RDP cracking

[Carding]

RDP tutorial: https://yadi.sk/i/9uDjtG06vG0Z_g

RDP unlike other tools are mostly hacked before been sold by various vendors.

These are some of the tools I know are used for cracking RDP?

1 HYDRA

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more

This is a link to download hydra
??

https://github.com/vanhauser-thc/thc-hydra/archive/master.zip

Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Change Log
New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!)
Added support for win8 and win2012 server to the RDP module
Better target distribution if -M is used
Added colored output (needs libcurses)
Better library detection for current Cygwin and OS X
Fixed the -W option
Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested
Fixed HTTP Form module false positive when no answer was received from the server
Fixed SMB module return code for invalid hours logon and LM auth disabled
Fixed http-{get|post-form} from xhydra
Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz)
Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ?
Added debug mode option to usage (thanks to Anold Black)

HOW TO COMPILE

To configure, compile and install hydra, just type:
./configure
make
make install

If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from http://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line.
If you use Ubuntu/Debian, this will install supplementary libraries needed for a few optional modules:

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
firebird2.1-dev libncp-dev

This enables all optional modules and features with the exception of Oracle, SAP R/3 and the apple filing protocol - which you will need to download and install from the vendor's web sites.

For all other Linux derivates and BSD based systems, use the system
software installer and look for similar named libraries like in the
comand above. In all other cases you have to download all source libraries and compile them manually.

SUPPORTED PLATFORMS

All UNIX platforms (linux, *bsd, solaris, etc.)

Mac OS/X
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)

There are also other apps such as

NCARK and MEDUSA

?P.S THESE ARE IRRELEVANT IF YOU WANT TO BE A CARDER BUT ITS RELEVANT OF YOU WANT TO MAKE, SELL OR USE YOUR OWN RDP

 

[Carding 4 Carders]

RDP Scanning Cracking Tutorial​

Section I - What is an RDP?
First off, we gotta know what we are cracking, right? Well RDP stands for Remote Desktop Protocol, which basically means a desktop on a server. Instead of using SSH to access your dedis, you can use RDP. The main reason why people use RDP is it's accessibility, and useability. There is no fancy lingo to learn, no commands to memorize, as it is just like using your home computer/laptop.

Section II - What can you do with an RDP?
There are many, many things you can do with an RDP, and it all boils down to your imagination. One of the more significant reasons people use them is to crack accounts, whether it be steam or porn, or simply md5's from the latest db dump. Another popular usage is for SEO tools, such as scrapebox. You can also use ProxyGoblin in combination, and you get an automatic SEO warehouse, all for free!

Section III - Down to cracking!
We are going to jump right into this, so hang on for the ride!
Things you need to download:
This file-Contains everything we need.

Ok, once you get everything extracted and into a folder somewhere convenient, continue on.

First Step: IP's
You need to gather a list of possible RDP servers, and it might sound crazy, but it isn't that hard. You have a few options here, using nMap (more broad and faster search), or using AngryIP Scanner. AngryIP scanner is great at scanning certain ranges within IP's, and reporting back which IP's had open port 3389 (default RDP port). The one pain in the ass though, is that you can't really export the IP's from AngryIP Scanner, so takes a little longer.

Going to nMap route:
1. Run the setup (You will get a weird error near the end, just hit ok)
2. Run the Scanner.bat file, it will open up 2 cmd prompts. These basically scan tons of ip ranges and check if they have the open port 3389, and reports back in the results.txt file.
3. Just sit on it overnight, you will get PLENTY of IP's (~4k).

Going AngryIP route:
1. This one is a tad bit more complicated, letting you know now. Simply double click to open it up.
2. On the top bar, hit tools, then preferences. A window should popup.
3. On the first page (Scanning) set your thread amount (300 is good), as well as setting your ping timeout to 3. Also tick the "Skipping" box so it has a checkmark in it.
4. On the next tab, you need to change the port timeout to 50. This makes sure that it doesn't take too long checking ports (as you want fast RDP's). In the port selection box, delete whatever was in it and add 3389 to it.
5. Next in the display tab, click the "Hosts with open ports" option, for obvious reasons.
6. Hit ok, then you will get back to the main window. Click where it says "IP file", and change to IP range. Put in your custom range you want to scan.

Second Step: Cracking
1. Open up dat sexy DuBrute
2. Click the Config button. Change the threads lower if you have a bad pc, higher if you have a great one.
3. Change the try connections to 50 (lower if shitty internet), change the timeout to 5.
4. Now hit the generation button. First you need to add the IP's, so navigate to where your results.txt were when you scraped IP's.
5. Next is the usernames, which should be included in your dubrute file.
6. This part is more customizable, adding the passwords. You can either use a list from my "goodcombo" file included in the RDPCracking.rar, or you can use the MASSIVE password list in the dubrute folder.
7. Hit Make. and once it's done hit exit. Now hit start and you're off.