☠️ ζHUB

3389-RDP

Created: Feb 24, 2025
Updated: Mar 22, 2025

The Remote Desktop Protocol (RDP) is a protocol developed by Microsoft for remote access to a computer running the Windows operating systems. RDP works at the application layer in the TCP/IP reference model.

Default Port: 3389

Banner grabbing

nc -nv $IP 3389

Nmap

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on computer network by sending packets and analyzing the responses.

Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.

# Default NSE
sudo nmap -sCV -p3389 $IP
 
# Enum RDP with all NSE
sudo nmap -p3389 -sV --script=rdp* $IP

RDP Security Check

Perl script to enumerate security settings of an RDP Service (AKA Terminal Services).

rdp-sec-check.pl $IP

XfreeRDP

XfreeRDP is an X11 Remote Desktop Protocol (RDP) client which is part of the FreeRDP project.

# Connect with AUTHENTICATION
xfreerdp /u:Administrator /p:password123 /v:$IP:3389 /cert:ignore
 
# Connect with fullscreen mode
xfreerdp /u:Administrator /p:password123 /v:$IP:3389 /cert:ignore /f
 
# Connect with resize screen mode
xfreerdp /u:Administrator /p:password123 /v:$IP:3389 /cert:ignore /dynamic-resolution
 
# Connect with AUTHENTICATION (mount Linux folder for file transfer)
# connect to \\tsclient\ for accessing the directory
xfreerdp /u:Administrator /p:password123 /v:$IP:3389 /cert:ignore /drive:linux,/tmp

Tip

To get out of xfreerdp fullscreen mode, uses,

(Ctrl + Alt + Enter) or (Ctrl + Alt + Break).

Rdesktop

Rdesktop is an open source client for Microsoft’s RDP protocol.

# Connect with AUTHENTICATION
rdesktop $IP -d local -u Administrator -p 'password123'
 
# Connect with AUTHENTICATION (mount Linux folder for file transfer)
# connect to \\tsclient\ for accessing the directory
rdesktop $IP -d local -u Administrator -p 'password123' -r disk:linux='/tmp'

Remote Desktop Connection

Remote Desktop Connection is a built-in Windows client that enables users to access and control other computers over a network connection. It’s typically used when connecting from a Windows host to a Windows target system.

Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add.

hydra -L /wordlists.txt/users.txt -P /wordlists/passwords.txt rdp://$IP

Metasploit Framework

Metasploit Framework is an open source platform that supports vulnerability research, exploit development, and the creation of custom security tools.

Link to original

auxiliary/scanner/rdp/rdp_scanner               # Checks RDP present, (none default port:3389)
auxiliary/scanner/cve_2019_0708_bluekeep        # Checks a range of hosts for the CVE-2019-0708 (bluekeep) vulnerability
exploit/windows/rdp/cve_2019_0708_bluekeep_rce  # Exploit bluekeep vulnerability (64 bit)
post/windows/manage/enable_rdp                  # Enabling RDP (post-exploitation)

Backlinks

  • No backlinks found