BlueTeam, CredSSP, Information Security, Nmap, RDP, Windows

Using Nmap to extract Windows host and domain information via RDP

Posted on June 13, 2019June 18, 2019 by Tom Sellers

I’ve recently spent some time in various code bases working on Windows RDP related discovery. This post is going to talk about using a new Nmap script, rdp-ntlm-info.nse, against RDP services to discover the target’s hostname, domain name, DNS name, and version.

3389/tcp open     ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info: 
|   Target_Name: W2016
|   NetBIOS_Domain_Name: W2016
|   NetBIOS_Computer_Name: W16GA-SRV01
|   DNS_Domain_Name: W2016.lab
|   DNS_Computer_Name: W16GA-SRV01.W2016.lab
|   DNS_Tree_Name: W2016.lab
|   Product_Version: 10.0.14393
|_  System_Time: 2019-06-13T10:38:35+00:00

This post was updated 2019.06.14 to reflect that the script had been committed to the official repo, update the usage instructions to reflect this, and include the NSEDoc link for the script.

This post was updated 2019.06.18 to indicate that users of 7.70 need updated nselib/datetime.lua as well.

Continue reading →

BlueTeam, LDAP, Nmap, RedTeam, Windows

Searching LDAP using Nmap’s ldap-search.nse script

Posted on July 25, 2017July 25, 2017 by Tom Sellers

Nmap has an NSE script, ldap-search.nse, that enables performing queries against LDAP ( Lightweight Directory Access Protocol) services. The goal of this post is to provide an introduction to using the script as well as a couple of practical examples. Continue reading →

Information Security, SHA1, TLS, Windows

Challenges for 2015

Posted on March 29, 2015May 23, 2015 by Tom Sellers

I think that for the rest of this year and early next year we are going to see quite a few challenges that will cause shifts in our platforms and user computing base. Some of these, such as the end of support for Windows XP and Server 2003, we have seen coming for quite a while and knew we had a deadline. Others were more along the lines of ‘yeah, thats bad and we will fix it some day’. Over the last two years these slow burning ‘some day’ issues have been fully ignited due to the Snowden releases and several SSL/TLS vulnerabilities turning the theoretical risk into practical and operational problems.

I don’t plan on going into too much detail here but what I want to do is to provide a list of some challenges that I think many of us will be facing over the next 12 months or so.

Continue reading →

Information Security, TLS, Windows

Challenges for 2015: End of support for Windows XP

Posted on March 29, 2015May 23, 2015 by Tom Sellers

If you provide support for an organization or an external customer user base then you are likely still having to support machines running Windows XP. Microsoft mainstream support for Windows XP ended on April 14, 2009 and extended support ended on April 8, 2014 [1]. This presented an immediate impact in that you could no longer contact Microsoft for support, paid or otherwise. The long term impacts will compound over time as security and operational needs require that we implement technologies that Windows XP does not support.

Unfortunately, so long as the OS is still working today it can be difficult to convince management and customers to upgrade. The intent of this post is to help make a business case for upgrading to a newer operating system by highlighting some of the challenges that XP users and those that support them will experience in 2015 and early 2016.

Continue reading →

Faded Lab

Faded Lab

Information Security thoughts, tools, and toys

Category: Windows

Using Nmap to extract Windows host and domain information via RDP

Searching LDAP using Nmap’s ldap-search.nse script

Challenges for 2015

Challenges for 2015: End of support for Windows XP