WINDOWS 7 - REMOTE DESKTOP PROTOCOL - WEAK PASSWORDS
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9okWE4RiAm0XrTeyZV_lt4aty-uG68Nz3TdfthVgeuUJmATbYAY41z5sO4v2GBe3nolKZydmRxvLjAlxOct38Qx9xJSlKHfmIsoapMxqQSibnMAwNnuaAlo8LDcS0y80fsOSDjaqHqyIG/s1600/W7_LAYOUT.jpg)
- Under similar circumstances than the previous example, the victim Windows 7 allows remote connections at the RDP port TCP 3389, with the less secure option:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZinTLZ2jqx3GA371Tyc2YVJ1u_kfGN5FfSLyJlc1lmzwsnnzAk32nMC58a0ZVS-4vXbQ0eOPnpaxN0CZkonE-KCMVdUP-F28bvwn0H9BW3hfK522h-HCNur-q736btpW4Gyy2gs1Dh_3C/s1600/screenshot.0.jpg)
- The
attacker scans the victim and detects that RDP port 3389 is open
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWpcxXCboHIhztwJ06RUqTB6dY5k2dl5whei1tZ7jc_-rjmc6x17BdxF8y4Gosl1_CCx1urysytn-R_cYtP0CbTr3IMCckBxLdO02J3eLuS8_Nd-CnwcyY-GINtiFZnQcC5uiwmUermi6y/s1600/screenshot.1.jpg)
- For the
purpose of simplicity, let's create a couple of easy wordlists:
UserList and PasswordList.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLldKvTpI2qPm3GwoO26ezEa8E05cYXE-Ycu1MidjvNvteZf3tEljG-FyRT0llcdv0rpWgkfJiUyvuhjGKUiC692HmINGqaOOcoDHrPJ_jN2RuFEUZ1w_aQAR9YWVeFtPXKPB29v9pUczz/s1600/screenshot.2.jpg)
- With the help of both wordlists, ncrack discovers the credentials attacking the RDP port ,open on victim 192.168.1.14:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmfQmR8-QdX5Ik2jyqUOND6mpOLTvu8x0c8WqBsotVUZ6QfJzzNBpMXp8HAAML4hOXMAgiuaFFcVMrU1MPCaSQTUeijI0DIxe91U8n27-i2T4KDqBjLcQX4qB2j2do-IdDBMd9RhDvjg-T/s1600/screenshot.4.jpg)