Episode 423 — Securing Remote Desktop, Online Brute Forcing and Terminal Service Alternatives
Darren’s back in the kitchen with an illustrated scenario of online brute forcing every systems administrators beloved remote desktop. He whips up some home made chicken noodle soup and tosses on the ol’ white hat for a talk about countermeasures and security best practices. Then Matt brings you a full featured and aggressively priced alternative to Microsoft’s own Terminal Service. Do I hear cheap thin clients around the corner?
Download HD Download MP4 Download XviD Download WMV
Show Notes
Online Brute Force Countermeasures And Chicken Noodle Soup
Similar in function to SSH, Remote Desktop Protocol is one of the essential tools for administrating Microsoft Windows Servers. The natively encrypted services comes standard on Windows Server and even XP Pro and Vista. It is also serve as the example for a brief followup to my previous segment on Offline Brute Forcing.
In my scenario I demonstrate how the tool TSGrinder can be used to perform dictionary attacks against RDP services with character substitution (or leet) options. This attack simply demonstrates a few weeknesses in Windows.
First of all by default the Administrator account cannot be locked out remotely. This behavior can be changed using the Passprop utility from the Windows 2000 resource kit. This tool will also allow you to enforce strong passwords. It is also recommended that the administrator account be renamed. There are a few tools for this as well. Though more obscurity than security I recommend changing the RDP listen port. I strongly recommend reviewing Microsoft’s password best practices and considering passphrases. PasswordMeter.com is a nice site that will rate your password on complexity. Finally I recommend enabling extensive auditing. There are a number of third party security applications made specifically for auditing that offer alerting options on events such as online brute force attempts. One application in particular, 2X SecureRDP offers advanced filtering based on IP and Mac addresses for RDP connections. I’m particularly interesting in hearing your feedback on Windows extensive auditing software so please drop me a line, darrenAThak5.0rg!
And my final recommendation on securing RDP is to limit its exposure by keeping TCP 3389 (or whatever port you’ve changed it to) closed. A little SSH tunneling or VPNing can go a long way to keeping unncessary serices away from the wild wild web. I’ve laid the foundation for this in a segment on 1×07 and will follow up with a more robust VPN segment soon. If you’ve got ideas again drop me a line.
Terminal Service Alternatives
The website is located at http://www.xpunlimited.nl there is a large list of benefits at http://xpunlimited.nl/benefits.html
One of the really nice features is the ability to repurpose an old XP machine to use as a terminal server.
The setup couldn’t be easier, and is pretty much a standard application installer, customization is a very simple process from limiting application launches, to customizing the initial desktop, and even advanced functions which replicate the microsoft terminal services security settings.
Questions or alternatives?
David Moore
sweet episode as always. Darren hope you get to feeling better. everyone remember to drink lots of orange juice and take your vitamins. and i am definitely putting in a vote for the segment on the ssh tunneling. i think it would be something that alot of people could use. keep up all the good work everyone.
Lol @ snubs. Creepy little one eating celery and peanut butter.
With XPUnlimited, obviously, you need some OS that can RDC to the Terminal Server running XPU. Wouldn’t you then have to lock down that local PC? Or would you somehow have those local PC’s boot to the network, and bypass any such OS?
! Is Snubs pregnant ?… Celery with peanut butter !
Yes, I had the same thought!!!!
Has the evil server done his good dead!
http://bf2.hak5.wpengine.com
Link dead?
Why is all darrens stuff named AUDREY?
Haha, exactly the same as the last time Snubs was sitting up for the first part of the brute forcing segment. Spend almost as much time watching her and laughing at the cute/hilarious shes pulling off in the background.
As usual great show
@Jason, thin clients my friend. Maybe Matt can do a follow-up.
@Simon, news to me chap
@matt, sorry server is up but DNS isn’t pointed. I’ll get on that real soon.
@Fred, just a naming convention I’ve stuck with for desktops since I started building ’em. This latest build is named after Audrey Hepburn.
A segment on OpenVPN is just what the community needs. I’m using it right now. It’ll run on pratically anything (Openwrt, DD-WRT, linux, Windows, et al.) I’ve run it it on the Linksys wrt54gs, fonera router and I’m running it now at home on an old Dell C600 laptop.
@beakmyn: This is something that we’re actively developing for a segment, if you have any inside info or quirks that you’ve conquered shoot me an email to [email protected]
Thanks,
Matt
Really good episode and I’m liking Darren’s recorded segments. I like Snubs, she’s nice too look at, but we did an experiment years ago in school, where someone was up the front talking and someone behind him just wondering about. To prove that if there is a distraction in the background, people will watch and pay attention to that and not the person talking. Happens in this as I end up paying more attention to the gorgeous Snubs doing what she’s doing, than I do listening to Darren :o)
Great program – Hope the chicken soup worked. Usually only works for paranoid moms not the patients. Your idea of tunneling through SSH is a good idea. We have one program that is on a Windows 03 machine that people use remotely – love to hear a how-to on the SSH.
You can make XP run as a terminal server free: http://concurrentremotesessions.netfirms.com/
It is an old Hak, but it is against the EULA, so I wouldn’t use it in production.
Have a look at the Open Source options, XRDP, NoFX etc., cheaper/free and you can have a major beeky Linux server backend with all the OSS software you could want.
For locking down your thin clients you can just make a boot disk, hard drive less clients, the boot disk can be a live linux disk that autoruns rdesktop to your terminal server.
For RDP over ssh, use winsshd or http://www.freesshd.com easy to setup and use.
@Morgan Storey, excellent comment and great resources. Thanks!
Love the show, been following since shortly after the first episode. Kind of forgot about the show for awhile and now getting back into it. The cast is great and I don’t want to sound mean or anything like that and this is just my view, so take it or leave it. I’d like to see the show get back to more technical stuff. A great example is the spot Darren did where he interview Jacob Appelbaum at Toorcon on Coldboot attacks. Great stuff.
Don’t get me wrong, I think the gaming stuff and fun personality spots are cool and great and are a part of “nerd culture.” Just some of the technicalish content is pretty far on the very newbie or IT guy side. The show can go from giving good content on stuff to “Here’s your IT tip” or “Here’s some cool IT app to help you admin your servers, you busy IT guy you.” There’s not much coverage of programming topics (other than PHP occasionally) and I hear people on the show say “most of our audience probably uses Windows” or “if our audience is using Linux then they are probably using Ubuntu.” This is kind of a pretty low bar and not really what I’d call Hacker culture. Hacker culture has been about learning as many OSes, technologies, programming languages, etc as possible. I’d like to see that side of hacker culture get some coverage as well. Good luck. 🙂
@Hak5 people great episode
I think this is one of the best episodes done lately – controlled, precise and interesting. Not too deep in theory (show notes for the über geeks), but enough to keep you interested. Lately there has been (IMO) too many multi person segments where to steer off course a little too much, which makes me tend to zone it.
Suggestion for multi segments “Home Server setup with the HP Server Smart”. If you could use your setup as an example on how to do Home Server setup. I think a lot of us would like to welcome a server into our homes, but doesn’t know where to start. Server backups multiple client (Mac or Windows), Media Center solution with xbox 360 etc. some in depth etc. in the end all segments are valuable individually, but combined they offer the ultimate home server setup.
Bonus: You could nail the commercial-bit seamlessly into the segment 🙂
Oh yeah, and it would be great if Matt could do a short follow up naming a couple of thin clients, pros and cons.
Keep up the good show guys, I really appreciate it. Mad props, highfives, knuckepunches and all that.
Great episode Darren. I agree with everyone about this being the best ep done.
Just one con I have is in the first segment of this episode, in the background @Snubs is a bit of a distraction doing her quirky bits while you are talking. Don’t get me wrong @Snubs is some delicious eye candy and I am sure every hak5 fan would agree with me on her attractiveness but I hate the feeling of a turn on while trying to focus my attention on a dude talking in the foreground. Maybe there could be less distractions (just a teeny bit) in future episodes.
Keep up the awesome work guys! 🙂
The cooking scene seemed overdone in this episode. No pun intended :D. But seriously it seems like the show is growing into more of an entertainment show and somewhat is getting away from its hardcore “hak” side of things. I thought the content of the show was good, but some of the dialog was kind of lame.
but with all that said, I still cant wait to see more! glad your finally HD!
and its great to see that the episode comments are actually looked at, thx Darren.
hmm. where’s the chicken noodle recipe???
@Brent, sorry I should have posted these in the show notes.
* 1 Lbs skinless boneless chicken breast
* 4 cubes chucken bouillon
* 8 cups water
* 2 cups thin egg noodles
* 1 can cream of chicken soup
* 1 can chicken broth
* 1 cup Chopped carrots, cellery, mushroom
* Crushed garlic
* Boiling onions
Pop all the ingredients except for the noodles in a pot and simmer for 30 minutes. Cut chicken if desired, then boil noodles and serve.
Great episode and I love the new HD cameras.
XP Unlimited, is it really legal? I doubt it. It modifies how XP Pro is intended to run – 1 client at a time (not counting people accessing shares). I love it and I’ve used the concurrent XP sessions hack in the past at home. I’d love to get XP Unlimited for my office to replace Citrix (waste of $$$), but I’m just worried about the legality of it all. If I do end up getting it, users would use an SSL VPN to gain access then RDC.
The BSA will audit your job away. Try SSL-Explorer on sourceforge. it will do everything you need plus some. install guide — http://www.cylindric.net/blog/2008/03/07/ubuntu_sslexplorer. Enjoy
Thanks yummm soup.
The soup = goodness 🙂 I used three cups of noodles.
Where did you find xp unlimited for that low price?
just wondering you mentioned someting about a brute force attack from a usb stick to log into windows can you tell me how to do it.
thanks
Can’t belive I found other packet head geeks like myself. I thought I was the only one. No the faux poser geek types that think changing their iphone wallpaper is cool. I’ll be watching you on my Tivo.
Loving the shows but just had to point out..
XP Unlimited is a nice idea but no one in their right mind would use it in a business environment. Microsoft would crucify you if you were audited.
Also Small Business Server comes with 5 Windows server (well, SBS CALs) and NO TS CALs. It’s not a good idea to run TS in full blown application mode on an SBS box (although sadly, I have seen it done).
Otherwise, great 😉
Great ideas.
The 2X ApplicationServer is an add-on to terminal servers/ remote desktop servers and provides SSL Security, iPhone/iPad/Android clients, universal printing and scanning and many other features. Feel free to check them out at http://www.2x.com.
Spot on ?ith t?i? ?rite-up, I truly feel this website ne?ds
muc? more attention. I’ll probably bee returning tto re?d through more, thhanks f?r th? advice!
tadalafil dosage, generic viagra, tadalafil, buy cialis without a prescription. http://drugswithoutdoctorsprescription.com/ tadalafil
viagra 100mg viagra 100 mg tadalafil generic cialis
?????: http://bit.ly/terminator-genezis
http://images.vfl.ru/ii/1433462994/3cf691d6/8945114.jpg
?????????? ??????? ??????
canadian pharmacy priligy online
?????: http://bit.ly/terminator-genezis
http://images.vfl.ru/ii/1433258781/cc013010/8924612.jpg
?????????? ??????? terminator genisys ???????
viagra online prescription, cialis over the counter, chantix dosing, viagra 100mg. http://edpillsusa.com/ order viagra online without prescription
levitra 20mg levitra 20 mg cialis 20mg price tadalafil 20mg
online pharmacy no script no prescription online pharmacy online pharmacy
Only of the most remarkable for ED problem is generic viagra. It is skilled to afford squire a http://usagenericviagra.com buy generic viagra untiringly on for a swell of 24-36 hours. The generic viagra online no prescription shall be charmed with water ahead an hour or 45 minutes. It takes around 30 minutes or little more towards the reliable generic viagra to cause in action.
canadian pharmacy dapoxetine 60
[b]???????? ??????: http://bit.ly/razlom-san-andreas [/b]
[url=http://bit.ly/razlom-san-andreas][img]http://images.vfl.ru/ii/1434363723/35a2bb14/9036300.jpg[/img][/url]
?????? ??? ??????? ??
[b]?????: http://bit.ly/razlom-san-andreas [/b]
[url=http://bit.ly/razlom-san-andreas][img]http://images.vfl.ru/ii/1434363603/f7b1423c/9036280.png[/img][/url]
?????? ??? ??????? ?????? ??????????
generic viagra, [url=http://canadagenericusa.com/]buying generic viagra[/url]
cialis without doctor prescription buy cialis without a doctor prescription cialis without a doctor
sildenafil, viagra online no prescription needed, generic viagra, buy generic viagra usa. [url=http://buydrugsonline-med24.com]buy generic viagra online uk[/url]
sildenafil citrate viagra online
cialis cheap cialis tadalafil
cialis sans ordonnance, cialis 20mg, viagra without a doctor prescription, cialis without a doctor prescription. [url=http://www.ventecialisfr.com/]cialis generique[/url]
cialis without a doctor’s prescription cialis without a doctors prescription cialis without a doctor prescription
sildenafil generic viagra
online pharmacy canadian pharmacy canadian pharmacy free shipping canadian pharmacy
tadalafil buy cialis cheap cialis
I like what you guys are usually up too. This kind of clever work and exposure! Keep up the amazing works guys I’ve added you guys to my blogroll. kkffedgdccffdeed
Appreciate it for helping out, great information. edkefagdkacbgeed
Surely together with your thoughts here and that i adore your blog! Ive bookmarked it making sure that I can come back & read more inside the foreseeable future. kckgddkdcdcbddfd
cialis generic cialis cheap cialis cialis online
Most men submit to ephemeral periods of erectile difficulties or viagra with prescription that aren’t essentially something to be disturbed about. If the incapability to reach or care for an erection persists payment too many days or reciprocate a not many months, [url=http://viagrawithoutadoctorprescriptions.net]buy viagra without prescription[/url] serve should be infatuated for form care.
Most men endure temporal periods of erectile difficulties or generic viagra for sale that aren’t essentially something to be disturbed about. If the incapability to reach or maintain an erection persists for too numberless days or even a some months, [url=http://viagrasaleusa.com/]canadian viagra for sale[/url] alleviate should be taken into healthiness care.
discount viagra should be infatuated with water. It takes all over 30 to 45 minutes to show up into object [url=http://sildenafilsale.com/]viagra on sale[/url].
However, once a consumer gets routine to generic cialis canada, he may not look these side effects of [url=http://canadianpharmacycialis.net/]canadian pharmacy online cialis[/url].
no prescription online pharmacy online pharmacy no prescription
Welcome to pantoprazole
Outstanding post, you have pointed out some fantastic points, I as well think this is a very great website. dafadeadffadbcbd
cialis pas cher, cialis effet secondaire, buy viagra without prescription, tadalafil prescription. [url=http://www.ventecialisfr.com/]prix du cialis[/url]
erythromycin medication drug ddeedddbaccdecbb
I have to agree with your statement with this issue and ddfeeakcdedkgege
If you are going for best contents like myself, simply go to see this site all ecbdddfbcbebedag
canadian pharmacy priligy 60mg
Also visit my web lifeknot: free viagra samples before buying. Visit my yookos: [url=http://freetrialviagra.com/]viagra free trial[/url]
Very nice post. I certainly appreciate this website. cgaaddegeecakdee
I’m extremely impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the excellent quality writing, it is rare to see a great blog like this one nowadays.. cbedddaddeedabda
I’m trying to find sites that have already fantastic useful information on what’s popular and what is the optimum makeup products is.. ffdegdckbadgdekd
But any himself who is taking 24 hour pharmacy has to be [url=http://sildenafilonlinecanada.com]viagra in canada[/url] aroused. If you are not having importance towards over the counter viagra then there is no aim in using generic viagra canada as this will not be helpful. This is virile enhancement opiate that last wishes as help male in treating their online no prescription drugs disorders.
Feel free to surf to my Bebo: free sample of cialis.
All you need here viagra
Check the quality pantoprazole sodium
Definitely, what a fantastic website and informative posts, I definitely will bookmark your blog.All the Best! bgekefckegeaecee
Yeah bookmaking this wasn’t a risky conclusion outstanding post! fkbkckfbagfdcdee
Enjoyed examining this, very good stuff, thankyou . While thou livest keep a good tongue in thy head. by William Shakespeare. gcfdbebeeccfcfdb
cialis without a doctor’s prescription cialis without a doctor’s prescription cialis without a doctor’s prescription
cheap cialis viagra for sale australia cialis viagra 100 mg
The generic viagra when one pleases be the only one ready for two-plus years, unless there are other settlements or the try viagra free is contested successfully. This means that there wont be a lot of meet to dig the online viagra canada price down straight away it hits the supermarket [url=http://viagrafreetrialusa.com]free viagra online[/url].
Go to the website cialis
All you need here pantoprazole 40 mg
discount viagra knows this and therefore let cGMP enzyme. It helps the blood in succeeding promoting the viagra cheap ambit so that men can succeed to easy erections on stimulation. Deposition of buying viagra online without prescription nitric oxide in the blood is eminent as a service to allowing viagra 100mg price muscles to relax. Nitric oxide opens up cialis without a doctor prescription arteries so that blood can smoothly on in and spear feebleness can be overcome [url=http://viagrawithoutadoctorprescriptionusa.com]sildenafil no prescription[/url].
Respect, how can we be in contact?
Also visit my cobweb tumblr: viagra without a doctor prescription. My page – cialis canada no prescription. Here is my cobweb website: viagra 100mg. Feel accessible to attack my Advogato – [url=http://cialis-withoutadoctorsprescription.com]buying cialis without prescription[/url]