FreeRDP-pth is a slightly modified version of FreeRDP that tries to authenticate using a password hash instead of a password. This work only against RDP v8.1 servers (Windows 2012 R2 at the time of writing) and even then, only for members of the administrators groups. Continue reading
Windows 2012 R2 servers use a newer version of the Remote Desktop Protocol (RDP) that has a feature that will be interest to both penetration testers and system administrators. This post describes the new “Restricted Admin” feature, the security benefits it brings and a potential downside of the feature: Pass-the-Hash attacks. We’ll briefly recap what Pass-the-Hash attack are and demonstrate such an attack against a Windows 2012 R2 server. A proof-of-concept (PoC) tool to carry out Pass-the-Hash attacks against Windows 2012 R2 server is also released – a trivial modification to the excellent FreeRDP client. Continue reading
By default, Windows systems will allow low privileged users to create directories (but not files) in the root of the `C:’ drive. In this post we ask if that’s really a security problem and ultimately conclude that, yes sometimes it can be. Continue reading
ssl-cipher-suite-enum is a perl script to enumerate supported SSL cipher suites supported by network services (principally HTTPS). Continue reading
udp-proto-scanner is a perl script which discovers UDP services by sending triggers to a list of hosts Continue reading
A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. Continue reading
An enhanced version of Solar Eclipse’s SNMP Community string guessing tool. Continue reading
A command-line tool for bruteforce-guessing directory and filenames on web servers. Continue reading