command-linerdphydra

Remote Desktop / RDP credentials check from command line (no GUI)


We're currently writing a tool aimed at checking the validity of credentials over various applications (http, ssh, smb, rdp). No problem for the 3 former. But for RDP, I couldn't find a single way of doing this easily.

The tool is embedded within a web app hosted on a linux box, therefore there is no X Server available.

The only tool I have successfully used to validate RDP credentials from the command line is THC-Hydra, by supplying a single username and password, it works correctly for older versions of RDP servers, of for those where the Network Level Authentication has been lowered.

However, THC-Hydra seems to hang when checking RDP credentials for newest versions of Windows, or where Network Level Authentication has been hardened.

Medusa with a patched version of the rdesktop client fails as well. (some servers require CredSSP, SSL, ...)

There's also nmap's ncrack, but for some reason I only get "READ" timeouts.

EDIT: I got Ncrack to work, however it fails - at least on Windows 2008 R2 (doesn't find credentials even when providing the correct ones).

Any clues to help me?

Cheers


Solution

  • Actually I found a reliable way to do that. It's always when you stop looking for something that you find it :)

    Using the super awesome remote desktop client FreeRDP and the "+auth-only" switch. The exit status is 0 when authentication succeeds, 1 otherwise. There also are the error message that you can grep for.

    Failed auth:

    jrm@deb-jrm:~$ static/xfreerdp /v:10.0.0.1 /cert-ignore /u:MyUser /MyDomain /p:WRONGPASS +auth-only
    Authentication only. Don't connect to X.
    credssp_recv() error: -1
    freerdp_set_last_error 0x20009
    Authentication failure, check credentials.
    If credentials are valid, the NTLMSSP implementation may be to blame.
    Error: protocol security negotiation or connection failure
    Authentication only, exit status 1
    Authentication only, exit status 1
    

    Valid auth:

    jrm@deb-jrm:~$ static/xfreerdp /v:10.0.0.1 /cert-ignore /u:MyUser /MyDomain /p:GOODPASS +auth-only
    Authentication only. Don't connect to X.
    Authentication only, exit status 0
    Authentication only, exit status 0