We're currently writing a tool aimed at checking the validity of credentials over various applications (http, ssh, smb, rdp). No problem for the 3 former. But for RDP, I couldn't find a single way of doing this easily.
The tool is embedded within a web app hosted on a linux box, therefore there is no X Server available.
The only tool I have successfully used to validate RDP credentials from the command line is THC-Hydra, by supplying a single username and password, it works correctly for older versions of RDP servers, of for those where the Network Level Authentication has been lowered.
However, THC-Hydra seems to hang when checking RDP credentials for newest versions of Windows, or where Network Level Authentication has been hardened.
Medusa with a patched version of the rdesktop client fails as well. (some servers require CredSSP, SSL, ...)
There's also nmap's ncrack, but for some reason I only get "READ" timeouts.
EDIT: I got Ncrack to work, however it fails - at least on Windows 2008 R2 (doesn't find credentials even when providing the correct ones).
Any clues to help me?
Cheers
Actually I found a reliable way to do that. It's always when you stop looking for something that you find it :)
Using the super awesome remote desktop client FreeRDP and the "+auth-only" switch. The exit status is 0 when authentication succeeds, 1 otherwise. There also are the error message that you can grep for.
Failed auth:
jrm@deb-jrm:~$ static/xfreerdp /v:10.0.0.1 /cert-ignore /u:MyUser /MyDomain /p:WRONGPASS +auth-only
Authentication only. Don't connect to X.
credssp_recv() error: -1
freerdp_set_last_error 0x20009
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
Error: protocol security negotiation or connection failure
Authentication only, exit status 1
Authentication only, exit status 1
Valid auth:
jrm@deb-jrm:~$ static/xfreerdp /v:10.0.0.1 /cert-ignore /u:MyUser /MyDomain /p:GOODPASS +auth-only
Authentication only. Don't connect to X.
Authentication only, exit status 0
Authentication only, exit status 0