Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RDP brute force failed with correct password #921

Closed
wgf4242 opened this issue Jan 4, 2024 · 3 comments
Closed

RDP brute force failed with correct password #921

wgf4242 opened this issue Jan 4, 2024 · 3 comments
Labels
bug help wanted

Comments

@wgf4242
Copy link

wgf4242 commented Jan 4, 2024

Describe the bug
Attempting an RDP brute force with correct user and password, but not found any valid password.

To Reproduce
hydra -vV -l test -p test -S rdp://192.168.127.130 -t 1

Desktop (please complete the following information):

  • OS: kali 2023.3
  • hydra version 9.5

Additional context

$ hydra -vV -l test -p test -S rdp://192.168.127.130 -t 1
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-01-03 18:54:07
[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.
[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking rdps://192.168.127.130:3389/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[ATTEMPT] target 192.168.127.130 - login "test" - pass "test" - 1 of 1 [child 0] (0/0)
[STATUS] attack finished for 192.168.127.130 (waiting for children to complete tests)
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-01-03 18:54:07

192.168.127.130 OS:

  • Windows 7 x64 SP1

I can login with test/test using remote desktop.
@dmclazaro01
Copy link

I'm having the same problem with v9.6dev. RDP bruteforce matches passwords that are not valid. It's strange because I think that always find correctly the wordlist that has the password (I use a list of wordlists) but at the moment of choose the password always choose one that is wrong (and always before to try with the correct password).

The correct password is "root" and the tool thinks that is "letmein". I removed letmein from the wordlist and tried again and choose another wrong password
image
Captura de pantalla 2024-01-11 141817

@vanhauser-thc
Copy link
Owner

follow up in #923

@vikramre1989
Copy link

FastRDP is a tool for brute force attacks on the Remote Desktop Protocol (RDP) on the Windows operating system, which allows users to remotely connect to computers and servers. This tool is written in C# programming language. Also, this tool has a Multi-threading feature that increases the efficiency and speed of testing simultaneous compounds.
I tested this tool, and it works great! I’ll put the link to this tool below.
FastRDP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wgf4242 @vanhauser-thc @dmclazaro01 @vikramre1989