Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

Terminal Services Brute Force Tools

Terminal services though considered safe are susceptible to brute force attacks. Personally, i have been using TSGrinder to brute force my way into the server. Until recently I found that Ncrack can pretty much do the same thing.

TSGringer is a “dictionary” based attack tool, but it does have some interesting features like “l337″ conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a
username/password combination within a particular connection.

tsgrinder.exe -w dictionary-file -l leet -d workgroup -u administrator -b -n 2 <IP_Address>

You can watch TSGrinder in action here:

The tool is available for download here:

The tool also requires the Microsoft Simulated Terminal Server Client tool, “roboclient,” which may be found here:

Similar to TSGrinder, Ncrack can be used to crack the Remote Desktop Protocol on all Windows versions from XP and above, with the introduction of the RDP module. Keep in mind that against XP machine you can only have one connection at a time so you'll have to set your Connection Limit value to 1 (CL=1).

ncrack -vv -d7 CL=10 --user administrator

You can use the -U option for passing a username file and -P for password file. Otherwise, ncrack will use the default password file.


Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!