VPS stands for Virtual Private Server, also known as personal virtual server. VPS is one of the most popular services for you to use and work safely. It uses virtualization technology to create a separate resource on the server for you to use to separate that resource from sharing with other users on the same physical server. It is more secure and stable than hosting because you don’t have to share the storage space with others but use it privately. And it’s also much cheaper than renting a dedicated server. In this article, I will guide you to use Core RDP Scanner to Scan for someone else’s VPS.

How to Use Tool Core RDP Scanner To Get Free VPS

In short, how Core RDP Scanner works is to scan the VPS’s Public IP list, then use the Tool to Brute Force Password. This is also how Hackers attack weak, simple passwords to be able to remote those VPSs.

To be able to use it, you first need to download the toolkit to your computer. Click on the link below to download.

Link Download Setup NMAP

( Link Mega Max Speed ​​)

Link Download Core RDP Scanner

After downloading, you proceed to extract 2 RAR files to the same folder.

After extracting, the files will look like the picture.

We proceed to install nmap-7-setup.exe on the computer.

Attention : Remember to turn off all anti-virus when using the tool. Because this is a crack tool, anti will recognize it as a virus and delete some important files, leading to an error.

Here when installing Nmap, remember to check it all.

After the installation is complete, press Fnish to finish the software installation process.

After the installation is finished proceed to the next step. There are 2 folders here, SSH and RDP. Which means 2 different protocols. RDP is Remote Desktop Protocol and SSH is Secure Shell.

It can be said that if you want to scan desktop vps, go to RDP. As for linux vps using terminal to use, go to the SSH folder.

Here I will use a Windows VPS, so go to RDP to scan.

You proceed to run the file blah.bat to start the ip scanning process. Turn on a few tabs to push the scanning level up, but it will consume computer resources. If your computer or VPS is strong enough, turn it on a lot to scan quickly to save time.

After waiting for a while for it to scan, go to the results.txt file to get the vps ip to go to the next step.

Go back to the first folder, go to Folder Cracking and run the Core RDP.exe file.

The tool interface opens, you proceed to paste the ip list you just scanned earlier and press create list.

If the Password List is too small, you can download more at this lesson

Then you will be transferred to the check vps tab. Here you will wait for it to check the password and user name. A successful check will be in the good column, if it is wrong, it will be in the bad column.

The more ip list, the higher the check out rate. You should use vps to use the tool effectively.

Watch video tutorials at:

https://www.youtube.com/watch?v=ViF7CmCp_tc

Good luck
TMQ.

Scrying is a new tool for capturing RDP, Web and VNC screenshots. This tool is still a work in progress and can be used but it is not complete.

RDP, Web and VNC are services Remote Desktop help control the computer remotely, if the account is exposed, it is considered that the Hacker has full rights to use your computer.

The web screenshot feature is based on whether Chromium or Google Chrome is installed.

Since Eyewitness has recently stopped supporting RDP, there are no CLI tools that take RDP screenshots. Nessus still works, but it’s a bit difficult to get the image out and it can’t export the file.

So this is a good opportunity for the author to write a new tool that is more powerful than the previous ones.

Install Crying

For the web screenshot feature, the tool has to depend on whether you have Chromium or Google Chrome installed.

Download the latest release at github. Debian versions are available for the distributions to use (install using the sudo dpkg -i scrying* .deb) and binaries for Windows, Mac, and Linux.

Use

Find a website, RDP server or VNC server:

$ scrying -t http:

$ scrying -t rdp:

$ scrying -t 2001:db8::5 --mode web

$ scrying -t 2001:db8::5 --mode rdp

$ scrying -t 192.0.2.2

$ scrying -t vnc:

Crying will automatically get the screenshot from the nmap output:

$ nmap -iL targets.txt -p 80,443,8080,8443,3389 -oX targets.xml

$ scrying --nmap targets.xml

Choose a different output folder for the images:

$ scrying -t 2001:db8::3 --output-dir /tmp/scrying_outputs

Run the targets file:

$ cat targets.txt

http:

rdp:

2001:db8::5

$ scrying -f targets.txt


Run using web proxy:

$ scrying -t http:

$ scrying -t http:

The image file will be saved as PNG in the following folder structure:

Check the results at file output/report.html

Feature

Features with a check mark next to them represent that the feature has already been completed, other features are in development:

• Automatically decide if the input is a web address or an RDP server
• Automatically create output directory if it doesn’t already exist
• Save images with consistent and unique name in server/IP
• Full support for IPv6 and IPv4 characters as well as hostnames
• Read the targets from the file and decide if they are RDP or HTTP or use hints
• Parsing the target intelligently from the results of Nmap and Nessus
• HTTP – use Chromium/Chrome in headless mode
• Cross-platform support – tested on Linux, Windows and Mac
• Generate HTML reports for easy viewing of results
• VNC
• RDP
• Stream video – tracking
• timestamp option in filename
• Read target from msf service -o csv . output
• OCR on RDP username, directly or on the images folder
• NLA/auth to check credentials
• Parse JSON Dirble output to get a screenshot of the entire web page

Command syntax

USAGE:
    scrying [FLAGS] [OPTIONS] <--file <FILE>...|--nmap <NMAP XML FILE>...|--nessus <NESSUS XML FILE>...|--target <TARGET>...>

FLAGS:
    -s, --silent         Suppress most log messages
        --test-import    Exit after importing targets
    -v, --verbose        Increase log verbosity
    -h, --help           Prints help information
    -V, --version        Prints version information

OPTIONS:
    -f, --file <FILE>...                 Targets file, one per line
    -l, --log-file <LOG FILE>            Save logs to the given file
    -m, --mode <MODE>
            Force targets to be parsed as `web`, `rdp`, `vnc` [default: auto]  [possible values:
            web, rdp, vnc, auto]
        --nessus <NESSUS XML FILE>...    Nessus XML file
        --nmap <NMAP XML FILE>...        Nmap XML file
    -o, --output <OUTPUT DIR>            Directory to save the captured images in [default: output]
        --proxy <PROXY>
            Default SOCKS5 proxy to use for connections e.g. socks5://[::1]:1080

        --rdp-proxy <RDP PROXY>
            SOCKS5 proxy to use for RDP connections e.g. socks5://[::1]:1080

        --rdp-timeout <RDP TIMEOUT>
            Seconds to wait after last bitmap before saving an image [default: 2]

    -t, --target <TARGET>...             Target, e.g. http://example.com, rdp://[2001:db8::4]
        --threads <THREADS>              Number of worker threads for each target type [default: 10]
        --web-proxy <WEB PROXY>
            HTTP/SOCKS Proxy to use for web requests e.g. http://[::1]:8080

You can also view the article Tools OSINT – Tracing criminals on the Internet, collecting the best intelligence.