P.S. Before someone starts accusing me of "spamming" for the book, (one asshat tried to compare me to Juan whats-his-face once) note you can actually view most of the RDP chapter (and others) on the Amazon "preview a page" feature if you would like.
If you are interested in RDP security, I suggest you take a free read on Amazon. Many are worried about worm activity from 020, and I am far more interested in pointing you to free material that helps you secure yourself and others than I am trying to make a buck on the book. If anyone has any questions about how any of this works, I'm happy to help if I can. t >-----Original Message----- >From: [email protected] [mailto:full-disclosure- >[email protected]] On Behalf Of Thor (Hammer of God) >Sent: Sunday, March 18, 2012 9:21 AM >To: Nahuel Grisolía; root >Cc: [email protected] >Subject: Re: [Full-disclosure] ms12-020 PoC > >You establish a connection to TSGateway via RPC over HTTP in an SSL tunnel. >Once you are authenticated and authorized, the TSGateway server will >establish a connection via RDP to the target server, tunneling the RDP >connection back to you within the RPC/HTTP(S) channel. > >As such, TSGateway is obviously unaffected by this vulnerability. For those of >you looking for mitigation and not kiddie code to pop a box, note that simply >using NLA mitigates both RDP issues. > >This might be a good time to point out than anyone who followed any of my >advice in the RDP chapter of Thor's Microsoft Security Bible, or who is using >the little ThoRDP tool I wrote (also in the book) was protected from these >vulnerabilities way before they were discovered. I say that to simply >identify >that some simple, effective techniques can be deployed that thwarts the >hours and hours people put into developing exploit code and the wasted time >chasing all this stuff down. *THAT* is what security is about, btw. > >t > >>-----Original Message----- >>From: [email protected] >>[mailto:full-disclosure- [email protected]] On Behalf Of Nahuel >>Grisolía >>Sent: Friday, March 16, 2012 11:41 AM >>To: root >>Cc: [email protected] >>Subject: Re: [Full-disclosure] ms12-020 PoC >> >>Guys, >> >>What about TS Gateway? which is actually listening on port 443 (by def)... >> >>thanks! >> >>Nahu. >> >>On 16 March 2012 15:12, root <[email protected]> wrote: >>> The SABU code is fake (go figure). >>> This python script is the first port of the Luigi code to python, >>> that's why sucks. >>> >>> Here are better ports: http://pastebin.com/4FnaYYMz and >>> http://pastebin.com/jzQxvnpj >>> >>> On 03/16/2012 02:50 PM, Exibar wrote: >>>> Is that the same code from yesterday? I thought that code was a >>>> fake and >>didn'kt do anything? >>>> >>>> Anyone confirm this? >>>> >>>> Exibar >>>> Sent via BlackBerry by AT&T >>>> >>>> -----Original Message----- >>>> From: kyle kemmerer <[email protected]> >>>> Sender: [email protected] >>>> Date: Fri, 16 Mar 2012 12:01:16 >>>> To: <[email protected]> >>>> Subject: [Full-disclosure] ms12-020 PoC >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
