Sign In
Create Account
If you dont know what RDP is, it’s remote desktop protocol where with valid credentials (IP, login, password) you can connect to someone’s PC or server and from desktop do pretty much anything, it might be browsing their files, passwords or just using their computing power to run your programs which is usefull for crackers or crypto miners.
Whe,you get some hits you can continue cracking more RDPs on cracked ones
The tool needed to do this is RDP Forcer
Virus scan:
(false positive but for safety you can run it in sandboxie or virtual machine)
If it gives you error you need to install this:
Read this shit from beginning to the end because this tool can save a lot of time for you and will use only valid logins for cracking!
When you open it you will see this:
First you need to scan IP ranges for open RDP port
RDP port is always 3389
You can remove arguments or keep default ones – with those port scanner will
For IP ranges use this website:
Choose country which you want to scan and select ip ranges format:
We will use password list for cracking which I will tell you more about later in this tutorial but at this point you can choose more than one country for port scanning in the country selection with holding CTRL key. For example you can choose Portugal and Brasil as these countries use the same language so passwords will be similiar in both of them.
Keep in mind choosing too many countries may result in very long time needed to scan all of ip ranges!
When you do this put your ip ranges in rdp forcer, click start and wait till the scanning is done. IPs with open 3389 port will get saved in “log” folder as scan.txt file.
After scanning is done and you have some IPs (I recommend 10k+) go to detector tab. This is the best thing in RDP forcer as it saves a lot of time for you. Basically detector connects to IPs with open ports and checks what windows usernames are on them:
When this is done we of course go to ForcerX tab:
You can find previously detected ips with usernames in log folder as detectorGood.txt – add this file as ‘file recognized IPs’
About password list:
You can use passwd.txt which contains some basic passwords which arent that bad OR you can spend some time making your password list.
For example you can make it bigger to check more combinations or use only few basic passwords such as admin, password, user, administrator etc.
When bruteforcing also remember to put some passwords in language used in that country for example when I bruteforce Brazilian rdps password “senha” is a must have.
%login% – will use detected username as password
%Login% – the same as above but with first letter capital
%LOGIN% – all capital letters
%nigol% / %NIGOL% – login backwards
you can try others like %login%123 and more complicated patterns
MORE INFOS
Cracked RDPs can be servers running 24/7 or people’s PCs which can be online only when they use it, but mostly servers have open ports.
On some servers installing new programs might not be available if you don’t have admin account.
FINALLY
Hope you liked this tutorial. What makes RDP Forcer the best for me is that you use only usernames that actually are on machines you are bruteforcing also you can stop/pause and even close it and don’t lose your progress which is usefull if you do this on your PC.
But great guide