Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
The Remote Desktop Protocol (RDP) is used by system administrators everyday to log onto remote Windows machines. Perhaps most commonly, it is used to perform administrative tasks on critical servers such as the domain controller with highly privileged accounts, whose credentials are transmitted via RDP. It is thus vital to use a secure RDP configuration. | IT SECURITY KNOW-HOW Adrian Vollmer ATTACKING RDP How to Eavesdrop on Poorly Secured RDP Connections March 2017 © SySS GmbH, March 2017 Wohlboldstraße 8, 72072 Tübingen, Germany +49 (0)7071 - 40 78 56-0 info@syss.de www.syss.de Vollmer | Attacking RDP 1 Introduction The Remote Desktop Protocol (RDP) is used by system administrators everyday to log onto remote Windows machines. Perhaps most commonly, it is used to perform administrative tasks on critical servers such as the domain controller with highly privileged accounts, whose credentials are transmitted via RDP. It is thus vital to use a secure RDP configuration. We at SySS regularly observe that due to misconfigurations, system administrators in an Active Directory environment are routinely presented with (and ignore) certificate warnings like this: Figure 1: An SSL certificate warning If warnings like these are a common occurrence in your environment, you will not be able to recognize a real man-in-the-middle (MitM) attack. This article was written to raise awareness of how important it is to take certificate warnings seriously and how to securely configure your Windows landscape. The intended audience is system administrators, penetration testers and security enthusiasts. While not necessary, it is recommended that you have a firm understanding of the following subjects: – – – – Public key cryptography as well as symmetric cryptography (RSA and RC4) SSL x509 certificates TCP 2 Vollmer | Attacking RDP – Python – Hexadecimal numbers and binary code We will demonstrate how a MitM can sniff your credentials if you aren’t careful. None of this is particularly new – it even has been done before, for example by Cain [2]. However, Cain is rather old, closed source and only available for Windows. We want to analyze all the gory details and relevant inner workings of RDP and simulate a real attack on it as closely as possible. It should go without saying that the findings in this article must not be used to gain .