As some of you may know, Cain has the ability to ARP poison, sniff and pull off a man in the middle attack against the RDP/Remote Desktop/Terminal Services protocol. It's kind of hit a miss depending on the network layout and what version of RDP is in use. Pulling out keystrokes from the decrypted log file made by Cain can be quite a chore, so I coded up this quick little parser. Normally you would have to look through the RDP logs Cain makes by hand, searching for entries like "Key pressed client-side: 0x5 - 'a'". Using my script you can interpret those logs and save the keystrokes sent by the client to the server. This is very useful for finding passwords that may have been sent over the RDP session. I plan to use this script in a future video, but for now it can be downloaded from the following link:

Download Cain RDP Sniffing Log Parser