There are many pre-made tools around for brute-forcing RDP credentials, but I haven't found one for username enumeration. Is it possible by design to enumerate potential RDP logins? If not within the standard of the protocol, are there username enumeration vulnerabilities like the CVE-2018-15473 for certain OpenSSH versions?
Asked
Active
Viewed 2,025 times
0
-
I'm not sure of the details, but in at least some cases you can see the login screen. The site shodan.io does this en masse for internet-reachable RDP servers. I suppose it wouldn't be too hard to do OCR on the screenshots. – Harry Johnston Jan 10 '20 at 22:39
-
@HarryJohnston that is the case when the connection is not using NLA (network level authentication) – multithr3at3d Jan 11 '20 at 15:52