#######################

ADDENDUM TO TSCRACK.TXT
#######################
Since I dont really have time to update the docs, here a quick addition concerni
ng bruteforce mode of tscrack 2.1.77
New in this version is, you guessed it, bruteforce capabilities. So you dont req
uire a wordlist anymore.
Use bruteforce mode like this:
tscrack -B -x <maxlen> <ipaddress>
where <ipaddress> is obvious and <maxlen> is the maximum lenght of the bruteforc
e password in chars (ie if maxlen is 3,
it will test passwords of up to -and including- 3 chars lenght.
####
Furthermore, I'd like to point out an error in the tscrack documentation, RDP do
es not support 40bit encryption as stated
previously, its either 56bit or 128bit. I will address this in the next overhaul
of the documentation.
Also, regarding the release of win2k3: I did not overhaul the AI to this point o
f time, due to lack of time (its been really
busy lately, getting my education done - and now Im looking for a job in INFOSEC
, it seems these are a bit hard to find
in Switzerland....). So, TScrack will most likely not work against win2k3 server
s. Its very probable tho that it will work
*on* windows 2k3, as opposed to Windows XP, which is -and will most likely never
be- supported.
I also hope I can find some time to update the web page for tscrack, create a ma
ilinglist, and a post system for AI training
capture files. Unfortunately the future of spacebitch.com website doesnt look to
o bright either, because no job means
no money to continue operation of the spacebitch IP network and its services. Ah
, we'll see.

####
The tscrack -h output for reference:
terminal services cracker (tscrack.exe) v2.1.77 2003-22-03 07:29 PM UTC
(c) 2003 by gridrun [TNC] - All rights reserved - http://softlabs.spacebitch.com
Usage help:
tscrack [switch] [switch [arg]] ... <Host/IP[:port]>
Parameters:
<Host/IP[:port]> : DNS name or IP address of target server, optional port
Switches:
-h : Print usage help and exit
-V : Print version info and exit
-s : Print chipher strenght info and exit
-b : Enable failed password beep
 -t : Use two simultaneous connections [EXPERIMENTAL]
-N : Prevent System Log entries on targeted server
-U : Uninstall tscrack and remove components
-B : Bruteforce mode
-f <number> : Wordlist entry to start cracking with
-w <wordlist> : Wordlist to use; tscrack tries blank passes if omitted
-m <number> : Minimal bruteforce password lenght
-x <number> : Maximal bruteforce password lenght
-q <charset> : Additional bruteforce custom chars [EXPERIMENTAL]
-F <delay> : Sampling Frequency (Delay between samples in ms)
-l <user> : Account name to use, defaults to Administrator
-D <domain> : Specify domain to attempt logon to
-p <password> : Use <password> to logon instead of wordlist/blank pass