Port 3389 | RDP
Enumeration
Nmap
Bruteforce
Brute forcing can easily lock user accounts. If possible enumerate the domain password policy before proceeding.
Hydra
Medusa
Connecting
Crackmapexec
Requires administrative privileges, enables RDP on the target host.
rdesktop
xfreerdp
Hijacking
This method is not stealthy and will disconnect a users active terminal service session. However, you will also be able to connect to a disconnected session which could be stealthier.
This method also requires privileges as SYSTEM on the terminal server host.
Mimikatz
Connect to the terminal services session.
Man-in-the-Middle
SETH can be used to perform Man-in-the-Middle attacks over RDP.
Last updated