search

galkan / crowbar

Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
MIT License
1.39k stars 316 forks source link

No results found, what's the problem? #23

Open wiferok opened 8 years ago

wiferok commented 8 years ago

Here is a problem, crowbar does not show that login was ok when i do test with the freerdp 

xfreerdp /v:109.105.50.59 /port:3389 /u:Stana /p:stana /cert-ignore +auth-only
[16:37:45:116] [25027:25028] [INFO][com.freerdp.client.x11] - Authentication only. Don't connect to X.
[16:37:46:891] [25027:25028] [ERROR][com.freerdp.core] - Authentication only, exit status 0
[16:37:46:891] [25027:25028] [ERROR][com.freerdp.client.x11] - Authentication only, exit status 0

And the crowbar shows

./crowbar.py -b rdp -s 109.105.50.59/32 -u Stana -c stana -vv
2016-05-06 16:31:47 START
2016-05-06 16:31:47 Crowbar v0.3.5-dev
2016-05-06 16:31:47 Brute Force Type: rdp
2016-05-06 16:31:47      Output File: /home/wiff/crowbar/crowbar.out
2016-05-06 16:31:47         Log File: /home/wiff/crowbar/crowbar.log
2016-05-06 16:31:47    Discover Mode: False
2016-05-06 16:31:47     Verbose Mode: 2
2016-05-06 16:31:47       Debug Mode: False
2016-05-06 16:31:47 Trying 109.105.51.59:3389
2016-05-06 16:31:47 CMD: /usr/bin/xfreerdp /v:109.105.50.59 /port:3389 /u:Stana /p:stana /cert-ignore +auth-only
2016-05-06 16:31:47 LOG-RDP: 109.105.50.59:3389 - Stana:stana
2016-05-06 16:31:47 STOP
2016-05-06 16:31:47 No results found...

I liked your tool, it's cool. Sorry for my english

Sidicer commented 2 years ago

librdp package needs an active GUI instance to establish and confirm the connection. If you're running head-less or SSH'ing into a VM/Machine - GUI is not active and it fails.