# RDP (Remote Desktop Protocol) Pentesting ## RDP (Remote Desktop Protocol) Pentesting RDP is a protocol that provides a user with a graphical interface to connect to another computer over a network connection. A default port is 3389. ### Enumeration ``` nmap --script rdp-enum-encryption -p 3389 nmap --script rdp-ntlm-info -p 3389 nmap --script rdp* -p 3389 ``` #### Brute Force Credentials ``` hydra -l username -P passwords.txt rdp hydra -L usernames.txt -p password rdp ``` ### Connect #### Remmina **Remmina** is a remote desktop client for POSIX-based computer operating systems. ``` remmina # -c: Connect given URI or file remmina -c rdp://username@vulnerable.com remmina -c rdp://domain\\username@vulnerable.com remmina -c rdp://username:password@vulnerable.com # --------------------------------------------------------------------------------- # Settings # Keyboard mapping 1. On Remmina client window, click menu icon and move to "Preferences". 2. Navigate to "RDP" tab and check "Use client keyboard mapping". 3. Reboot Remmina ``` #### FreeRDP ``` xfreerdp /u:username /v:10.0.0.1:3389 xfreerdp /u:username /p:password /cert:ignore /v:10.0.0.1 /workarea # Create a shared drive (/drive:LOCAL_DIR,SHARE_NAME) xfreerdp /u:username /p:password /drive:.,share /v:10.0.0.1 # Useful command for exploiting xfreerdp /v:10.0.0.1 /u:username /p:password +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share # -------------------------------------------------------------------------------- # On remote Windows # Access share directory in Command Prompt or PowerShell \\tsclient\\~share\ ``` #### Rdesktop ``` rdesktop -u username -p password 10.0.0.1:3389 ```