RDP

ABOUT

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft for remote access to a computer running the Windows OS. This protocol allows display and control commands to be transmitted via the GUI encrypted over IP networks. Works at Application Layer of TCP/IP model, typically using TCP/3389 port. If Network Address Translation (NAT) is used on the route between client and server, as is often the case with Internet connections, the remote computer needs the public IP address to reach the server. It uses TLS/SSL.

CONNECTING

Rdesktop

rdesktop -u rio -p 'rio@123' -d corp.local 13.13.13.13

Xfreerdp

Regular

xfreerdp /u:rio /p:rio@123 /v:13.13.13.13 /d:corp.local /cert:ignore

With Port-Forwarding

xfreerdp /u:rio /p:rio@123 /v:localhost:3389 /d:corp.local /cert:ignore

Mounting a local dir

xfreerdp /v:13.13.13.13 /u:rio /p:amogus /drive:share,/home/rio/test

Remmina (GUI)

PASSWORD SPRAYING

Crowbar

Hydra

SESSION HIJACKING

We need SYSTEM privileges and use tscon.exe (allows to connect to another desktop session) [LINK]

PASS-THE-HASH

By default, Windows has disabled Restricted Admin Mode, and we need to fix that by adding new registry key to DisableRestrictedAdmin

And then to use xfreerdp for Pass The Hash

ENABLE FROM SYSTEM

As example one time I needed to access internal host, so it would be good if I turned on rdp and made a port forwarding, So here's the steps do do it

  1. Change fDenyTSConnections Registry key which denies RDP connections

  1. Changing a Firewall to allow us to move through RDP

Tips2Hack

  1. Nmap RDP Scan

  1. RDP Security Check [LINK]

PreviousSSHNextSMTP

Last updated