|
软件简介:上一页金山卫士 v4.2.0.2556 下一页北信源parite病毒专杀工具
本软件是由七道奇为您精心收集,来源于网络转载,软件收录的是官方版,软件版权归软件作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容: rdp-sec-check 是一种用来查抄远程RDP 服务 (AKA 终端服务) 的某些安全功效能否启用的工具.它不需求身份考证,只需求网络衔接到 TCP 端口 3389. 它可以肯定很多 (但不包含全部) 从 RDP Tcp 属性的安全设置 | 通例选项卡 * 查抄安全层支持的服务: 尺度 RDP 安全、 TLSv1.0、 CredSSP * 检测到的RDP支持的安全性加密级别:40-bit, 56-bit, 128-bit, FIPS 假如存在以下潜在的安全问题都将标志: * 服务支持尺度 RDP 安全,这简单遭到中间人攻击. * 服务支持弱加密(40-bit or 56-bit) . * 该服务不要求网络级身份考证 (NLA).NLA 可以帮忙避免某些范例的回绝服务攻击. * 该服务支持FIPS的加密,但并不强迫.
rdp-sec-check 是一个简单的 PERL 脚本,需求从 CPAN 的一个模块以 root 用户身份运行 'cpan' 然后安装 Encoding::BER 模块:
cpan[1]> install Encoding::BER 输出示例 #1: An old Windows 2000 RDP Service
Starting rdp-sec-check v0.8-beta ( http://labs.portcullis.co.uk/application/rdp-sec-check/ ) at Mon Jul 9 13:34:38 2012 Target: 10.0.0.94 IP: 10.0.0.94 Port: 3389 [+] Checking supported protocols [-] Checking if RDP Security (PROTOCOL_RDP) is supported...Negotiation ignored - old Windows 2000/XP/2003 system? [-] Checking if TLS Security (PROTOCOL_SSL) is supported...Negotiation ignored - old Windows 2000/XP/2003 system? [-] Checking if CredSSP Security (PROTOCOL_HYBRID) is supported [uses NLA]...Negotiation ignored - old Windows 2000/XP/2003 system?? [+] Checking RDP Security Layer [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_NONE...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_40BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_128BIT...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_56BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_FIPS...Not supported [+] Summary of protocol support [-] 10.0.0.94:3389 supports PROTOCOL_RDP : TRUE [-] 10.0.0.94:3389 supports PROTOCOL_HYBRID: FALSE [-] 10.0.0.94:3389 supports PROTOCOL_SSL : FALSE [+] Summary of RDP encryption support [-] 10.0.0.94:3389 has encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] 10.0.0.94:3389 supports ENCRYPTION_METHOD_NONE : FALSE [-] 10.0.0.94:3389 supports ENCRYPTION_METHOD_40BIT : TRUE [-] 10.0.0.94:3389 supports ENCRYPTION_METHOD_128BIT : FALSE [-] 10.0.0.94:3389 supports ENCRYPTION_METHOD_56BIT : TRUE [-] 10.0.0.94:3389 supports ENCRYPTION_METHOD_FIPS : FALSE [+] Summary of security issues [-] 10.0.0.94:3389 has issue NLA_NOT_SUPPORTED_DOS [-] 10.0.0.94:3389 has issue ONLY_RDP_SUPPORTED_MITM [-] 10.0.0.94:3389 has issue WEAK_RDP_ENCRYPTION_SUPPORTED rdp-sec-check v0.8-beta completed at Mon Jul 9 13:34:39 2012 输出示例 #2: A Windows 2003 SP0 RDP Service
Starting rdp-sec-check v0.8-beta ( http://labs.portcullis.co.uk/application/rdp-sec-check/ ) at Mon Jul 9 13:35:34 2012 Target: 10.0.0.93 IP: 10.0.0.93 Port: 3389 [+] Checking supported protocols [-] Checking if RDP Security (PROTOCOL_RDP) is supported...Negotiation ignored - old Windows 2000/XP/2003 system? [-] Checking if TLS Security (PROTOCOL_SSL) is supported...Negotiation ignored - old Windows 2000/XP/2003 system? [-] Checking if CredSSP Security (PROTOCOL_HYBRID) is supported [uses NLA]...Negotiation ignored - old Windows 2000/XP/2003 system?? [+] Checking RDP Security Layer [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_NONE...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_40BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_128BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_56BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_FIPS...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [+] Summary of protocol support [-] 10.0.0.93:3389 supports PROTOCOL_RDP : TRUE [-] 10.0.0.93:3389 supports PROTOCOL_HYBRID: FALSE [-] 10.0.0.93:3389 supports PROTOCOL_SSL : FALSE [+] Summary of RDP encryption support [-] 10.0.0.93:3389 has encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] 10.0.0.93:3389 supports ENCRYPTION_METHOD_NONE : FALSE [-] 10.0.0.93:3389 supports ENCRYPTION_METHOD_40BIT : TRUE [-] 10.0.0.93:3389 supports ENCRYPTION_METHOD_128BIT : TRUE [-] 10.0.0.93:3389 supports ENCRYPTION_METHOD_56BIT : TRUE [-] 10.0.0.93:3389 supports ENCRYPTION_METHOD_FIPS : TRUE [+] Summary of security issues [-] 10.0.0.93:3389 has issue NLA_NOT_SUPPORTED_DOS [-] 10.0.0.93:3389 has issue FIPS_SUPPORTED_BUT_NOT_MANDATED [-] 10.0.0.93:3389 has issue ONLY_RDP_SUPPORTED_MITM [-] 10.0.0.93:3389 has issue WEAK_RDP_ENCRYPTION_SUPPORTED Output Example #3: A typical Windows 2003 RDP Service $ rdp-sec-check.pl 10.0.0.111 Starting rdp-sec-check v0.8-beta ( http://labs.portcullis.co.uk/application/rdp-sec-check/ ) at Mon Jul 9 13:36:56 2012 Target: 10.0.0.111 IP: 10.0.0.111 Port: 3389 [+] Checking supported protocols [-] Checking if RDP Security (PROTOCOL_RDP) is supported...Supported [-] Checking if TLS Security (PROTOCOL_SSL) is supported...Not supported - SSL_NOT_ALLOWED_BY_SERVER [-] Checking if CredSSP Security (PROTOCOL_HYBRID) is supported [uses NLA]...Not supported - SSL_NOT_ALLOWED_BY_SERVER [+] Checking RDP Security Layer [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_NONE...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_40BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_128BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_56BIT...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_FIPS...Supported. Server encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [+] Summary of protocol support [-] 10.0.0.111:3389 supports PROTOCOL_RDP : TRUE [-] 10.0.0.111:3389 supports PROTOCOL_HYBRID: FALSE [-] 10.0.0.111:3389 supports PROTOCOL_SSL : FALSE [+] Summary of RDP encryption support [-] 10.0.0.111:3389 has encryption level: ENCRYPTION_LEVEL_CLIENT_COMPATIBLE [-] 10.0.0.111:3389 supports ENCRYPTION_METHOD_NONE : FALSE [-] 10.0.0.111:3389 supports ENCRYPTION_METHOD_40BIT : TRUE [-] 10.0.0.111:3389 supports ENCRYPTION_METHOD_128BIT : TRUE [-] 10.0.0.111:3389 supports ENCRYPTION_METHOD_56BIT : TRUE [-] 10.0.0.111:3389 supports ENCRYPTION_METHOD_FIPS : TRUE [+] Summary of security issues [-] 10.0.0.111:3389 has issue NLA_NOT_SUPPORTED_DOS [-] 10.0.0.111:3389 has issue FIPS_SUPPORTED_BUT_NOT_MANDATED [-] 10.0.0.111:3389 has issue ONLY_RDP_SUPPORTED_MITM [-] 10.0.0.111:3389 has issue WEAK_RDP_ENCRYPTION_SUPPORTED rdp-sec-check v0.8-beta completed at Mon Jul 9 13:36:56 2012 输出示例 #4: A well configured Windows 2008 RDP Service
Starting rdp-sec-check v0.8-beta ( http://labs.portcullis.co.uk/application/rdp-sec-check/ ) at Mon Jul 9 13:32:30 2012 Target: 10.0.0.21 IP: 10.0.0.21 Port: 3389 [+] Checking supported protocols [-] Checking if RDP Security (PROTOCOL_RDP) is supported...Not supported - HYBRID_REQUIRED_BY_SERVER [-] Checking if TLS Security (PROTOCOL_SSL) is supported...Not supported - HYBRID_REQUIRED_BY_SERVER [-] Checking if CredSSP Security (PROTOCOL_HYBRID) is supported [uses NLA]...Supported [+] Checking RDP Security Layer [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_NONE...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_40BIT...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_128BIT...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_56BIT...Not supported [-] Checking RDP Security Layer with encryption ENCRYPTION_METHOD_FIPS...Not supported [+] Summary of protocol support [-] 10.0.0.21:3389 supports PROTOCOL_RDP : FALSE [-] 10.0.0.21:3389 supports PROTOCOL_HYBRID: TRUE [-] 10.0.0.21:3389 supports PROTOCOL_SSL : FALSE [+] Summary of RDP encryption support [-] 10.0.0.21:3389 supports ENCRYPTION_METHOD_NONE : FALSE [-] 10.0.0.21:3389 supports ENCRYPTION_METHOD_40BIT : FALSE [-] 10.0.0.21:3389 supports ENCRYPTION_METHOD_128BIT : FALSE [-] 10.0.0.21:3389 supports ENCRYPTION_METHOD_56BIT : FALSE [-] 10.0.0.21:3389 supports ENCRYPTION_METHOD_FIPS : FALSE [+] Summary of security issues rdp-sec-check v0.8-beta completed at Mon Jul 9 13:32:31 2012 “rdp-sec-check RDP 安全性查抄工具[安全工具]”系转载自网络,如有侵犯,请联系我们立即删除,另:本文仅代表作者个人观点,与本网站无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性七道奇不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。 |