Microsoft has integrated a program named "Remote Desktop" into the operating system since Windows server. With this "Remote Desktop", network administrators can easily control the company's servers at the other end of the network, perform operations on the above, delete the program, and run the same command as on the local computer. Therefore, the "Remote Desktop" function greatly facilitates the work of network administrators and is favored by more and more network administrators after its launch.
However, with the popularization of the network, the security of the network has been paid more and more attention by enterprises. Many network administrators have found that using windows Remote Desktop to operate servers poses certain security risks. That is to say, the security level of data transmission is not high enough, although some information is encrypted, hackers can easily reduce the cost of information. Due to the lack of remote Desktop Security, some network administrators began to seek other remote control tools, such as remote admin and pc any where.
Microsoft is very interested in the market of remote control software. To improve the security level of Remote Desktop and ensure that data is not stolen by hackers, a Secure Authentication Remote Desktop function is added to the latest patch package SP1 in Windows2003. With this function, we can use SSL encrypted information to transmit and control the data of remote servers, thus making up for the original security defects of the Remote Desktop function.
Prompt: If you are using windows2003, but you have not installed the latest SP1 Patch, you still cannot use SSL-encrypted remote desktop authentication. Therefore, it is recommended that companies upgrade their servers to windows2003 + SP1 immediately.
I. Personally crack connection information in a dangerous situation:
How dangerous is the Remote Desktop authentication method that does not use SSL to Encrypt transmission information? Today, we will follow senior network engineers to check whether it is possible.
Lab Environment:
The Unit server is Windows Server + SP4 patch pack. The network condition is the 10 m exit of the optical fiber. The computer in the home is a windows XP pro + SP2 patch package, and the network condition is Beijing Netcom ADSL 512KB. Use the Remote Desktop Connection function that does not contain SSL authentication to control the server that comes with XP in your home.
Cracking Process:
Step 1: Install the sniffer data packet analysis tool on your computer at home and select the NIC as the local Nic. 1)
|
Figure 1 click to view the large image |
Prompt: In fact, it is no problem to install the sniffer tool on a computer in the same subnet as the computer in the home for monitoring. It can also monitor the data information mentioned below.
Step 2: Use "capture-> start" in the sniffer menu to start the monitoring function. Of course, the start arrow of the shortcut button is the same.
Step 3: Start the Remote Desktop Connection Program of XP to access the company's server.
Step 4: log on to the server, enter the correct user name and password to enter the desktop, and then exit.
Step 5: After logging on to the server, return to the sniffer program of the Local Computer and click "capture-> stop and display" in the menu to stop monitoring and display the results. 2)
|
Figure 2 click to view the large image |
Step 6: click the "objects" label on the left in the displayed result window, if you use a Broadband Router to share the Internet with multiple computers, you will see the IP address of the server to be accessed in the "objects" window, of course, for those who only have one computer and access the Internet through the ADSL cat, because the ADLS cat acts as an IP address translation and filtering job, the local Nic information will only be seen in the "objects" window. Select the IP address of the local Nic or server and click the "decode" label below to analyze the data packets. 3)
|
Figure 3 click to view the large image |
Step 7: In the "DECODE" label, we can analyze the monitored data packets. Analyze the destination address from the top. The IP address of the server is displayed when there are 23rd packets. These packets need to be analyzed carefully. 4)
|
Figure 4 click to view the large image |
Step 8: Continue to analyze 26th data packets, and you can clearly see the username "softer" entered when logging on to the server from the bottom data information. 5)
|
Figure 5 Click to view the large image |
Step 9: When 28th and 29 data packets are analyzed, the encrypted password information is displayed in the data information area. 6) Although we cannot identify, hackers can decompile the ciphertext. The compilation process is long, similar to the exhaustive method. 7)
|
Figure 6 click to view the large image |
|
Figure 7 click to view the large image |
Although the Remote Desktop Connection transmission information is different from FTP and telnet in plaintext transmission, simple encryption of user name plaintext transmission and password still poses a great security risk, data packets are easily hacked and cracked. Therefore, we need to implement Remote Desktop Security to the end.