TCP 3389: RDP

Remote Desktop Protocol is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.
-- Wikipedia

Brute force credentials

crowbar

crowbar -b -rdp -s <ip>/32 -u <user> -C <password-file> -n 1

Ncrack

ncrack -vv --user <user> -P <password-file> rdp://<ip>

Connect (authenticated)

Local user

xfreerdp /u:<user> /v:<ip> +clipboard

Domain user

xfreerdp /d:<domain> /u:<user> /v:<ip> +clipboard

Domain user (PtH)

xfreerdp /d:<domain> /u:<user> /pth:<nt-hash> /v:<ip> +clipboard

Exploits

BlueKeep - Wikipedia

PreviousTCP 3306: MySQL NextTCP 5985: WinRM

Last updated 2 years ago