I always knew remote desktop protocol (RDP) is crackable and tried it but never really got hits but finally I decided to get better in this so I spent some time and checked all RDP cracking tools available on the internet, compared them and found the best possible way in my opinion to do this. And all this with one tool which isn't that popularized in cracking community.
If you dont know what RDP is, it's remote desktop protocol where with valid credentials (IP, login, password) you can connect to someone's PC or server and from desktop do pretty much anything, it might be browsing their files, passwords or just using their computing power to run your programs which is usefull for crackers or crypto miners. When you get some hits you can continue cracking more RDPs on cracked ones epo: Just search remote desktop in your Windows
The tool needed to do this is RDP Forcer.
If it gives you error you need to install this: https://www.winpcap.org/
Read this shit from beginning to the end because this tool can save a lot of time for you and will use only valid logins for cracking!
When you open it you will see this:
First you need to scan IP ranges for open RDP port
RDP port is always 3389
You can remove arguments or keep default ones - with those port scanner will stop when it gets 100k ips with open ports.
Choose country which you want to scan and select ip ranges format:
We will use password list for cracking which I will tell you more about later in this tutorial but at this point you can choose more than one country for port scanning in the country selection with holding CTRL key. For example you can choose Portugal and Brasil as these countries use the same language so passwords will be similiar in both of them.
Keep in mind choosing too many countries may result in very long time needed to scan all of ip ranges!
When you do this put your ip ranges in rdp forcer, click start and wait till the scanning is done. IPs with open 3389 port will get saved in "log" folder as scan.txt file.
After scanning is done and you have some IPs (I recommend 10k+) go to detector tab. This is the best thing in RDP forcer as it saves a lot of time for you. Basically detector connects to IPs with open ports and checks what windows usernames are on them:
When this is done we of course go to ForcerX tab:
You can find previously detected ips with usernames in log folder as detectorGood.txt - add this file as 'file recognized IPs'
About password list:
You can use passwd.txt which contains some basic passwords which arent that bad OR you can spend some time making your password list.
For example you can make it bigger to check more combinations or use only few basic passwords such as admin, password, user, administrator etc.
When bruteforcing also remember to put some passwords in language used in that country for example when I bruteforce Brazilian rdps password "senha" is a must have.
%login% - will use detected username as password
%Login% - the same as above but with first letter capital
%LOGIN% - all capital letters
%nigol% / %NIGOL% - login backwards
you can try others like %login%123 and more complicated patterns
Bonus tool:
xRDP.
When you crack RDP with admin account use this file to qucikly create new user account (without need to go control panel and shit, useful if you don't know language used on that machine) which you can use for your programs so you wont get detected by owner. Simply copy and paste it on RDP, can be even desktop as this file will self delete. Save login and password given by that program and connect to the same IP with them.
Some info:
Cracked RDPs can be servers running 24/7 or people's PCs which can be online only when they use it, but mostly servers have open ports.
On some servers installing new programs might not be available if you don't have admin account.
Hope you liked this tutorial. What makes RDP Forcer the best for me is that you use only usernames that actually are on machines you are bruteforcing also you can stop/pause and even close it and don't lose your progress which is usefull if you do this on your PC.
If you dont know what RDP is, it's remote desktop protocol where with valid credentials (IP, login, password) you can connect to someone's PC or server and from desktop do pretty much anything, it might be browsing their files, passwords or just using their computing power to run your programs which is usefull for crackers or crypto miners. When you get some hits you can continue cracking more RDPs on cracked ones epo: Just search remote desktop in your Windows
The tool needed to do this is RDP Forcer.
If it gives you error you need to install this: https://www.winpcap.org/
Read this shit from beginning to the end because this tool can save a lot of time for you and will use only valid logins for cracking!
When you open it you will see this:
First you need to scan IP ranges for open RDP port
RDP port is always 3389
You can remove arguments or keep default ones - with those port scanner will stop when it gets 100k ips with open ports.
Choose country which you want to scan and select ip ranges format:
We will use password list for cracking which I will tell you more about later in this tutorial but at this point you can choose more than one country for port scanning in the country selection with holding CTRL key. For example you can choose Portugal and Brasil as these countries use the same language so passwords will be similiar in both of them.
Keep in mind choosing too many countries may result in very long time needed to scan all of ip ranges!
When you do this put your ip ranges in rdp forcer, click start and wait till the scanning is done. IPs with open 3389 port will get saved in "log" folder as scan.txt file.
After scanning is done and you have some IPs (I recommend 10k+) go to detector tab. This is the best thing in RDP forcer as it saves a lot of time for you. Basically detector connects to IPs with open ports and checks what windows usernames are on them:
When this is done we of course go to ForcerX tab:
You can find previously detected ips with usernames in log folder as detectorGood.txt - add this file as 'file recognized IPs'
About password list:
You can use passwd.txt which contains some basic passwords which arent that bad OR you can spend some time making your password list.
For example you can make it bigger to check more combinations or use only few basic passwords such as admin, password, user, administrator etc.
When bruteforcing also remember to put some passwords in language used in that country for example when I bruteforce Brazilian rdps password "senha" is a must have.
%login% - will use detected username as password
%Login% - the same as above but with first letter capital
%LOGIN% - all capital letters
%nigol% / %NIGOL% - login backwards
you can try others like %login%123 and more complicated patterns
Bonus tool:
xRDP.
When you crack RDP with admin account use this file to qucikly create new user account (without need to go control panel and shit, useful if you don't know language used on that machine) which you can use for your programs so you wont get detected by owner. Simply copy and paste it on RDP, can be even desktop as this file will self delete. Save login and password given by that program and connect to the same IP with them.
Some info:
Cracked RDPs can be servers running 24/7 or people's PCs which can be online only when they use it, but mostly servers have open ports.
On some servers installing new programs might not be available if you don't have admin account.
Hope you liked this tutorial. What makes RDP Forcer the best for me is that you use only usernames that actually are on machines you are bruteforcing also you can stop/pause and even close it and don't lose your progress which is usefull if you do this on your PC.
