search
LinkedInGithub
githubEdit

RDP 3389

hashtag
RDP Enumeration and Scanning (Port 3389)

hashtag
Step 1: Define the Target IP

Replace <target_ip> with the actual IP address of the target.

# Define the target IP
export TARGET_IP="192.168.1.100"

hashtag
Step 2: Perform an Nmap Scan for RDP Services

hashtag
Basic Scan

nmap -p 3389 -sV --script rdp-* <target_ip>

Explanation:

  • -p 3389: Specifies the RDP port.

  • -sV: Detects the service version.

  • --script rdp-*: Runs Nmap scripts related to RDP.

hashtag
Common Nmap Scripts for RDP

  • rdp-enum-encryption: Enumerates supported RDP encryption methods.

  • rdp-vuln-ms12-020: Checks for MS12-020 vulnerability.

  • rdp-ntlm-info: Extracts NTLM information from the RDP service.

Example:

hashtag
Step 3: Test RDP Access Using Tools

hashtag
Rdesktop

  1. Install rdesktop:

  2. Connect to the RDP server:

hashtag
xFreeRDP

  1. Install xfreerdp:

  2. Connect to the RDP server:

hashtag
Step 4: Brute-Force RDP Credentials

hashtag
Hydra

  1. Use hydra to brute-force RDP credentials:

hashtag
Ncrack

  1. Use ncrack for credential brute-forcing:

hashtag
Step 5: Exploiting RDP Vulnerabilities

hashtag
BlueKeep (CVE-2019-0708)

  1. Check for BlueKeep vulnerability:

  2. Exploit using Metasploit:

hashtag
Step 6: Manual RDP Enumeration with Metasploit

  1. Launch Metasploit:

  2. Use the auxiliary module for RDP login enumeration:

  3. Enumerate NTLM Info:

hashtag
Notes

  • Default RDP credentials may be weak or guessable.

  • Document all findings during enumeration.

  • Ensure tools like hydra, ncrack, and freerdp are installed for effective scanning.

  • BlueKeep vulnerability requires specific conditions for exploitation; handle with caution.

PreviousR-Sync 873NextSMB 139,445

Last updated