Searching for open RDP and using Dubrute.

Nick Saban · 07-15-2014, 05:15 PM

Does anybody have experiences with this? If so, please let me know, I am interested in learning about using Dubrute.

Ligeti · 07-15-2014, 09:40 PM

Open RDP? or FreeRDP

I googled Dubrute and "About 34,400 results (0.33 seconds)" of which the first two seems to be interesting videos on YouTube about how to hack using Drubrute...

Dubrute sounds interesting (I never heard of it before)... I am reading more about it now Smile

Peace

Nick Saban · 07-15-2014, 11:08 PM

(07-15-2014, 09:40 PM)Ligeti Wrote: Open RDP? or FreeRDP

I googled Dubrute and "About 34,400 results (0.33 seconds)" of which the first two seems to be interesting videos on YouTube about how to hack using Drubrute...

Dubrute sounds interesting (I never heard of it before)... I am reading more about it now

Peace

I did use google and youtube. But none of which tells me how to scan for open rdp ports.

Ligeti · 07-15-2014, 11:17 PM

Ah open RDP ports... I see!

Using nmap of course! I believe it is port 3389 (both TCP and UDP)... to you may want to run something like:

Code:
nmap -sT <ip address> -p 3389

And

Code:
nmap -sU <ip address> -p 3389

I know nothing about Dubrute (yet not much to talk about it), but generally when you want to scan a port you use or nc, nmap, or any port scanner... the most "famous" one/method is using nmap (or zenmap which is the same but with a nice GUI)

I hope that will help/guide you somehow, please let me know if you need more help/info.

Peace

Nick Saban · 07-15-2014, 11:27 PM

(07-15-2014, 11:17 PM)Ligeti Wrote: Ah open RDP ports... I see!

Using nmap of course! I believe it is port 3389 (both TCP and UDP)... to you may want to run something like:

Code:
nmap -sT <ip address> -p 3389

And

Code:
nmap -sU <ip address> -p 3389

I know nothing about Dubrute (yet not much to talk about it), but generally when you want to scan a port you use or nc, nmap, or any port scanner... the most "famous" one/method is using nmap (or zenmap which is the same but with a nice GUI)

I hope that will help/guide you somehow, please let me know if you need more help/info.

Peace

Not quite what I am looking for. I saw in another forum this guy had a sleeper program that checked THOUSANDS of ip's (outside of the network) and scanned them for RDP ports. Then, after a while, when the program found some open ports for him, he would use dubrute to get inside. I have tried pm'ing user, but he never replies... asshole.

Ligeti · 07-15-2014, 11:37 PM

Oh I see... well, unfortunately that's listed under black hat activity, and I can't help you with that (nor can anyone in this community... we are ethical)

Plus the fact I don't recommend you doing so.

Peace

lady_godiva · 07-16-2014, 12:06 AM

If you knew a litte bit about nmap you'd know how you can scan a specific port for multiple ips.

If you knew how RDP works, you'd realize that dubrute is extremely easy to use (evidence says that you do not know what you are doing).

If you knew that scanning thousand of ips and using things like dubrute is a stupid idea, you wouldn't even have opened this thread

Insider · 07-16-2014, 08:18 PM

I don't condone black hat activity, but I'll leave this here. Not sure if it's clean or not, but what you're looking for would be an "RDP" scanner.

Download links in the describtion.

lady_godiva · 07-16-2014, 10:08 PM

(07-16-2014, 08:18 PM)Insider Wrote: I don't condone black hat activity, but I'll leave this here. Not sure if it's clean or not, but what you're looking for would be an "RDP" scanner.

Download links in the describtion.

Not very correct, as the name states pretty clearly it is a bruteforce tool. It just try to bruteforce credentials for the RDP protocol against target with port 3389.

dmaxx · 07-17-2014, 08:25 PM

(07-16-2014, 10:08 PM)lady_godiva Wrote:
(07-16-2014, 08:18 PM)Insider Wrote: I don't condone black hat activity, but I'll leave this here. Not sure if it's clean or not, but what you're looking for would be an "RDP" scanner.

Download links in the describtion.

Not very correct, as the name states pretty clearly it is a bruteforce tool. It just try to bruteforce credentials for the RDP protocol against target with port 3389.

also, such tool(dubrute) can easily been stopped from bruteforcing by adding two new keys like "LEGALNOTICECAPTION" and "LEGALNOTICETEXT" and enter a plain text value for each of them in the windows register in the folder named

Quote:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

which requirer the person to hit "OK" to be able to access the CTRL+ALT+DEL option and effective terminate password blasting, well aleast as far as i have heard anyway, please no flamming if am mistaken tough:epic: