Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Remote Desktop/Term. Serv information leakage

Re: Remote Desktop/Term. Serv information leakage

From: Terry Vernon <tvernon24_at_comcast.net>
Date: Fri, 01 Jul 2005 13:25:54 -0500

write a daemon to run on the windows box that won't allow renaming the
file extensions of .txt to anything else. do it for every type of file
you can paste text in. Set up better controls for traffic going to the
remote desktop so only trusted people can access it. if you could access
it from outside the private net and your computer had internet access
then that network is accessible from the internet just not directly. It
would take some doing but if a network has one wire going to any number
of other networks that have one wire that touches the internet you can
bet that it is crackable however improbable it seems.

Terry Vernon
CTO
Sprite Technologies

kuffya_at_gmail.com wrote:

>Hi list,
>One of our recent clients has a seperate 'isolated' network where they keep sensitive material. This network is not connected to the internet, is not physically accessible and you can only connect to it using remote desktop. They asked us to test if the isolated network was adequately protected.
>Here's what I discovered: When you start a Rem Desktop session from the main network to the isolated one you can actually copy and paste stuff across...this is only true for text not for complete files, and seems to be by design. What is more worrisome is that you can even copy across executables doing simple tricks such as
>1)download an executable
>2)change extension to .txt
>3) copy (the text version) across to a notepad.
>4)change it back to .exe
>So literally we have a significant leakage over here, introducing threats to the isolated network.
>I am posting this to ask your opinion on how this could be mitigated......I think that Remote Desktop is not possible to configure securely since it's not designed as such...and hence it transfers across anything it receives , be it mouse movements or copied & pasted text...
>So I was trying to think what would be the best solution, without spending a fortune on a 'secure' commercial solution, that is. Maybe something like SSH tunneling then Rem. Desktop or VNC or what?
>And do you think this 'bug' is something investigating any further? Is it something you people knew of?
>
>Thanks a lot.
>
>
>
Received on Jul 01 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]