST 2006

Apparently you need to do such are run SCW to get a starting point
at a services and network latch-down, since if \\serverIP\c$ is giving
a prompt then you have the NetBIOS related ports open to the origin
of your test. Since you stated TS needs to be available to internet
origins, I will assume this means NetBt and prehaps much else is also
similarly open to the world. SCW will help you latch the box down
so that nothing except what is needed for the intended purposes is
active to the network. If you then do as has been advised here, make
TS use an alternate port and require an IPsec security association for
that alternate port, then you would not have a great deal to worry
about concerning the TS visibility.

"SW" <SW@discussions.microsoft.com> wrote in message
news:99EE4F71-019D-4329-9AA4-F44B17F6E435@microsoft.com...
> where can I get a dictionary? aslo If I type \\serverIP\c$ it prompts for
> a
> username and password can I brute force this?
>
> "Tom Olsson" wrote:
>
>> Check out the Remote Desktop brute force tool tsgrinder here:
>> http://www.hammerofgod.com/download.htm
>>
>> I've had problems with it, timing out after some time. You also need a
>> dictionary, since it doesn't support character iteration... yet.
>>
>> - Tom
>>
>> "SW" <SW@discussions.microsoft.com> wrote in message
>> news:40D1CDA5-475A-49D4-BA4A-A4DAA12397C1@microsoft.com...
>> > We have a Windows 2003 server on our DMZ, it's patched up to the latest
>> > and
>> > we have enabled Remote desktop Connection, so we can manage it remotely
>> > over
>> > the internet. Obviuosly I think this can be a risk, but I need to know
>> > if
>> > the username and password can be cracked etc. I did a port scan on it
>> > and
>> > it
>> > showed the RDC port open. I have changed the administrators username,
>> > what
>> > tool can I use?
>>


Top