RAdmin. Do you know that…
Did you know that radmin versions up to 2.2 allows you to bust passwords over a network at a speed limited by the channel and the power of the machine? They say that in 2.2 they fixed , did not check.
Did you know that in radmin versions up to 2.2 when authenticating with a password, the client actually sends the password hash that the server keeps open in the registry, so the “patched” client can connect using a stolen key.
Did you know that radmin version 2.1 (I don’t know further) uses the zlib library with an old leaky version?
')
Did you know that radmin uses its own encryption algorithms, which wonderfully coincides with Twofish ?
Do you know what the ActiveX components really exist (and you can dig a bit) by searching the radmin password on an arbitrary amount of IP and checking the computer registry for the radmin password hash that is executed?
Do you know that there are ready-made perl-scripts that search for a password to radmin?
This is how it is.
Did you know that in radmin versions up to 2.2 when authenticating with a password, the client actually sends the password hash that the server keeps open in the registry, so the “patched” client can connect using a stolen key.
Did you know that radmin version 2.1 (I don’t know further) uses the zlib library with an old leaky version?
')
Did you know that radmin uses its own encryption algorithms, which wonderfully coincides with Twofish ?
Do you know what the ActiveX components really exist (and you can dig a bit) by searching the radmin password on an arbitrary amount of IP and checking the computer registry for the radmin password hash that is executed?
Do you know that there are ready-made perl-scripts that search for a password to radmin?
This is how it is.
Source: https://habr.com/ru/post/1019/
All Articles