Research and Development

pass-the-hash

FreeRDP-pth is a slightly modified version of FreeRDP that tries to authenticate using a password hash instead of a password.  This work only against RDP v8.1 servers (Windows 2012 R2 at the time of writing) and even then, only for members of the administrators groups. Continue reading

Windows 2012 R2 servers use a newer version of the Remote Desktop Protocol (RDP) that has a feature that will be interest to both penetration testers and system administrators.  This post describes the new “Restricted Admin” feature, the security benefits it brings and a potential downside of the feature: Pass-the-Hash attacks.  We’ll briefly recap what Pass-the-Hash attack are and demonstrate such an attack against a Windows 2012 R2 server. A proof-of-concept (PoC) tool to carry out Pass-the-Hash attacks against Windows 2012 R2 server is also released – a trivial modification to the excellent FreeRDP client. Continue reading