Friday, 25 July 2014

Sniffing RDP Session Keystrokes with Cain & Able


Cain & Able is very easy to use tool for ARP Poisoning Attack, and at the same time it is powerful.

It has ability to do Man-In-The Middle against the RDP “Remote Desktop Protocol” using which attacker can actually sniff Keystrokes being typed in RDP session, and believe me this can be used in most of real environment while doing Penetration testing

Although ARP Generates lot of traffic, it is worth if you can get hold of credentials ;) in some cases.


Below screenshot shows option where you will find ARP RDP Session details.



   Once captured RDP Session, you can look for "Key released" and in below screenshot you can find
   "cd \" command is executed in RDP session.


Imagine if someone is trying to Log in to other machine from RDP using SMB....or SSH ;)

Hope this helps.



No comments:

Post a Comment