RDP

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, enabling users to remotely access and interact with a Windows system through a graphical user interface (GUI). By default, RDP uses TCP port 3389 but can be configured to run on other ports. Authentication requires valid user credentials, including a username and password in cleartext. Attackers can attempt RDP brute-force attacks to discover valid credentials and gain unauthorized access to a target system.

Enumeration & Exploitation

Enumeration

nmap -sV -p- [IP]

w/ Metasploit

msfconsole -q
search rdp_scanner
use auxiliary/scanner/rdp/rdp_scanner
show options
set RHOSTS
set RPORT
run

Login Brute-force

hydra -L [wordlist] -P [passlist] rdp://IP -s [PORT]

# connect using xfreerdp
xfreerdp /u:username /p:password /v:IP:Port

Last updated