xTSCrack RDP Audit Tool Atrix Team NGT, 2011

Publish Date: 07/11/2011

Version: 0.9

Freeware Version

Atrix Team NGT 2011- http://atrixteam.blogspot.com/

-1-

Summary

1 1.1 1.2 1.3 2 2.1 2.2 3 3.1 3.2 3.3 3.4 3.5 3.6 4

OVERVIEW .............................................................................................................................. 3 INTRODUCTION ...................................................................................................................................................... 3 OBJECTIVES ........................................................................................................................................................... 3 DEFINITIONS .......................................................................................................................................................... 3 UNDERSTANDING THE MAIN SCREEN .................................................................................... 3 OPTIONS AND CONTROLS ....................................................................................................................................... 3 NEW CONTROLS..................................................................................................................................................... 4 USING XTSCRACK ................................................................................................................... 5 AUDITING SINGLE HOST WITH WORDLIST & USERLIST....................................................................................... 5 AUDITING SINGLE HOST WITH WORDLIST & USERNAME ..................................................................................... 5 AUDITING SINGLE HOST WITH USERLIST WITH PASSWORD ................................................................................. 5 AUDITING RANGE LIST OR ADDRESS LIST WITH WORDLIST & USERLIST............................................................ 6 AUDITING RANGE LIST OR ADDRESS LIST WITH WORDLIST & USERNAME .......................................................... 6 AUDITING RANGE LIST WITH WORDLIST & USERLIST ......................................................................................... 6 CONTACT/SUPPORT ................................................................................................................ 7

Atrix Team NGT 2011- http://atrixteam.blogspot.com/

-2-

1 Overview
1.1 Introduction
xTSCrack is a advanced RDP audit tool created by SeCToR-X (_sector_x@hackermail.com or rodrigomatuck@globo.com) that allow user find weak passwords in Remote Desktop Service.

1.2 Objectives
Assist the Security Analyst and Penetration Tester find weak passwords over RDP Protocol.

1.3 Definitions
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer. The protocol is an extension of the ITU-T T.128 application sharing protocol.[1] Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, Mac OS X, Android, and other modern operating systems. By default the server listens on TCP port 3389.[2] Microsoft currently refers to their official RDP server software as Remote Desktop Services, formerly "Terminal Services". Their official client software is currently referred to as Remote Desktop Connection, formerly "Terminal Services Client".

2 Understanding the main screen

2.1 Options and controls
The new xTSCrack have a interface with 16 controls. They are: IP Address: IP Address or Hostname of host to be audited; To: Specify the last IP range address; Target Mode: Define the audit mode. 3 options: Single, Range and List; Username: Specify the username to use against password list; Password: Specify the password to use against user list; Domain: Specify the domain of host to use in audit. If left blank, the default value will be IP/Host; Userlist & Wordlist: Set the user list and wordlist file to be used in audit; Save Results to: Set the file to store audit output; Wordlist & Userlist: Define the audit method to use wordlist and userlist; Wordlist with username: Audit wordlist passwords against the supplied username; Userlist with password: Audit userlist against the supplied password; Start: Start the audit process with selected options; Stop: Stop the audit process; Save Results: Store the audit log output in specified file.

Atrix Team NGT 2011- http://atrixteam.blogspot.com/

-3-

2.2 New Controls

xTSCrack 0.9 have a lot of new controls: Address List, IP Address Range and Target Mode options. The IP Address Range allow the user audit from start host to end host. Ex: From host 192.168.1.104 to 192.168.1.23.

Once typed the start IP address and end IP address, the user will need select the option Range List in Target Mode options and then proceed with other options selection, like: Attack Method and File input options. The other option permitted in the new version is the Address List. The difference of range list to Address List is simple. The Range List audit hosts of same subnet and other audit the hosts of different subnet. This mean, we can audit a multiple IP address. Ex: 10.10.0.21, 192.168.1.2, 10.10.11.12, 10.11.13.4. To use

Atrix Team NGT 2011- http://atrixteam.blogspot.com/

-4-

Address List you need click with right mouse button over the Address List field. After click 4 options will be shown on the screen:

Then click in menu item Add Address to add IP address to the list. Also you can import a text file with IP Address. The file must contain IPs separated by line feed. Once you defined the scope then choose the attack method and click in Start button.

3 Using xTSCrack
3.1 Auditing single host with Wordlist & Userlist
1 Type the IP Address to be audited; 2 Choose single IP Address in Target options; 3 Choose attack method Wordlist & Userlist; 4 Load the user list file clicking in button on right of the Userlist field; 5 Load the password list file clicking in button on right of the Wordlist field; 6 Choose the wordlist and click in button OK; 7 Click in start button and wait audit finish.

3.2 Auditing single host with Wordlist & username

1 Type the IP Address to be audited; 2 Choose single IP Address in Target options; 3 Type the username in Username field and domain of host in Domain field; 4 Choose attack method Wordlist with username; 5 Load the password list file clicking in button on right of the Wordlist field; 6 Choose the wordlist and click in button OK; 7 Click in start button and wait finish.

3.3 Auditing single host with Userlist with password

1 Type the IP Address to be audited; 2 Choose single IP Address in Target options; 3 Type the password in Password field and domain of host in Domain field; 4 Choose attack method Userlist with password;

Atrix Team NGT 2011- http://atrixteam.blogspot.com/

-5-

5 Load the user list file clicking in button on right of the Userlist field; 6 Choose the wordlist and click in button OK; 7 Click in start button and wait finish.

3.4 Auditing range list or address list with Wordlist & Userlist
1 Choose single Range List in Target options or Address List; 2.2 For range list type the start IP address in IP Address From field; 2.2.1 Type the end IP range Address in field To:; 2.3 For address list click with right mouse button over address list field; 2.3.1 Select the menu item Add Address or Import from file to add address to list; 3 Choose attack method Wordlist & Userlist; 4 Load the user list file clicking in button on right of the Userlist field; 5 Load the password list file clicking in button on right of the Wordlist field; 6 Choose the wordlist and click in button OK; 7 Click in start button and wait audit finish.

3.5 Auditing range list or address list with Wordlist & username
1 Choose single Range List in Target options or Address List; 2.2 For range list type the start IP address in IP Address From field; 2.2.1 Type the end IP range Address in field To:; 2.3 For address list click with right mouse button over address list field; 2.3.1 Select the menu item Add Address or Import from file to add address to list; 3 Type the username in Username field and domain of host in Domain field; 4 Choose attack method Wordlist with username; 5 Load the password list file clicking in button on right of the Wordlist field; 6 Choose the wordlist and click in button OK; 7 Click in start button and wait finish.

3.6 Auditing range list with Wordlist & Userlist

1 Choose single Range List in Target options or Address List; 2 Repeat the process above from steps 2.2 to 2.3; 3 Type the password in Password field and domain of host in Domain field; 4 Choose attack method Userlist with password; 5 Load the user list file clicking in button on right of the Userlist field; 6 Choose the wordlist and click in button OK; 7 Click in start button and wait finish.

Atrix Team NGT 2011- http://atrixteam.blogspot.com/

-6-

4 Contact/Support
Keep eye on http://atrixteam.blogspot.com/ for updates and applications for Penetration Test. Any bugs, suggestions please contact me at _sector_x@hackermail.com or rodrigomatuck@globo.com.

Atrix Team NGT 2011- http://atrixteam.blogspot.com/

-7-