False positives checking the system with valid credentials if user is not in RDP Users list.

nikallass commented 5 years ago

Steps to reproduce:

0) Create user test with password 123.

1) Add user test to Remote Desktop User list:

3) Run BKscan ./bkscan.sh -t 10.0.2.15 -u test -p 123 --debug. Bunch of MST120 was sended and we get true positive:

4) Remove user test from Remote Desktop User list:

5) Run BKscan ./bkscan.sh -t 10.0.2.15 -u test -p 123 --debug. NLA passes but we get false positive because RDP is restricted for this user and MST120 packets are not sended:

Notice: Server said: ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES (0x00000009):The user cannot connect to the server due to insufficient access privileges. but BKscan wrote: [!] Target is VULNERABLE!!!

nikallass commented 5 years ago

I fixed it in https://github.com/nccgroup/BKScan/pull/1/commits/cc2b9983e07796ad7ba9311a19b6ceda192cd633

saidelike commented 5 years ago

Thanks nikallass for your issue request. I also fixed it in parallel in 55bbb552a571ae287350d5d2e2deefe5f8bae5a7. If it happens to not work, let me know.

nccgroup / BKScan

False positives checking the system with valid credentials if user is not in RDP Users list. #2

Steps to reproduce: