Open quahac opened 4 months ago
Hello,
particularly when the hosts have no RDP protocol enabled
maybe we just need to add a timeout to the rdp protocol instead. Using a subprocess to open hydra is very shady code especially if we can fix the original issue (long timeout if no rdp)
Hi, It sounds like the suggestion to add a timeout to the RDP protocol instead of using a subprocess to open Hydra might indeed be a better approach, this could potentially address the original issue of long timeouts.
I will make my code available to users who may find this method useful as an alternative, without switching to RDP protocol. Thank you for your prompt response!
@quahac Hey, this is an issue, not a PR, so you'd have to create a PR and link it here; however, we're very tentative about adding any feature/module that requires another tool. I'm not really sure I understand the point of calling Hydra from NetExec anyway.
Also, we have the rdp
module: https://github.com/Pennyw0rth/NetExec/blob/main/nxc/modules/rdp.py - why not just add a check function to that?
Hey @Marshall-Hallenbeck, @mpgn suggested a fix for the timeout as issue. It's important sometimes to check if an account has RDP access, without switching to RDP protocol. The Hydra > NetExec solution was the quickest and easiest method I've used this for long time. The pull request was about adding this functionality, if this can done without relying on Hydra use this as solution example. Thats it!
Description
This pull request introduces a new module for verifying RDP login credentials within NetExec (and CrackMapExec). The module enables the validation of RDP login credentials against SMB hosts and requires Hydra for password checking. I've developed this module and hosted it on my GitHub page. Given its functionality and relevance I believe it would be a valuable addition to NetExec modules
Code https://github.com/quahac/CME-Module-RDP-login-checker/blob/main/rdplogin.py
Why? Hydra is recognized for its superior speed compared to RDP protocol implementations in NetExec, particularly when the hosts have no RDP protocol enabled. This module offers a faster alternative for checking the feasibility of RDP login with the provided account on SMB hosts.
Info https://github.com/quahac/CME-Module-RDP-login-checker