RDP - 3389

Communication are by default encrypted but some hosts may support insecure encryption scheme.

Remote Connections

Rdesktop

Basics

rdesktop -u carol -p carol1978AB 10.2.2.22

#Connect to a domain and map a share
rdesktop -u tris -p ThisIsTheUsersPassword22 10.11.1.20 -d svcorp.com -r disk:local=/home/amandine

Xfreerdp

Basic

xfreerdp /v:10.11.1.79  /u:kbf /p:pass123 /drive:/home/amandine/tools,tools /f

/dynamic-resolution: for dynamic resolution

+clipboard: for clipboard option

/pth : NTLM hash

proxychains: xfreerdp supports the use of proxychains

/d: domain

xfreerdp /v:10.200.185.150 /u:AmandineGH /p:allo123 +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share

Security Checks

GitHub - CiscoCXSecurity/rdp-sec-check: rdp-sec-check is a Perl script to enumerate security settings of an RDP Service (AKA Terminal Services)GitHub

rdp-sec-check

./rdp-sec-check.pl 10.129.201.248

perl rdp-sec-check.pl --file ../rdp.list > ../rdpcheck.output && cat rdpcheck.output | grep "NLA_SUPPORTED_BUT_NOT_MANDATED_DOS" | grep-ip

Nmap

nmap -sV -sC 10.129.201.248 -p3389 --script rdp*