search
DiscordHackTheBoxTryHackMeGitHub

RDP

hashtag
ABOUT

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft for remote access to a computer running the Windows OS. This protocol allows display and control commands to be transmitted via the GUI encrypted over IP networks. Works at Application Layer of TCP/IP model, typically using TCP/3389 port. If Network Address Translation (NAT) is used on the route between client and server, as is often the case with Internet connections, the remote computer needs the public IP address to reach the server. It uses TLS/SSL.

hashtag
CONNECTING

hashtag
Rdesktop

rdesktop -u venator17 -p 'amogus' -d domain.kek 13.13.13.13

hashtag
Xfreerdp

hashtag
Regular

xfreerdp /u:venator17 /p:amogus /v:13.13.13.13 /d:domain.kek /cert:ignore

hashtag
With Port-Forwarding

xfreerdp /u:venator17 /p:amogus /v:localhost:3389 /d:domain.kek /cert:ignore

hashtag
Mounting a local dir

xfreerdp /v:13.13.13.13 /u:venator17 /p:amogus /drive:share,/home/venator17/Assessment123

hashtag
Remmina (GUI)

hashtag
PASSWORD SPRAYING

hashtag
Crowbar

hashtag
Hydra

hashtag
SESSION HIJACKING

We need SYSTEM privileges and use tscon.exe (allows to connect to another desktop session) [LINK]arrow-up-right

hashtag
PASS-THE-HASH

By default, Windows has disabled Restricted Admin Mode, and we need to fix that by adding new registry key to DisableRestrictedAdmin

And then to use xfreerdp for Pass The Hash

hashtag
ENABLE FROM SYSTEM

As example one time I needed to access internal host, so it would be good if I turned on rdp and made a port forwarding, So here's the steps do do it

  1. Change fDenyTSConnections Registry key which denies RDP connections

  1. Changing a Firewall to allow us to move through RDP

hashtag
Tips2Hack

  1. Nmap RDP Scan

  1. RDP Security Check [LINK]arrow-up-right

PreviousSSHNextSMTP

Last updated