WINDOWS 7 - RDP - DoS - BLUE SCREEN
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgguQ3OU2eQk7VYC33VoxZLSSXn8Zb86GxWUIwD8othP08uHt77QFRQO0tNlXHhn2eoZSm0nwIjOTnke0rWoqlv139DifoKaBn_Ri2cYamnQayNJyax2DFdxtQkOgSk0JoUN2a6HRahvC9P/s1600/W7_LAYOUT.jpg)
- Remote
Desktop Protocol (RDP) is a Microsoft protocol which provides a
graphical interface for connecting to a computer through a network
connection. RDP accepts connections at port TCP 3389
- Operating
systems like Windows 7 offer three options for RDP, regarding
security: Control
Panel -> System and Security -> System -> Remote settings ->
System Properties -> Remote:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsl-jX_h-JoSg9buajqWMZxh7ChxTZh1vOvafW8QaOSd_SJ9I_D4n-mDtSWdO3WlAtghPpkkMEhSo-jpyhofv-59qR5OSUvZ8gaUieRVodBFMgEUCHjKa2eO0EN1tLCRJBT5SSe8NUTaFa/s1600/screenshot.1.jpg)
- An
attacker can detect that the RDP 3389/tcp port is open at the
victim's computer:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwVmAzHpNL16WF7RKzyMyqwGz4wMl61pyy6g1JGHB6qzNXHlzrTu75BRJrN1ekxejgTCukB2QUQ4G_fu90-qRJRCcNJeKBkq4jcgXhYGo9EsxjemHUB19yD-o0xmtU5PJ3JLyMGcEE-fxe/s1600/screenshot.1.jpg)
- The less secure option allows any type of RDP connections, which is a vulnerability that can be taken advantage by exploiting it with the appropriate Metasploit module:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwVICRE-7RBg2uiufDQ1x0k1T1fwg4EzXmnZYIJYGsAaf_vN57Dn_lvmTsyiZ0_SgWVj1w8hekYOaOrwnmcp5sAXe7CFVnGEfZQQwPFcIWf6H5Z1hX5gs1GouUcSrc8Hw4SKHq_BQmAbCW/s1600/screenshot.2.jpg)
- Required
options for this module are simple, just the victim's IP and the RDP
port (3389):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7XmKHUUXAyZ4m0mK67qxpX-sWRAvGJoxbxPqbTKnzu3Cy2P1cDBxC-yr6xgJOafCq53VBbcf25Z80KUvm_R1FkOt2aEelFj7kXw5aOhPS-oSWdxmkkQfFN1pkuG9RgtsMVkgXTPqXd8ej/s1600/screenshot.3.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJTNojtLEZngP6CmT-1TVGIkpLZpos0Q5pJXgi3qOiaks5Lnb_F-3pxUr9S-StQP6-oJax-cxu6RjyNbZL9ooT-sTjqTUgqUDYTU3ZMxet-8cfch2ZbFLpWb9cTshwS-QG_yy0pJxzOwD9/s1600/screenshot.4.jpg)
- Running
this module some crafted packets are sent to the victim:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGHuzhCoswaQOXQlp21SwxjtKHAEOgqaUg1igyYe9maSdOPB30q28PZxyJK3xjJgIUyIXopoI6AYzc2rWt1bR_gTF14GvmiZ4lHLuVhrBav7xUldU3POVhUFmtVJdmN89453SruOzhWEm-/s1600/screenshot.8.jpg)
- As a
consequence a Denial Of Service attack results in a Blue Screen at
the target machine:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK2SBnZSEK3mh7Liylb9ev3b17_en0giD0_HRHz1WFDQMtXZGzFx1vqpUz04smU8Xamyk5mCcZlvmMYVxNDoLotKYaId220AiGUOccF08YisiTVTA4NioBxgqOtdwKVZppLa2HwXYhER2p/s1600/screenshot.5.jpg)
- To avoid this DoS attack, the RDP service should be disabled by default:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi26ZvWfALdlihnSe8sd-rhjt2g_jBr2poa2xQ1e84MxSDYuX9UhXbtzz-WTulYV0nJyWrV7UO7Y-y5VWQe1v3usWvWH8Cbi-C5jQyYINxu8avO_Uy84v-UUaSNG0XZprjyRCJQbKx9zbbb/s400/screenshot.10.jpg)
- Also,
the secure option with Network Level Authentication could be
considered:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqCUP-DBrYxUTzsl_G5Pri6BoJiovG4IxiR0RS1nIgntnZOxvwRpSbxAldGpJhRPDgs5Du0U_XZ6xxv4jKV-uvkmiZWdkH0qn5iuruQsPUBN8jbAo54L2zFQp6evNKNiwK9p1FqTwvXByH/s1600/screenshot.9.jpg)