Friday, June 10, 2016

METASPLOIT - Windows 7 - Remote Desktop Protocol: Denial Of Service / Blue Screen


- Layout for this exercise:

- Remote Desktop Protocol (RDP) is a Microsoft protocol which provides a graphical interface for connecting to a computer through a network connection. RDP accepts connections at port TCP 3389

- Operating systems like Windows 7 offer three options for RDP, regarding security: Control Panel -> System and Security -> System -> Remote settings -> System Properties -> Remote:

- An attacker can detect that the RDP 3389/tcp port is open at the victim's computer:

- The less secure option allows any type of RDP connections, which is a vulnerability that can be taken advantage by exploiting it with the appropriate Metasploit module:

- Required options for this module are simple, just the victim's IP and the RDP port (3389):

- Running this module some crafted packets are sent to the victim:

- As a consequence a Denial Of Service attack results in a Blue Screen at the target machine:

- To avoid this DoS attack, the RDP service should be disabled by default:

- Also, the secure option with Network Level Authentication could be considered: