Darren’s back in the kitchen with an illustrated scenario of online brute forcing every systems administrators beloved remote desktop. He whips up some home made chicken noodle soup and tosses on the ol’ white hat for a talk about countermeasures and security best practices. Then Matt brings you a full featured and aggressively priced alternative to Microsoft’s own Terminal Service. Do I hear cheap thin clients around the corner?

Download HD Download MP4 Download XviD Download WMV


Show Notes

Online Brute Force Countermeasures And Chicken Noodle Soup

Similar in function to SSH, Remote Desktop Protocol is one of the essential tools for administrating Microsoft Windows Servers. The natively encrypted services comes standard on Windows Server and even XP Pro and Vista. It is also serve as the example for a brief followup to my previous segment on Offline Brute Forcing.

In my scenario I demonstrate how the tool TSGrinder can be used to perform dictionary attacks against RDP services with character substitution (or leet) options. This attack simply demonstrates a few weeknesses in Windows.

First of all by default the Administrator account cannot be locked out remotely. This behavior can be changed using the Passprop utility from the Windows 2000 resource kit. This tool will also allow you to enforce strong passwords. It is also recommended that the administrator account be renamed. There are a few tools for this as well. Though more obscurity than security I recommend changing the RDP listen port. I strongly recommend reviewing Microsoft’s password best practices and considering passphrases. PasswordMeter.com is a nice site that will rate your password on complexity. Finally I recommend enabling extensive auditing. There are a number of third party security applications made specifically for auditing that offer alerting options on events such as online brute force attempts. One application in particular, 2X SecureRDP offers advanced filtering based on IP and Mac addresses for RDP connections. I’m particularly interesting in hearing your feedback on Windows extensive auditing software so please drop me a line, darrenAThak5.0rg!

And my final recommendation on securing RDP is to limit its exposure by keeping TCP 3389 (or whatever port you’ve changed it to) closed. A little SSH tunneling or VPNing can go a long way to keeping unncessary serices away from the wild wild web. I’ve laid the foundation for this in a segment on 1×07 and will follow up with a more robust VPN segment soon. If you’ve got ideas again drop me a line.

Darren Kitchen

Terminal Service Alternatives

The website is located at http://www.xpunlimited.nl there is a large list of benefits at http://xpunlimited.nl/benefits.html

One of the really nice features is the ability to repurpose an old XP machine to use as a terminal server.

The setup couldn’t be easier, and is pretty much a standard application installer, customization is a very simple process from limiting application launches, to customizing the initial desktop, and even advanced functions which replicate the microsoft terminal services security settings.

Questions or alternatives?

Matt Lestock

Leave a Reply

Your email address will not be published. Required fields are marked *



  • street 6 years ago

    sweet episode as always. Darren hope you get to feeling better. everyone remember to drink lots of orange juice and take your vitamins. and i am definitely putting in a vote for the segment on the ssh tunneling. i think it would be something that alot of people could use. keep up all the good work everyone.

  • Lazyshot 6 years ago

    Lol @ snubs. Creepy little one eating celery and peanut butter.

  • Jason 6 years ago

    With XPUnlimited, obviously, you need some OS that can RDC to the Terminal Server running XPU. Wouldn’t you then have to lock down that local PC? Or would you somehow have those local PC’s boot to the network, and bypass any such OS?

  • Simon 6 years ago

    ! Is Snubs pregnant ?… Celery with peanut butter !

  • Yes, I had the same thought!!!!
    Has the evil server done his good dead!

  • Why is all darrens stuff named AUDREY?

  • Plunks 6 years ago

    Haha, exactly the same as the last time Snubs was sitting up for the first part of the brute forcing segment. Spend almost as much time watching her and laughing at the cute/hilarious shes pulling off in the background.

    As usual great show

  • @Jason, thin clients my friend. Maybe Matt can do a follow-up.
    @Simon, news to me chap
    @matt, sorry server is up but DNS isn’t pointed. I’ll get on that real soon.
    @Fred, just a naming convention I’ve stuck with for desktops since I started building ’em. This latest build is named after Audrey Hepburn.

  • beakmyn 6 years ago

    A segment on OpenVPN is just what the community needs. I’m using it right now. It’ll run on pratically anything (Openwrt, DD-WRT, linux, Windows, et al.) I’ve run it it on the Linksys wrt54gs, fonera router and I’m running it now at home on an old Dell C600 laptop.

  • @beakmyn: This is something that we’re actively developing for a segment, if you have any inside info or quirks that you’ve conquered shoot me an email to matt@hak5.org


  • Joey Pesci 6 years ago

    Really good episode and I’m liking Darren’s recorded segments. I like Snubs, she’s nice too look at, but we did an experiment years ago in school, where someone was up the front talking and someone behind him just wondering about. To prove that if there is a distraction in the background, people will watch and pay attention to that and not the person talking. Happens in this as I end up paying more attention to the gorgeous Snubs doing what she’s doing, than I do listening to Darren :o)

  • Al Dunbar 6 years ago

    Great program – Hope the chicken soup worked. Usually only works for paranoid moms not the patients. Your idea of tunneling through SSH is a good idea. We have one program that is on a Windows 03 machine that people use remotely – love to hear a how-to on the SSH.

  • You can make XP run as a terminal server free: http://concurrentremotesessions.netfirms.com/
    It is an old Hak, but it is against the EULA, so I wouldn’t use it in production.
    Have a look at the Open Source options, XRDP, NoFX etc., cheaper/free and you can have a major beeky Linux server backend with all the OSS software you could want.
    For locking down your thin clients you can just make a boot disk, hard drive less clients, the boot disk can be a live linux disk that autoruns rdesktop to your terminal server.
    For RDP over ssh, use winsshd or http://www.freesshd.com easy to setup and use.

  • @Morgan Storey, excellent comment and great resources. Thanks!

  • Love the show, been following since shortly after the first episode. Kind of forgot about the show for awhile and now getting back into it. The cast is great and I don’t want to sound mean or anything like that and this is just my view, so take it or leave it. I’d like to see the show get back to more technical stuff. A great example is the spot Darren did where he interview Jacob Appelbaum at Toorcon on Coldboot attacks. Great stuff.

    Don’t get me wrong, I think the gaming stuff and fun personality spots are cool and great and are a part of “nerd culture.” Just some of the technicalish content is pretty far on the very newbie or IT guy side. The show can go from giving good content on stuff to “Here’s your IT tip” or “Here’s some cool IT app to help you admin your servers, you busy IT guy you.” There’s not much coverage of programming topics (other than PHP occasionally) and I hear people on the show say “most of our audience probably uses Windows” or “if our audience is using Linux then they are probably using Ubuntu.” This is kind of a pretty low bar and not really what I’d call Hacker culture. Hacker culture has been about learning as many OSes, technologies, programming languages, etc as possible. I’d like to see that side of hacker culture get some coverage as well. Good luck. :)

  • @Hak5 people great episode

  • I think this is one of the best episodes done lately – controlled, precise and interesting. Not too deep in theory (show notes for the über geeks), but enough to keep you interested. Lately there has been (IMO) too many multi person segments where to steer off course a little too much, which makes me tend to zone it.
    Suggestion for multi segments “Home Server setup with the HP Server Smart”. If you could use your setup as an example on how to do Home Server setup. I think a lot of us would like to welcome a server into our homes, but doesn’t know where to start. Server backups multiple client (Mac or Windows), Media Center solution with xbox 360 etc. some in depth etc. in the end all segments are valuable individually, but combined they offer the ultimate home server setup.
    Bonus: You could nail the commercial-bit seamlessly into the segment :-)

    Oh yeah, and it would be great if Matt could do a short follow up naming a couple of thin clients, pros and cons.

    Keep up the good show guys, I really appreciate it. Mad props, highfives, knuckepunches and all that.

  • T3CHYCHR15 6 years ago

    Great episode Darren. I agree with everyone about this being the best ep done.

    Just one con I have is in the first segment of this episode, in the background @Snubs is a bit of a distraction doing her quirky bits while you are talking. Don’t get me wrong @Snubs is some delicious eye candy and I am sure every hak5 fan would agree with me on her attractiveness but I hate the feeling of a turn on while trying to focus my attention on a dude talking in the foreground. Maybe there could be less distractions (just a teeny bit) in future episodes.

    Keep up the awesome work guys! :-)

  • The cooking scene seemed overdone in this episode. No pun intended :D. But seriously it seems like the show is growing into more of an entertainment show and somewhat is getting away from its hardcore “hak” side of things. I thought the content of the show was good, but some of the dialog was kind of lame.

    but with all that said, I still cant wait to see more! glad your finally HD!

    and its great to see that the episode comments are actually looked at, thx Darren.

  • hmm. where’s the chicken noodle recipe???

  • @Brent, sorry I should have posted these in the show notes.

    * 1 Lbs skinless boneless chicken breast
    * 4 cubes chucken bouillon
    * 8 cups water
    * 2 cups thin egg noodles
    * 1 can cream of chicken soup
    * 1 can chicken broth
    * 1 cup Chopped carrots, cellery, mushroom
    * Crushed garlic
    * Boiling onions

    Pop all the ingredients except for the noodles in a pot and simmer for 30 minutes. Cut chicken if desired, then boil noodles and serve.

  • Great episode and I love the new HD cameras.

    XP Unlimited, is it really legal? I doubt it. It modifies how XP Pro is intended to run – 1 client at a time (not counting people accessing shares). I love it and I’ve used the concurrent XP sessions hack in the past at home. I’d love to get XP Unlimited for my office to replace Citrix (waste of $$$), but I’m just worried about the legality of it all. If I do end up getting it, users would use an SSL VPN to gain access then RDC.

  • Daniel 6 years ago

    The BSA will audit your job away. Try SSL-Explorer on sourceforge. it will do everything you need plus some. install guide — http://www.cylindric.net/blog/2008/03/07/ubuntu_sslexplorer. Enjoy

  • Thanks yummm soup.

  • The soup = goodness :) I used three cups of noodles.

  • Where did you find xp unlimited for that low price?

  • Da_MaNwHiCh 6 years ago

    just wondering you mentioned someting about a brute force attack from a usb stick to log into windows can you tell me how to do it.


  • TooMuchBeer 6 years ago

    Can’t belive I found other packet head geeks like myself. I thought I was the only one. No the faux poser geek types that think changing their iphone wallpaper is cool. I’ll be watching you on my Tivo.

  • Rob Walker 6 years ago

    Loving the shows but just had to point out..

    XP Unlimited is a nice idea but no one in their right mind would use it in a business environment. Microsoft would crucify you if you were audited.

    Also Small Business Server comes with 5 Windows server (well, SBS CALs) and NO TS CALs. It’s not a good idea to run TS in full blown application mode on an SBS box (although sadly, I have seen it done).

    Otherwise, great 😉

  • Great ideas.

  • The 2X ApplicationServer is an add-on to terminal servers/ remote desktop servers and provides SSL Security, iPhone/iPad/Android clients, universal printing and scanning and many other features. Feel free to check them out at http://www.2x.com.

  • Spot on ?ith t?i? ?rite-up, I truly feel this website ne?ds
    muc? more attention. I’ll probably bee returning tto re?d through more, thhanks f?r th? advice!