May 30, 2011

Cain RDP (Remote Desktop Protocol) Sniffer Parser

I was searching for some stuffs while i found this so i thought to share it here

As some of you may know, Cain has the ability to ARP poison, sniff and pull off a man in the middle attack against the RDP/Remote Desktop/Terminal Services protocol.  It's kind of hit a miss depending on the network layout and what version of RDP is in use. Pulling out keystrokes from the decrypted log file made by Cain can be quite a chore, so I coded up this quick little parser. Normally you would have to look through the RDP logs Cain makes by hand, searching for entries like "Key pressed client-side: 0x5 - 'a'". Using my script you can interpret those logs and save the keystrokes sent by the client to the server. This is very useful for finding passwords that may have been sent over the RDP session. I plan to use this script in a future video, but for now it can be downloaded from the following link:



         Just choose the file you want to parse, then choose a name for the output text file.

0 comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More