# Remote Desktop A user need to be part of the "Remote Desktop Users" in order to login to the host via RDP. To add user to the "Remote Desktop users" run: ``` net localgroup "Remote Desktop Users" UserLoginName /add ``` ## rdesktop Remote Desktop for windows with share and 85% screen: `rdesktop -u username -p password -g 85% -r disk:share=/tmp/share 10.10.10.10` ## xfreerdp **Login using hash:** `Xfreerdp /u:admin /d:win2012 /pth:[hash] /v:192.168.0.1` When CredSSP is required: `xfreerdp --plugin rdpdr --data disk:home:/tmp -- -f -u john 192.168.0.44` * To exit press 'ctrl+alt+enter' ## remmina install remmina: `apt install remmina` have a rdp client by default which you can use to connect. ## Enable RDP ### Enable rdp from registry ``` reg add "\\host\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f ``` ### Enable from netsh ``` netsh firewall set service remoteadmin enable netsh firewall set service remotedesktop enable ``` ### Enable using psexec ``` psexec \\host reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f /usr/local/bin/psexec.py user:password@10.0.0.1 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f ``` ## Enable using metasploit ``` use post/windows/manage/enable_rdp msf5 post(windows/manage/enable_rdp) > run [*] Enabling Remote Desktop [*] RDP is disabled; enabling it ... [*] Setting Terminal Services service startup mode [*] The Terminal Services service is not set to auto, changing it to auto ... [+] RDP Service Started [*] Opening port in local firewall if necessary [*] For cleanup execute Meterpreter resource file: /root/.msf4/loot/20200520112125_default_10.50.30.103_host.windows.cle_789147.txt [*] Post module execution completed msf5 post(windows/manage/enable_rdp) > ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://infra.newerasec.com/infrastructure-testing/gaining-access/remote-desktop.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.