TL;DR: mRemoteNG uses insecure methods for password storage and can provide droves of valid credentials during an assessment or competition.
. Experience in mRemoteNG and Putty software to configure and trouble shoot switches. Install switches in cabinets and patch into network. Make patch cables and rewire network closets. MRemoteNG is a free and open source remote connection software download filed under remote desktop software and made available by Riley McArdle for Windows. The review for mRemoteNG has not been completed yet, but it was tested by an editor here on a PC. MRemoteNG is the next generation of mRemote, open source, tabbed, multi-protocol, remote. Here is why: Hard-coded default password. MRemoteNG is configured to use a default hard-coded password unless the user provides a custom password. If you don't set a custom password, the encryption can be defeated by simply opening the file with mRemoteNG. Only used single MD5 for key stretching. MD5 is insecure, and a single round is poor. MRemoteNG is an open source, tabbed, multi-protocol, and remote connections manager. It allows you to view all of your remote connections in a tabbed interface. MRemoteNG supports the following. Originally a fork of mRemote, mRemoteNG adds many new features to mRemote. Features To support the many different types of connections and configurations, there are a myriad of options and tools.
Level Set
mRemoteNG (mremote) is an open source project (https://github.com/rmcardle/mRemoteNG) that provides a full-featured, multi-tab remote connections manager. It currently supports RDP, SSH, Telnet, VNC, ICA, HTTP/S, rlogin, and raw socket connections. Additionally, It also provides the means to save connection settings such as hostnames, IP addresses, protocol, port, and user credentials, in a password protected and encrypted connections file.
Problem
During a recent pentest, I was struggling to gain additional administrative access to key systems ,even with standard user authentication. However, during some share pillaging I found a backup of an old mRemote connections file. The connections file houses all the information needed to gain remote access to a given system (IP/Hostname, Protocol, Port, Username, and Password). However, the credentials are encrypted, by default, and the connections file was protected by a master password.
Solution
It turns out, the master password is just used by the program to determine whether or not to load in the selected connections file. The stored credentials are actually encrypted with a static string, not the master password. This creates a scenario wherein the master password hash can simply be replaced with a blank password hash, to bypass the master password prompt. Once the connections file is loaded, the program even has the ability to add additional “External tools”, which allow for access to the programs variables and memory space. This allows for simple echo commands to be added to reveal hidden details about each connection, such as the clear text password.
How to Access The Clear Text Credentials
Method 1: Using the Program itself
To start ensure that mRemoteNG is closed or download the portable version of the application.
Second navigate to the default mRemoteNG data folder (C:UsersAppDataRoamingmRemoteNG) or acquire the connections configuration file. Alternatively, enter the path %appdata%/mRemoteNG into Start/Run, to go directly to the default installation location. Or use the portable version of the application, for any backup files you may have discovered while pillaging.
Third open the connections configuration file (by default called confCons.xml) in your favorite text editor.
:max_bytes(150000):strip_icc()/008-how-to-use-mRemoteNG-to-manage-remote-connections-052e2f1ff4af4300af1688ac2b1645a7.jpg "Mremoteng")
Then, on the second line, locate the Protected=”a bunch of numbers/letters” string and replace it with the value below.
Protected=”GiUis20DIbnYzWPcdaQKfjE2H5jh//L5v4RGrJMGNXuIq2CttB/d/BxaBP2LwRhY”
Note: This is just a master password hash of blank, to allow for the connections file to be loaded.
Next, just re-open mRemoteNG and load the connections file, by simply submitting a blank password to the master password prompt.
To see the clear text of a given password, go to “Tools” > “External Tools”. Then right-click in the white space and choose “New External Tool”. Next, in the External Tools Properties, fill in a “Display Name”, “Filename” and some “arguments”, with “Password lookup”, CMD and “/k echo %password%” respectively.
Finally, go to the connection where you would like to reveal the connection and right-click on it and choose “External tools” > “Password lookup”.
Method 2: Using an Offline Decoder
A modified version of the Metasploit module Ruby code, can be used to get the clear text passwords from within a protected connections file.
The file can be downloaded from packetstorm (https://packetstormsecurity.com/files/126309/mRemoteOffPwdsDecrypt.rb.txt) and run on Kali systems as such:
ruby mRemoteOffPwdsDecrypt.rb confCons.xml
Method 3: Using the Metasploit Post Module
Once you have a meterpreter shell on an administrators system that has mRemoteNG installed, simply run the post module with the following command and enjoy clear text.
run post/windows/gather/credentials/mremote
Note: mRemoteNG is a platform agnostic program, however the post module only works on Windows and will only parse the default connections file (confCons.xml) and location (%appdata%/mRemoteNG).
As always,
w7nDgMKow73CuCU7XsOkScuGXsKrw51Rwq4=
Lightweight tool which enables you to initiate and manage multiple remote connections in the same time, through the enclosed tabbed interface
What's new in mRemoteNG Portable 1.77.1.27654 Pre-release:
- ADDED:
- #1512: Added option to close panel from right click menu
- #1434: Revised sort button in connection tree to be able to sort in both orders
- #1400: Added file download handling to HTTP(S) connections using Gecko
mRemoteNG Portable is a software application that provides users with a simple means of launching multiple remote connections and organizing them in an efficient manner, by opening multiple tabs.
The advantages of a portable app
The installation process is not a necessity, as this is the portable counterpart of mRemoteNG. In addition to that, it is not going to add any new items to the Windows registry and hard drive without your approval (as installers usually do), and it is not going to leave any kind of traces after its removal from the disk.
You should also know that by placing the program files to a USB pen drive, you make it possible to run mRemoteNG Portable on any PC you have been granted access to, by simply double-clicking the EXE.
Straightforward UI
The interface you are met with presents a minimal and clear-cut build, as it only consists of a menu bar and a few panes which enable you to view a folder structure of all connections established, some configurations and the actual remote session(s) using several tabs.
In addition to that, comprehensive Help contents are incorporated, thus making sure that both beginners and highly experienced people can use it at its maximum potential.
Tweak settings, take snapshots and transfer files
This program enables you to set up multiple connections, by inputting information such as name, description, hostname or IP, username and password (if necessary), domain, protocol, port and gateway. Moreover, you can also configure settings such as resolution, colors, enable automatic resize, key combinations, disk drives, printers, sounds and ports.
It is possible to take screenshots and save them to the hard drive using PNG, JPG and GIF formats, as well as transfer files through an SSH protocol, view notifications and scan an IP range to view opened and closed ports.
Bottom line
To conclude, mRemoteNG Portable is a pretty efficient piece of software when it comes to remotely connecting to several computers in the same time and managing them. Its ease of use is enhanced by the tabbed approach, enabling you to seamlessly toggle connections. The response time is good and we did not pick up on any errors or crashes in our tests.
Filed under
Download Hubs
mRemoteNG Portable is part of these download collections: SSH Clients
mRemoteNG Portable was reviewed by Madalina Boboc- Terminal Services Client 6.1 or Higher
mRemoteNG Portable 1.76.20.24669 / 1.77.1.27654 Pre-release
add to watchlistsend us an updateMremoteng 4k
- runs on:
- Windows 10 32/64 bit
Windows 8 32/64 bit
Windows 7 32/64 bit - file size:
- 37.3 MB
- filename:
- mRemoteNG-Portable-1.76.20.24669.zip
- main category:
- Portable Software
- developer:
- visit homepage
top alternatives FREE
Mremoteng Ftp
top alternatives PAID