🟢Remote Desktop - RDP

Abusing RDP to Move laterally inside a corporate environment. T1021.001 - Remote Desktop Protocol

ID: T1021.001 - Remote Desktop Protocol

Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.

Using Windows CMD Commands

Add User to Local Machine

// Some coded User

Add New User to Domain

// Some code

Using CrackMapExec

// Some code

Using Metasploit

// Some code

Using Empire

// Some code

Socks Over RDP / Socks Over Citrix

This tool adds the capability of a SOCKS proxy to Terminal Services (or Remote Desktop Services) and Citrix (XenApp/XenDesktop). It uses Dynamic Virtual Channel that enables us to communicate over an open RDP/Citrix connection without the need to open a new socket, connection or a port on a firewall.

GitHub - nccgroup/SocksOverRDP: Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktopGitHub

PreviousWSUS NextInternal Spearfishing

Last updated 10 months ago