Live Ddos View

Live DDoS Attack Map | Apakau

Live DDoS Attack Map

This map is the fruit of collaboration between Google Ideas and Arbor Networks in an effort to raise awareness about distributed denial of service attacks in the world everyday.

Exploring the Data

The Digital Attack Map displays global DDoS activity on any given day. Attacks are displayed as dotted lines, scaled to size, and placed according to the source and destination countries of the attack traffic when known. Some features include:

  • Use the histogram at the bottom of the map to explore historical data.
  • Select a country to view DDoS activity to or from that country.
  • Use the color option to view attacks by class, duration, or source/destination port.
  • Use the news section to find online reports of attack activity from a specified time.
  • View the gallery to explore some examples of days with notable DDoS attacks.

Sign Up

Tuesday, January 27, 2015

Brute forcing RDP in Linux with Rdesktop

You'll also need a window manager, as far as I am aware there is no way to run this from console.
I'll say right off the bat that this method currently is more limited than your options for brute force attacks with Windows. To better explain, in windows you can run two threads with tscrack as well as suppress log messages on the remote host. You should hopefully see some info from me on that in the near future.
Download and install the application and patch using the newest version of foofus's rdp brute force patch, r805.
mkdir rdesktop
tar -xvzf rdesktop-1.5.0.tar.gz
cd cd rdesktop-1.5.0
patch -p1 -i ../rdp-brute-force-r805.diff
./configure
make
sudo make install
At this point you should have rdesktop modified and installed.
Herés the output of rdesktop with no flags.


A quick note on -d, if you fire off a standard session to a machine this info is generally populated with local machine and domain names. Simply populate the info in command once you have connected the first time.
Using -g to set the lowest possible resolution will help for slow links and with CPU load on older machines running the attack. Something important to note is many systems will not allow lower than 640x480, or it simply doesn't work well with the patch, it will report unknown errors in console.
Additionally -a at the lowest possible color depth will also help.
The -z flag hasn't given me much improvement over the current settings im listing below.
I honestly cant think of any reason you would use -f, unless you were local and had nothing better to do with you computer while the attack is running.
This is what I recommend,
rdesktop -g 640x480 -a 8 -u [user] -p [file] -d [domain] [Target IP]
The target :


And here's that targets password freshly cracked.


Something else you'll likely encounter is account lockout due to multiple authentication attempts. Here's a screen shot from event viewer on the target.


This is what you will see on your host if this happens



Here's the inherent problem, you have to either constantly eyeball your attack for failure. Per most Microsoft Documentation, the Administrator account is usually never locked out.
I've found that even on base installs of 2003 server, you will get locked out. I experienced this behavior with XP clients also. To finish this section of the tut I just used a tiny list with the known password for demonstration of a successful attack.
rdesktop as far as I can tell currently offers no method to work around this situation. This is why I would advice TScrack.


Yamagata Gennosuke

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)